New flaws in chip and pin system revealed

THE REAL MEANING OF 'FOOL PROOF'

Chinooks that hit islands, fly by wire planes that go down instead of up.

The problem is not really imperfection itself, it is fools and knaves who declare THEIR system IS perfect, after it goes wrong. A claim of perfection should be no defence - even an OFFENCE in itself.

We were told by politicians and the banks that chip and pin was watertight. A huge expensive advertising campaign was used to promote this misleading message. How many people know that a transaction can be completed at the terminal, with the chip and pin card in the slot, without entering the pin? I had a retailer override my incorrect PIN entry to complete the transaction. If the card had been used fraudulently I probaly would have had my money returned. However, that would happen only after a lot of serious hassle and the involvement of Police. When I complained to the bank about the lack of security they couldn't be bothered. I accept that the system may never be perfect but with sloppy attitudes from retailers and banks the dishonest will always have the upper hand.

Yes, it is concerning that there is a security hole in the chip and PIN operation - especially one that is such a straight forwards workaround, however the system is still far more secure than signatures given that most cashier operators do not check properly, a practice condoned by their employers in their failure to crack down on it.

However, given that this relies on the authorised by signature loop hole - why not just put an end to signature checking altogether. People will complain 'they can't always remember their PIN code', well if they had no choice they would be forced to remember 4 digits in order.

If that is still unacceptable, give those of us who can remember our PIN codes the option to disable to the approved by signature (or preferably, those who want to be able to use their signature have to apply for a card that allows it)

Regardless of all this, as long as there are criminals there will never be a perfectly safe system. What we have is more secure than what went before, the technology to beat it has just moved forwards too.

I had some fraudulent activity on a card through one of the online betting companies. When I queried it, I was told that I must have been there because it was pin verified. When I questioned how I could be present for an online purchase, the money was credited to my card. This was a couple of years ago suggesting that this scam may have been round for a while.

But surely this means the crook will still have to steal your card first before he can steal your money, right?

Security among the banks that run credit and debit cards is a disgrace. I recently had my account emptied by a travel agency in Barcelona. When I contacted them they told me that some travel agencies don't even have to confirm the pin number or expiry date to take money. I was left unable to buy petrol to get to work until Barclays refunded the money. And the bank made it clear that they didn't see this as a problem.
We are powerless to do anything as we really don't have any alternative. All I can do is check my balance a lot more regularly than I did before.

And what evidence is there this has not been happening already?

This comment was removed because the moderators found it broke the house rules. Explain.

Why is anyone surprised?

Did you really think that any bank would invest lots of money in testing its systems adequately to find the flaw?

They will do put such money into something when the problem stops becoming an irritation to customers and becomes a threat to shareholder dividends or CEO's bonus payments.

So the fake card has to be connecteced with wires to the stolen card in the backpack.

Hmmmm

1)you have to physically steal my card
2)I have to not realise it is missing and have it cancelled
3)The guy in the shop has to not notice that there are wires attached to my card

All this is possible but come on it's a number game here. Would we rather banks spent tiem and money fixing this relatively low probability situation or trying to solve the massive problem of card not present fraud? I know where I'd ask them to concentrate.

I have heard rumours of a so-called "magic card", that simply extracts money from a random account, whether during a purchase or from a cashpoint. Obviously, it doesn't always work, as the criminal can never know if there are sufficient funds in the account the card has selected, but if unsuccessful, he simply goes to another store/cashpoint and tries again.

I think the lesson is though, that the people who insist any system is foolproof are the fools. If there's money around, someone will try and steal it. They always have, and they always will.

You must remember that the banks etc. used the cheapest chip and pin system when they decided to instil it on us

. . . So don't PIN your hopes on this system! ;-)

This comment was removed because the moderators found it broke the house rules. Explain.

So this is an almost exact implementation of the cash machine scene from Terminator 2 when the annoying kid slides a cash card in to an ATM and a box of tricks provides the PIN.
Except now we just provide the ACK for a PIN....

EVEN ON THE NEWSNIGHT BLOG? (#8)

Some joker posted this in your name Matt. To stoop so low!

"There is no such thing as a "PIN Number", it's a PIN, not a Personal Identification Number Number!"

Not really a major flaw if it only works with a laptop & wires and requires the the card reader to be a bottom insert not top.
Why not just ask shop assistants to be a bit more cautious when approached by customers carrying backpacks with card in hand. Should be a simple temp solution while they work on recoding.

