Lawsuit casts doubt over safety of chip and PIN
- Reduce text size Decrease text size
- Increase text size Increase text size
- Print article Print
- Jump to comments Comment
- Share this article Share
- Email article to a friend Email
A well-placed source at a major high street bank told Information Age that banks have...
Further doubt has been cast over the safety of the chip and PIN payment card authentication system following the revelation that a Halifax customer is to sue the high-street bank for losses incurred at the hands of ATM fraudsters, reports The Guardian.
Football coach Alan Job claims criminals were able to withdraw £2,100 from his Halifax bank account via a range of ATMs, after having successfully cloned his chip and PIN card. Job claims he was in possession of his card at the time of the withdrawals and that the fraudsters could not have gained knowledge of his PIN.
Halifax claims that whoever was responsible for taking the money would have to have had access to both Job’s card and PIN.
Domestic card fraud levels dropped by 25% following the 2006 mandatory roll-out of chip and PIN in the UK. The two-factor authentication system, which requires the use of ‘something you have’ (the card) and ‘something you know’ (the PIN), eliminates the risks associated with ‘skimming’, by which card information stored on the magnetic strip can be copied.
Chip and PIN cards still contain a magnetic strip, but this is accompanied by an embedded microchip unique to the card which holds the card’s PIN. The PIN typed in by the customer is verified against the PIN stored on the card’s chip in order to authenticate the transaction.
Fraudsters have however managed to successfully circumvent the system by using cloned cards in foreign countries where chip and PIN has not yet been introduced and magnetic strips are still in use.
Mike Bond, former security researcher at Cambridge University, told The Guardian that there are also several ways by which to ‘fool’ the chip and PIN technology, although many of these methods are believed by experts to be too costly and time-consuming to serve as a feasible function of large-scale card fraud.
A well-placed source at a major high street bank told Information Age that banks have long known of the problems regarding chip and PIN technology and are aware of the methods by which the system can be compromised.
In 2007, the Cambridge University research team successfully hacked a supposedly tamper-proof point of sale card reader, in what was regarded a significant compromise of the chip and PIN technology.
Further reading
Norwich Union fined for ID theft
Lord Erroll: HMRC breach a "godsend"
McAfee: Cyber-espionage resource drain
MI5: E-espionage resource drain
HMRC breach sparks finance fears
Find more stories in the Security & Continuity Briefing Room
