Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:22 AM
Connect Directly

Cambridge Scientists Demonstrate Vulnerability of Chip Cards

Small device can trick terminals into authorizing card transactions without an accurate personal identification number.

Computer scientists in the U.K. have found a way to trick point-of-sale terminals into accepting virtually any made-up PIN to authorize a transaction made with a chip card. This is one more discouragement to the U.S. card industry, which has been slow to adopt chip cards for cost reasons.

A BBC Newsnight segment on the Cambridge work will air tonight at 10:30 but can be viewed here. The team have also authored a technical paper, "Chip and PIN is Broken."

According to the researchers, fraudsters can easily insert a "wedge" between the stolen card and terminal, which tricks the terminal into believing that the PIN was correctly verified. In fact, the fraudster can enter any PIN, and the transaction will be accepted. They have tested this attack against cards issued by most major U.K. banks and it has worked every time.

The researchers also say that victims of such attacks may have a difficult time being refunded by their bank. The receipt produced will state "Verified by PIN," and bank records will show that the correct PIN was used. Banks may then argue that the customer must have been negligent and had allowed the criminal to know their PIN. Such attacks do not require technical sophistication and can be carried out with equipment that can be easily hidden in a backpack, the academics say.

Comment  | 
Print  | 
More Insights
Register for Bank Systems & Technology Newsletters
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.