Chip and pin credit card weakness exposed by Cambridge researchers

By Dyenamic Solitions - Last updated: Monday, September 17, 2012 - Save & Share - One Comment

Chip and pin credit card payment machines could effectively be cloned by exploiting a security flaw claim researchers.Chip and pin credit card weakness exposed by Cambridge researchersCredit cards were found to be open to a form of cloning, despite past assurances from banks that chip and pin could not be compromised.

Poor implementation of cryptography methods were behind the flaw, researchers said.

They accused some banks of “systematically” suppressing information about the vulnerabilities.

The team’s research was presented at a cryptography conference in Leuven, Belgium.

The paper said despite chip and pin being in use for over a decade, it was only recently “starting to come under proper scrutiny from academics, media and industry alike”.

Each time a customer is involved in a chip and pin transaction- be it withdrawing cash or purchasing goods in a shop, a unique “unpredictable number” is created to authenticate the transaction.

The unpredictable number (UN), generated by software within cash points and other similar equipment, is supposed to be chosen at random.

But researchers discovered that in many cases lacklustre equipment meant the number was highly predictable, because dates or timestamps had been used.

“If you can predict the UN, you can record everything you need from momentary access to a chip card to play it back and impersonate the card at a future date and location,” said researcher Mike Bond in a blog post.

“You can as good as clone the chip. It’s called a pre-play attack.”

The researchers said they had been in contact with leading banks to detail the risks, but some had been “explicitly aware of the problem for a number of years”.

“The extent and size of the problem was a surprise to some,” the report said.  “Others reported already being suspicious of the strength of unpredictable numbers.”

The paper added: “If those assertions are true, it is further evidence that banks systematically suppress information about known vulnerabilities, with the result that fraud victims continue to be denied refunds.”

The team called for greater scrutiny from financial authorities into the security systems in use by banks.

Chip and pin is the leading processing and authentication method for credit and debit card payments, with many more than a billion cards in use worldwide.

Believed to be far more secure than previous technology, such as a magnetic strip, adoption of chip and pin had led to banks becoming more aggressive when dealing with compensation claims, the researchers said.

Posted in Computers- news and reviews by Dynamic Solutions, Customer Services, Data Protection, Dyenamic Solutions, Online Banking, Payment Systems, Technology Companies, Uncategorized • Tags: , , , , , , Top Of Page

One Response to “Chip and pin credit card weakness exposed by Cambridge researchers”

Pingback from Loans Calculators » Chip and pin credit card weakness exposed
Time October 8, 2012 at 3:32 pm

[…] Share and […]