'Chip and Pin' banking is flawed - pure gold!On Tuesday 28 December, 2010 the Independent Newspaper ran an eye-opening story concerning certain inherent weaknesses with UK ‘chip and pin’ banking.  Their news item by Richard Garner, Education Editor proved so sensational that shock waves are still being felt across the industry even today!

Far from offering customers added security, it now transpires that ‘chip and pin’ may have been launched despite serious flaws with this system of making electronic payments.  Whilst this development does not concern RFID / ‘contactless’ technology as such, nonetheless  some readers may choose to draw parallels with the banking sectors’ insistence (at the time) that their new technology was 100% foolproof.

Here’s what happened – as far as we’re aware…

In short, the UK Cards Association (representing all major credit, debit and charge card issuers in Britain) discovered that a Cambridge University PhD student named Omar Choudary had published a remarkable thesis online.  His student text identified vulnerabilities with the UK ‘chip-and-pin’ system, weaknesses that can be easily exploited by fraudsters.

Needless to say, the UK Cards Association approached Cambridge University asking it to remove hyper-links to Choudary’s thesis and take action to remove this work from the public domain.  However, the University delivered a swift rebuttal; accusing the banksters representative body of “bullying” and “censorship”.

The UK Cards Association Chair, Melanie Johnson insisted that Choudary’s  PhD thesis , “…over steps the boundaries of what constitutes reasonable disclosure by giving too much detail on how the chip-and-pin system could be breached.”

Although a University spokesperson responded saying, “…you seem to think that we might censor a student’s thesis – which is lawful and already in the public domain – simply because a powerful interest group finds it inconvenient”.

The University denies that the student thesis encourages fraud by,  “…giving details of a blueprint for a device which is alleged to exploit a loophole in the security of chip-and-pin technology.”

The rebuttal concluded with the following statement,  “…you complain that the work may undermine public confidence in the payments system.  What will support confidence in the payments system is evidence that the banks are frank and honest in admitting weaknesses when they are exposed and diligent in affecting the necessary remedies.”

So to conclude, it could be reasonably argued that the banking community will spin this story to their advantage; perhaps even suggesting that in switching from ‘chip and pin’ to  ‘contactless’ payments systems this particular security problem will be overcome.   Overcome that is until news reaches UK shores of how RFID skimming is now a major issue for American credit card users.

Learn how to prevent credit card, e-passport and access pass ”skimming’ at:

http:www.rfidprotect.co.uk

Richard Garners’ full expose can be found at:

http://www.independent.co.uk/news/education/education-news/

And the full response from Cambridge University can be read here:

http://www.cl.cam.ac.uk/~rja14/Papers/

On Tuesday 28 December, 2010 the Independent Newspaper ran an eye-opening story concerning certain inherent weaknesses with ‘chip and pin’ banking.

This news item by Richard Garner, Education Editor proved so sensational that shock waves are still being felt across the industry even today. Far from offering customers added security, it now transpires that ‘chip and pin’ may have been launched despite serious flaws with this system of making electronic payments. Whilst this development does not concern RFID / ‘contactless’ technology some readers may chose to draw parallels with the banking sectors insistence that their new technology is 100% foolproof – until there’s a problem, and then the default reaction is to try and silence any dissenting voices.

Here’s what happened – as far as we’re aware.

In short, the UK Cards Association(representing all major credit, debit and charge card issuers in Britain) discovered that Cambridge University PHD student Omar Choudary had published a remarkable thesis online. His student text identifies vulnerabilities with the ‘chip-and-pin’ system that can be easily exploited by fraudsters.

Needless to say, the UK Cards Association approached Cambridge university asking it to remove hyper-links to Choudary’s thesis. However, the University delivered a swift rebuttal; accusing the ‘banksters’ representative of bullying and censorship.

The UK Cards Association Chair, Melanie Johnson insisted that Choudary’s PHD thesis , “..oversteps the boundaries of what constitutes reasonable disclosure by giving too much detail on how the chip-and-pin system could be breached.”

Although a University spokesperson responded saying, “…you seem to think that we might censor a student’s thesis – which is lawful and already in the public domain – simply because a powerful interest group finds it inconvenient,”

The University denies that the student thesis encourages fraud by, “…giving details of a blueprint for a device which is alleged to exploit a loophole in the security of chip-and-pin technology.”

The rebuttal concluded with the following statement, “You complain that the work may undermine public confidence in the payments system. What will support confidence in the payments system is evidence that the banks are frank and honest in admitting weaknesses when they are exposed, and diligent in affecting the necessary remedies.”

Richard Garner’s full expose can be found at:

http://www.independent.co.uk/news/education/education-news/banks-attempt-to-suppress-maths-students-expos233-of-chip-and-pin-2170396.html

Advertisements
Comments
  1. rizwan mushtaq says:

    Appreciate your work….

  2. Mir Taimoor says:

    Woo great work…

  3. Unbranded, anti-skimming, RFID blocking, credit card sleeves – at last there’s a UK supplier!!! Ultra cheapo price for a bumper pack of five sleeves.

    http://www.ebay.co.uk/

  4. Bottle Les Angles says:

    Great blog! I truly love how it’s easy on my eyes and the details are well written. I am wondering how I could be notified whenever a new post has been made. I have subscribed to your rss feed which ought to do the trick! Have a nice day!

  5. Contactless says:

    Welcome ‘Bottle Les Angles’! If you want to stay informed the moment a new post is added to my blog, then simply click on the “Sign Me Up” button – (left hand menu), nothing could be easier!

  6. dinefraudfree says:

    Interesting story. Great stuff. Keep up the work.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s