ATM Security Weaknesses Publicised Again

I see that Cambridge University have hit the news again with claims of flaws in Chip and PIN reader technology.

All commercial systems have security weaknesses. They are a compromise between cost and potential losses. We don’t always get it right. Sometimes we spend too much, sometimes too little. What counts is whether the weaknesses actually lead to losses, and there’s no evidence that any attacks of this nature are being mounted or contemplated.

But regardless of that, it’s irresponsible to publicise weaknesses that cannot be readily addressed in systems affecting millions of customers.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Totally agree. The media are willing enough to hype things up (earthquake in London, anyone?!) and over stress for affect (and effect!) and then we have more confused and worried users which is not helping in the space. Good pick up / comment, thanks David!
I am sure the fact that Chip & PIN was just a means of shifting finacial responsibility for any losses from the banks to the merchants and was seriously flawed from the outset (I said so at the time is was being considered) is already well known by those involved in this type of mal-practice. The public has a right to know if they are being conned into thinking otherwise.
Chip and Pin is great for the High Street retail business, but the banks were not ready in time for this to impact and push the fraudsters online, where they still have their way most of the time, with pc's being largely unprotected against trojan etc.
You wrote: "But regardless of that, it’s irresponsible to publicise weaknesses that cannot be readily addressed in systems affecting millions of customers." Nonsense. Every indovidual has at least two ways of mitigating the risk presented by C&P cards: 1. Stop using bank cards altogether. It may be radical, but it's certainly possible. 2. More practically, stop using Chip-and-PIN cards, and switch to Chip-and-Signature. All the banks can issue C&S cards, although they like to pretnd that they're only for the disabled. I have three credit cards, none of which is a C&P card. Two are issued in the USA, but usable here without problems. One is a Chip-and-Signature card issued by a high-street building society. Quoting Sandra Quinn (APACS): "If you’re an overseas customer into the UK, you know big shops in Oxford Street aren’t going to be turning away American customers over the next few weeks; they’re still going to be allowed to sign. And the other option of course is the Chip and Signature card, which a lot of disabled customers hold, and that means again you’ll be able to sign. The technology ensures that will happen." See: I strongly suggest that any reader with a C&P credit card 'phones their bank today and demands a C&S card.
Just yesterday I saw this movie with Sandra Bullock "The Net" where dramatically is shown to where our dependence of computers can lead. But Fraud and crimes can´t be avoided by switching to a C&S card, because signatures can be faked more easily than to capture a PIN.
If you are using a drive-up ATM, get your vehicle as close to the machine as possible to prevent anyone from coming up to your window. Also make sure that your doors are locked before you drive up to the machine...