BluePink BluePink
XHost 		Servere virtuale de la 20 eur / luna. Servere dedicate de la 100 eur / luna - servicii de administrare si monitorizare incluse. Colocare servere si echipamente de la 75 eur / luna. Pentru detalii accesati site-ul BluePink.
CardGuide.co.uk
Card Guide Homepage
Compare Credit Cards
0% Balance Transfers
0% Credit Cards
Cash Back Credit Cards

CardGuide.co.ukSite Map
Balance Transfer Credit CardsBest Buy Credit Cards

Chip & Pin Not Full Proof

Research at Cambridge University has uncovered flaws in the Chip & Pin system, the card system designed to protect card holders against fraud. Researchers at the university have been able to demonstrate how a Chip & Pin terminal, used for reading a card’s data, can be compromised thus allowing fraudsters to steal a card’s sensitive data.

The terminals were thought to be tamper-proof, however, the researchers were able to open a terminal, replace the internal hardware with their own, and re-assemble it leaving no evidence that the terminal had been breached.

Saar Drimer, one of the researchers involved in the experiment, said: “ We demonstrated that with the new hardware, everything is under our control – the card reader, the LCD display and the keypad.”

This is a further blow to the system, brought in to replace the old magnetic strip cards, as it was launched as the card industries flagship to counter card fraud. Last March, the same research group at the University demonstrated a Chip-&-PIN terminal interceptor technology capable of listening in on the communication between the card and the terminal and then modifying the transaction.

Mr Drimer added: “ This means that the card reader can read information from the chip and display it on the screen. The data from the keypad, such as a Pin, can also be recorded.”

Creating fake terminals in order to ‘skim’ the information on a card, isn’t too difficult, requiring “moderate” technical knowledge, with the parts required readily available over the Internet.

“ The environment in which such a terminal would be placed will vary, but can be done potentially anywhere where strict mechanisms are not enforced to prevent it,” added Mr Drimer.

However, Sandra Quinn from APACS, the UK trade association for card payments, points out that while the research represents a hypothetical situation, it would be considerably more difficult to replicate in a retail environment.

“ What essentially the computer experts at Cambridge University have managed to do is take a terminal out of its natural environment and replace its innards and make it play a computer game,” said Quinn.

She added: “ Chip & Pin has been highly successful in fighting retail-based fraud, which fell 43% in the first half of 2006.”

Alisdair Milton
10th January 2007
Copyright © CardGuide.co.uk. All Rights Reserved