Research from the Computer Laboratory at the University of Cambridge suggests that “Chip and PIN” cards may not be as safe as previously thought.
New PIN-entry devices available at supermarkets, service stations and other outlets are causing concern because they can be programmed by a fraudster to capture all the information needed to clone a chip and PIN card, as well as the customer’s PIN number.
There is no evidence to suggest the problem is widespread but the manufacturers of the new terminals have failed to build encryption technology into the PIN-entry devices.
This means that information can be passed between the card and the device unprotected.
Commenting on the research, APACS, the UK payments association, said: “We’re not denying that this type of fraud is achievable, but there are much easier ways of carrying out the same type of fraud, including skimming cards and capturing the PIN using a pin-hole camera, and that’s what we’re focused on.”
Chip and PIN was introduced as a means of reducing card fraud, particularly “skimming”, where an unscrupulous retailer copies the information contained in the magnetic strip to allow the card to be cloned.
The University of Cambridge researchers would like all credit and debit cards to contain technology known as ICVV, which is designed to alert a retailer or bank if a cloned version of the card is being used.