Cambridge University researchers have published results of successful attempts to obtain personal details from chip and PIN terminals
Cambridge University researchers have published results of successful attempts to obtain personal identification number (PIN) and credit card details from chip and PIN terminals.
Security firm GrIDsure argues that the public and industry must remain realistic about the threats.
Steve Howes, chief executive of GrIDsure, commented: “The Cambridge University researchers should be applauded for highlighting the vulnerabilities of Chip and PIN to the public, making them more aware of its potential dangers, whilst also reopening the debate within the industry. However, we should not get too carried away, and must look sensibly at the most common threats out there today.”
“It is time we stopped looking for the nirvana to end fraud once and for all, and instead concentrate on making practical and incremental improvements to tighten security.
Steve Howes, chief executive of GrIDsure
He added: ‘At present, very few fraudsters are using the same technique demonstrated by the Cambridge researchers as there are other far easier and more cost effective methods available to them. Fraud on the UK's high streets has reduced since Chip and PIN was introduced, although the same cannot be said for online fraud and so called 'fraud abroad'. There will always be vulnerabilities with authentication systems, but no matter what you do to strengthen the POS terminal you will not overcome the basic problem of people shoulder surfing a static PIN number.’
‘Systems exist now that are more secure than current Chip and PIN methods and yet easier for the public to use,” continued Howes. “It is time we stopped looking for the nirvana to end fraud once and for all, and instead concentrate on making practical and incremental improvements to tighten security – starting by addressing the static PIN number – which can cut down on fraud immediately.’
No comments yet