Funnily enough, I was wondering if the system was a bit dodgy a few weeks ago.....
Ever noticed how the machine KNOWS at once if your PIN is ok or not? It just waits for the verification code.... If the whole 4 digit PIN is just stored on the card.... we are all in trouble!!!!

In Spain when you purchase items with your card you must also produce your ID, (Passport or National ID Card). Surely this is more secure than chip and pin or just a signature. It would be interesting to see whether their level of card fraud is less than the UK.

Right, well done Cambridge, but, this fraud will only work on card reader you insert into the base off, and if the person loosing the card hasn't reported it missing yet. That leaves thieves with very small options really, find shops with the right sort of card readers, selling the right sort of things to buy, in the same town as the card looser and bearing that in mind, unless its a gold/black/platinum AmEx any purchase is likely to have a spend limit on it. If it was my card, a standard debit card, the bank authorizes amounts and if I only have £50 then thats all I get to spend (or a crook gets to pinch!)
I suggest that all cards debit and credit should have a daily limit on them unless by prior arrangement with the bank/lender, that should minimize the risk.
Having said all that, I lost my card before Christmas, I didn't report it until after wards because I was certain which shop I left it in, when I went back, it wasn't there.I had it stopped immediately. I have learnt since then not to assume I know where anything is in future, and make sure I actually know.
I wonder now though, having seen that, how long it will be before they can do it remotely without a wire attached? Personally now its time to see all readers top loaders and within a height that leaves a clear gap between all people present.

Doesn't everyone find it extraordinary that the banks want to get rid of the cheque so that we all have to use their insecure chip and pin system? Time, I think, to get the banks to think again and to retain the cheque for the forseeable future so that we all have the choice of using a far more secure system for making face to face payments backed by a cheque guarantee card.

I always try to pay by cheque or cash and never use a cash machine.

Ben (6:06pm): "However, given that this relies on the authorised by signature loop hole" - it doesn't, so far as I can tell. The story makes no mention of this being involved at all. The transaction is recorded as being authorized by PIN.

Jona (6:57pm): "So the fake card has to be connecteced with wires to the stolen card in the backpack."

No, it doesn't. The researchers used wires because they're cheap and simple to deal with. This was a proof-of-concept execution, they weren't actually trying to fool anyone, so there was no need to deal with the extra effort involved in setting up wireless communication from the fake card to the exploit rig in the backpack. There's probably no technical reason it couldn't be done wirelessly, though, and that's how you'd set up the connection if you actually wanted to use this exploit in the real world.

Yes, you have to steal the card before you can perform this attack. But the whole point of the chip-and-PIN system is supposed to be that your money can't be stolen even if your card is. If we didn't care about that, then there'd be no need to have PINs in the first place, all transactions would just be authorized as soon as the card was presented. It's called 'two-factor authentication' - something you have (the card), something you know (the PIN).

This is minor in comparison with the fact that you are entering your secret, your PIN, into what is effectively an untrusted device. Who knows what's in that little box the cashier hands you? They're not all the same. Some of them even have magnetic stripe readers so can gain a lot of information.

Then again, whenever you shop online you give out enough information for someone at the web site to use your card elsewhere. Some web sites have started asking for date of birth too. I refuse to shop at them, because that is becoming enough information for identity fraud.

What's needed is some form of one-time security device. PayPal have an interesting idea with their text messages to your registered phone so you need both password and phone to buy something.

Some say the attack mentioned here is not a problem because of the wires. This does not account for the attack being carried out by the shop staff, or a future implementation that does not need wires. The fact that the system is vulnerable to the "Man in the Middle" attack is the problem.

Whilst we are discussing the security of chip and pin cards does anyone know how secure the contactless cards are. Payments of up to £10 can be taken from a card by swiping it near a card reader. Is it possible an unscrupulous person carrying a portable reader could swipe it near your back pocket or handbag and extract funds. Even at less than £10 a time it could mount up to a considerably worthwhile sum after a day's swiping.

Well done the Beeb for even rudimentarily pointing out how credit card fraud can be achieved!

Why don't you tell us a bit more about Anthropogenic Global Warming and how that science works?

Can anyone here suggest an organisation that would be interested in hearing about a solution to combat credit card fraud? My solution relates to an existing device that will, with a little tweaking prevent credit card fraud at both POS and CNP transactions. This device is widely available and could completely replace the chip and pin, but as yet, has not been applied to this area of security. Any suggestions would be most appreciated?

It is also worth pointing out that many countries outside of Europe do not have full chip and pin facilities. In South Africa for example, a debit card is often simply processed as a credit card so there is no requirement to enter a pin number, a signature is all that is required. Please bear this in mind when attending the World Cup and take care!!

