
Wednesday, March 23, 2011

Alarming News About Chip and PIN (Being Broken Again)

Here's why I say again...
Chip and PIN is Broken say Researchers
(from Finextra at 22-3-2011)
In a presentation at the CanSecWest security conference earlier this month, the researchers from InversePath declared that chip and PIN is "definitely broken" and skimming will become "extremely appealing" to fraudsters.  
The group built a prototype skimming device which it says can be easily installed at any POS terminals or ATMs, is virtually impossible to spot and uses the machines to power itself. EMV cards talk to payment terminals via application protocol data unit (APDU) messages for reading records and issuing commands. InversePath says skimmers can intercept and read every part of the terminal-ICC exchange.  Crooks can then download the data with a special card recognised by the skimmer and use it to perform online transactions that do not require users to give the CVV numbers on the back of their cards.
Download the document from Finextra now2 mb (PDF File)

Enhanced by Zemanta