Researchers at Cambridge University Computer Laboratory, have shown that Chip & Pin machines are not as secure as the banking industry claims.
Researchers have said that two widely deployed models fail to protect customers' card details and Pins adequately.
Disclosures on the alleged weaknesses in the security of the systems are due to be made on BBC 2's Newsnight this evening (26 February 2008).
Fraudsters, say the researchers, can easily attach to the Pin entry device a "tap" that records Pin and account details as they are transmitted between the card and the Pin pad. Armed with this information, fraudsters can create a counterfeit card and withdraw cash from ATMs abroad.
One of the researchers, Steven Murdoch says, "We have successfully demonstrated this attack, on a real terminal borrowed from a merchant."
The researchers also question the system under which bank terminals are certified.
Ross Anderson, professor of Security Engineering at Cambridge, says that the weaknesses exposed by Cambridge researchers apply to other equipment such as voting machines to electronic medical record systems. He said, "Where the public are forced to rely on the security of a system, we need honest security evaluations that are published and subjected to peer review."
Chip and pin flaws - are security evaluations robust? >>