On Tuesday 28 December, 2010 the Independent Newspaper ran an eye-opening story concerning certain inherent weaknesses with UK ‘chip and pin’ banking. Their news item by Richard Garner, Education Editor proved so sensational that shock waves are still being felt across the industry even today!
Far from offering customers added security, it now transpires that ‘chip and pin’ may have been launched despite serious flaws with this system of making electronic payments. Whilst this development does not concern RFID / ‘contactless’ technology as such, nonetheless some readers may choose to draw parallels with the banking sectors’ insistence (at the time) that their new technology was 100% foolproof.
Here’s what happened – as far as we’re aware…
In short, the UK Cards Association (representing all major credit, debit and charge card issuers in Britain) discovered that a Cambridge University PhD student named Omar Choudary had published a remarkable thesis online. His student text identified vulnerabilities with the UK ‘chip-and-pin’ system, weaknesses that can be easily exploited by fraudsters.
Needless to say, the UK Cards Association approached Cambridge University asking it to remove hyper-links to Choudary’s thesis and take action to remove this work from the public domain. However, the University delivered a swift rebuttal; accusing the banksters representative body of “bullying” and “censorship”.
The UK Cards Association Chair, Melanie Johnson insisted that Choudary’s PhD thesis , “…over steps the boundaries of what constitutes reasonable disclosure by giving too much detail on how the chip-and-pin system could be breached.”
Although a University spokesperson responded saying, “…you seem to think that we might censor a student’s thesis – which is lawful and already in the public domain – simply because a powerful interest group finds it inconvenient”.
The University denies that the student thesis encourages fraud by, “…giving details of a blueprint for a device which is alleged to exploit a loophole in the security of chip-and-pin technology.”
The rebuttal concluded with the following statement, “…you complain that the work may undermine public confidence in the payments system. What will support confidence in the payments system is evidence that the banks are frank and honest in admitting weaknesses when they are exposed and diligent in affecting the necessary remedies.”
So to conclude, it could be reasonably argued that the banking community will spin this story to their advantage; perhaps even suggesting that in switching from ‘chip and pin’ to ‘contactless’ payments systems this particular security problem will be overcome. Overcome that is until news reaches UK shores of how RFID skimming is now a major issue for American credit card users.
Learn how to prevent credit card, e-passport and access pass ”skimming’ at:
Richard Garners’ full expose can be found at:
And the full response from Cambridge University can be read here: