MoneySavingExpert.com homepage
Cutting your costs, fighting your corner
Chair, Martin Lewis · Editor, Marcus Herbert
Search bar closed.
MSE News

Chip and PIN fraud danger uncovered

creditcardpayment
Press Association
Press Association
Editor
12 February 2010

A team of computer researchers claim they had uncovered flaws in the chip and PIN system which are being exploited by fraudsters to use stolen cards.

The group from the University of Cambridge's Computer Laboratory found criminals can insert a "wedge" between the card and terminal, tricking it into believing the PIN was correctly verified.

In fact, any PIN can be used for the transaction to go through. The card thinks it is authorised by signature (see the ID Fraud and Stay Safe Online guides).

Dr Steven Murdoch says: "We have tested this attack against cards issued by most major UK banks. All have been found to be vulnerable."

The discovery is likely to place question marks over the existing chip and PIN design and its security.

Victims of this fraud may encounter problems obtaining refunds from their banks as the receipt produced states "Verified by PIN".

Professor Ross Anderson says: "Over the past five years, thousands of cardholders have had stolen chip and PIN cards used by criminals. The banks often tell customers that their PIN was used and so it's their fault.

"Yet we've shown that it's easy to use a card without knowing the PIN - and the receipt will say the transaction was 'Verified by PIN' even though it wasn't.

"This is not just a failure of bank technology, it's a failure of bank regulation. The Ombudsman supported the banks and the regulators have refused to do anything. They were just too eager to believe the banks."

The UK Cards Association has dismissed the claim, saying that while the research shows it is possible in theory, this does not mean it is possible in reality.

A spokeswoman says: "We believe this complicated method will never present a real threat.

"It requires possession of a customer's card and unfortunately there are much simpler ways to commit fraud under these circumstances at much less risk to the criminal."

Further reading/Key links

Prevent fraud: ID Fraud, Stay Safe Online

Chip and PIN fraud danger uncovered

Forum image
MSE Email 3 September 2024

For all the latest deals, guides and loopholes simply sign up today - it’s spam free!

Martin: Slash credit card interest
Including top 0% deals
Urgent Winter Fuel plea
For pensioners
Cheap energy disappearing
Fix fast to beat rise?
Fly for a fiver?
Faro, Corfu & Split
5.25% savings
With top notice account
Last chance to join diesel lawsuits
For Nissan, Renault & Vauxhall
Ending. Sky Stream + Netflix
'£18 a month'
Tools and calculators

Clever ways to calculate your finances

Find your odds of getting top cards
Find your odds for getting a cheap loan
Compare broadband, phone & TV deals
Compares thousands of mortgages
Eight calcs to help you work out the cost
We ensure you’re on the cheapest tariff