Cambridge researchers demonstrate chip and Pin insecurity


Cambridge researchers demonstrate chip and Pin insecurity

Antony Savvas

Cambridge University researchers have demonstrated how chip and Pin terminals can be potentially opened by criminals to run their own applications to conduct fraud.

The researchers have posted their demonstration on the YouTube website, but instead of collecting credit card numbers from the chip and Pin device they ran the Tetris game instead.

Security researchers Steven Murdoch and Saar Drimer managed to run the game by replacing most of the terminal’s internal electronics.

The researchers said that chip and Pin terminals could so far only ensure that communications links to banks were cancelled when opened. They could not prevent fraudsters opening them and collecting card numbers and Pins from customers with their own hardware and software.

Last year, a number of petrol stations in the UK were targeted by fraudsters using  chip and Pin terminals.

Payment clearing association Apacs said chip and Pin terminals were tamper resistant, not tamper proof.

Apacs says Chip and Pin has substantially cut retail fraud.

Read article: Chip and Pin cuts fraud

Shell suspends chip and Pin payments following fraud

Shell investigates chip and Pin fraud

Comment on this article:

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy