Cambridge researchers demonstrate chip and Pin insecurity

Cambridge University researchers have demonstrated how chip and Pin terminals can be potentially opened by criminals to run their own applications to conduct fraud.

Cambridge University researchers have demonstrated how chip and Pin terminals can be potentially opened by criminals to run their own applications to conduct fraud.

The researchers have posted their demonstration on the YouTube website, but instead of collecting credit card numbers from the chip and Pin device they ran the Tetris game instead.

Security researchers Steven Murdoch and Saar Drimer managed to run the game by replacing most of the terminal’s internal electronics.

The researchers said that chip and Pin terminals could so far only ensure that communications links to banks were cancelled when opened. They could not prevent fraudsters opening them and collecting card numbers and Pins from customers with their own hardware and software.

Last year, a number of petrol stations in the UK were targeted by fraudsters using  chip and Pin terminals.

Payment clearing association Apacs said chip and Pin terminals were tamper resistant, not tamper proof.

Apacs says Chip and Pin has substantially cut retail fraud.

Read article: Chip and Pin cuts fraud

Shell suspends chip and Pin payments following fraud

Shell investigates chip and Pin fraud

Comment on this article:

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.