Why not use cash?
Then there is no identity theft, no one using your card.

and after all we (as tax payers) have given the banks, they are still happy to let us be ripped off by thieves.
They don't care if we lose a couple of hundred £ a month, as long s they get their £38 a month for us going overdrawn.
The whole system is geared towards the banks amking money and putting one over the little person.
Chip & pin?
More like Chip & hope

FEZZER SOLUTION (#26)

Possibly. Find my website and email or the Blog dog will come out of that kennel so fast . . .

This isn't that big an issue, yes it needs to be fixed, but if someone wants to steal from you, they will. There are millions of holes in microsoft (windows xp etc) software yet it's never in the news, it's miles easier to get into someones computer and steal their data and no-one would even know you were there. As it stands if someone steals your card they have all the details they need to shop online with it. All they have to do is send it to an address they have rented, max it out then move on. Chip and pin obviously wasn't "water tight" it's 4 digits long, i mean come on! Also i love how the beeb tells people how to do these things, it's great.

@ WhiteHeath

There's no ID theft there you're right, just normal good old face to face theft. Criminals get so impersonal don't they?

4 digits is ridiculously short - only 10,000 options and you aren't allowed 1234 or 1111 etc so it's much less than that.

People should have the option to have up to 10 digits and the machine should ask for a different 3 of the digits each time.

And the "cash machine" PIN should be different from the "shopping" PIN.

Until then it's a sick joke.

The burden of proof has to be always on the banks to show they are secure or they must refund. Then they'll get it right.

Interestedly I had a bogus purchase made on my HSBC account for tickets on Ryanair, when I contacted Ryanair they said I need to take it up with my bank, I said don’t you need to know who is sitting in that seat as they are already a criminal and therefore could endanger your plane, there was a long pause and they said the would get back to me, I’m still waiting 3 mths later, luckily HSBC were quicker in paying back the money into my account.

There will always be attempts to expose any weak link in security. A back pack with a laptop along and some wires is far fetched I agree and not a real security risk, but just wait until all this can be put into a single credit card like yours and me and then it will be a serious threat. Until the industry as a whole stops issuing low security, cheap cards and creditcard terminals stop accepting them this type of crime will always be possible.

This comment was removed because the moderators found it broke the house rules. Explain.

This might sound like a crazy idea, but why was fingerprint technology not used?

Fingerprints are relatively unique; so either standalone, or even combined with a PIN would surely be a step towards better security!

My corp amex has no chip. Some shops in the UK don't like the idea of me having to sign, as it's been drilled in that chip&pin is more secure. However, as one retailer put it "combined with my driving licence, this is the most secure way of confirming the tx".

The point is, my driving licence has a photo of me on it. So why can't we have photos on our bank cards - its one thing to know or trick a PIN, bit harder to have a matching face though!

Why do organisiations insist on finding "clever" new was to identify us - numbers, fingerprints, bio-data - the list gets longer?

The last time I checked, a photo was a pretty safe way to identify a person so why not replace the bank logo hologram with a hologram of the card's owner. The cost of faking a hologram would put this sort of theft out of the reach of all but the most organised criminals and the time involved in creating a fake card would allow for more cards to be cancelled before mone was lost.

The face could be checked by a human operator or by a webcam and simple software - the sort that is already built in to many cameras.

We're not talking about an ID card here - just a simple process that doesn't try to be too clever.

not very surprising, chip & pin is not secure, but its better than the old system.

But what about this new contactless card, how long until criminals start cloning cards just by walking past people. Oh thats right, they already did the same thing with the new passports...

You need to be a magician to carry out this attack.

The card will slide out of your sleeve (instead of you wallet) and using misdirection the cashier will not see wires attached to it which run up your sleeve and into your backpack.

What system is secure from that kind of abuse where you physically insert two wires into it and hook it up to a computer.

This comment was removed because the moderators found it broke the house rules. Explain.

Never been happy wityh the system. The old system had to have you sign, if there was any doubt the signiture was confirmed as per the sample. The banks were responsible until it was proved that you signed.

Now with the old chip & Pin you are responsible for any and all transactions, until you prove otherwise.

It was just a way of securing the banks responsibilities away from the client, an unfair system with your money.

The proof came when a shop took 3 payments from my card on 2 different days, All for the same amount, the bank informed me that I could lodge a dispute, but I had given over my card therefor gave permission for the transactins and any further transactions the company may process.

Another ocassion when I bought a vidoe card on line, the card arrived with the package open inside and obvious signs that It had been a return, I tried it it did not work. I sent the card back only to be told by the company that the card had been stripped and its warrant voided, as such they deducted more money from my account for testing and postage, 1 week later! once more the bank said that I had autherised any and all transactions at any time because I had given over the card details. The card was then prooved by the manufaturer to have been a previous warranty claim, and should have been returned to them. Made no difference tot he company they still did not refund any money, the card was eventually replaced by the manufaturer, who even paid the postages!

I have been informed by the bank that the only way to ensure that a company cannot come and take any more money from the card, is for you to cancell the card after the transaction, they will issue a new card, and any further payments on the old card will be rejected.

Chip & PIN..... Stick it, bring back the old Sign for system.

Sorry, but photos are not secure at all. How difficult would it be for a criminal gang (and they do work credit card fraud in gangs) to take a photo of you as well as steal your card? Not difficult at all. Then it would be simple to get the picture on the bluetooth/wireless dummy card before presenting it to pay for something - probably minutes after it has been stolen. This would not be difficult for the high-tech criminal gangs to do. After all they were able to make combined wireless card-readers and cameras that didn't look much out of place when placed on a cash machine to record card details (via the magnetic stripe) and pin (via the camera). Don't underestimate what criminals can do.

@ 17, 19 & 38:
Producing ID will work about as well as asking a cashier to check your sig. They will get complacent and not bother.
@ 33:
Having a 10 dig number might be a bit tricky for people like my grannie to remeber. Expecially when you start asking fro numbers 1, 5 & 7 or whatever

I'm a director of an independent company which provides chip and PIN certification software and services to banks and other organizations worldwide and have been familiar with Professor Anderson and his work for many years (and have exchanged emails on a number of topics). While this work certainly appears important, it is likewise important that the claims he is making are not exaggerated. His comments in this article -- that this is the largest flaw that's been discovered in 25 years of electronic payment systems -- indicate to me that he is suspiciously close to doing so. Bear also in mind that technical experts were aware of his previous attacks before he was, and that, while he has talked at length about the economic forces that pushed the banks to implement Chip and PIN in the first place, he has not generally discussed the more fundamental trade-offs inherent in any payment system between the overall security of the system, and the usability of the system.

Regardless of this, let's have the details of this attack first, and then have technical experts other than the discoverer can evaluate its overall importance.

I posted comment 42, in my opinion this comment did not break any written house rules, it was non defamitory and non offensive in any way and simply stated some facts about poor quality of equipment from payment terminal manufacturers having previously worked in the industry that would have been useful for the public to know (this post did NOT mention any individual or company names). However, the BBC have removed this comment without explaination. Why? I think my comment would have been very useful for the public to be aware of, after all they pay for the service in one way or another at the end of the day. Open and honest journalism? Please re-instate the comment.

The single biggest flaw in a chip & pin card is the mag-stripe present on the back. You would need a great deal more skill to implement this attack than simply cloning the map-stripe. Nonetheless, it is an exploit which needs fixing, albeit one with relevance only to stolen cards.

The problem has never been about signatures, as the vast majority of fraud is carried out with "cardholder not present" technology. Anyone saying go back to old-tech is a fix obviously does not understand the concept of money in the 21st Century.

The problem is always "how can you securely identify yourself to a computer." Give it a few decades, and I'm sure we'll be authorising payment with our own DNA/voice/iris scan. The technology to implement all three exists, it just needs to become commercially viable. Passwords and PINs just aren't secure enough for todays world.

There are an awful lot of comments above this one involving "They would have to steal my card and use it before I reported it stolen."

Oh really ?

I cannot be the first one to think of the tech savvy criminals using a Chip reader/writer, can I ? When you give someone a card and they use one of those remote-terminal card machines, who's to say that it hasnt been modified so that it takes an image of the data on the chip ? Who's to say that there isn't something packetsniffing the transaction between the terminal and the bank ? They have your data now, however they got it, and as far as you are concerned, the card never left your wallet. You won't report it stolen - because you have it in your hand!

To beat these people, you have to think like these people. Sitting around and panicking about it now is too late - this has already been done to people I know - "verified by PIN" purchases of O2 mobile phone credit on his VISA card.... when he has a contract mobile phone from Vodafone.

So ... who's the criminal here then? £5 for a bottle of water. No wonder the boys at Cambridge are looking for chip an PIN loopholes.

My second point: who is fooling whom? Watch the video again, closely this time. When the would-be crim enters the bogus PIN, the terminal display clearly shows that the card is a Visa card. