Chip and PIN Cambridge Research Slammed as "Alarmist"

Chip and PIN Research Slammed...as "Alarmist"

Chip and PIN research slammed as ‘alarmist’



Industry analysts have defended the benefits

of chip and PIN payments security after computer scientists at the UK’s University of Cambridge announced they had discovered a flaw in the PIN verification feature of the EMV protocol.



Acccording to the scientists, a man-in-the-middle device can intercept and modify the communications between a payment card and the POS terminal, and then trick the terminal into believing that PIN verification has succeeded. In a draft paper entitled ‘Chip and PIN is Broken’, the scientists said: “A dummy PIN must be entered, but the attack allows any one to be accepted.”



The report added: “Attacks such as this could help explain the many cases in which a card has supposedly been used with the PIN, despite the customer being adamant that they have not divulged it.”



Gareth Wokes, chairman of The Logic Group, which manages information and transactions for businesses, described the Cambridge research as “alarmist”.

Why do we still type our numbers into boxes at web checkout?

Wokes said: “To position this as an overall failure of chip and PIN is misleading and counter-productive to the industry’s efforts against fraud. Chip and PIN successfully addressed the issue that it was created to address: that the person making a transaction is who they say they are. As such, a year after chip and PIN was introduced, card fraud dropped by 48 percent.”



He added that fraudsters have since moved on to e-commerce fraud, where chip and PIN technology is irrelevant, Editor's Note:  "irrelevant" ONLY because we still conduct online transactions as if we live in the stone ages, i.e. typing Primary Account Numbers into boxes at website merchant checkouts worldwide.  which is why fraud figures have subsequently begun to increase.









Continue Reading at Lafferty

Related articles by Zemanta

• European Payment Cards Security Problem (ghacks.net)


• Chip and pin card readers fundamentally flawed (telegraph.co.uk)


• Researchers warn of chip and PIN flaws (v3.co.uk)


• Card payment verification has "major" security loophole (geeksaresexy.net)


• Chip-PIN defense is 'broken,' say researchers (news.cnet.com)


• Researchers find huge weakness in European payment cards (computerworld.com)


• Cambridge University finds credit card security flaw, uses the money for beer pong supplies (video) (engadget.com)


• Warning Over Wedge That Tricks Stolen Cards (news.sky.com)


• Chip and PIN security busted (go.theregister.com)


• Chip-and-PIN is broken (boingboing.net)


• Threat to Chip and PIN Terminals (pindebit.blogspot.com)


• Chip and PIN is Broken: Cambridge's Ross Anderson Comments (pindebit.blogspot.com)


• Cambridge Exposes Flaw in Barclays PINSentry Device (pindebit.blogspot.com)


• Customers 'Blamed for Card Fraud' by Bank (pindebit.blogspot.com)


• Todos Addresses Cambridge University Research Concerned with eCommerce Security (pindebit.blogspot.com)


• Flaw Calls Entire Architecture of Chip and PIN Into Question - Video Report (pindebit.blogspot.com)


• U.K. Card Fraud Report (pindebit.blogspot.com)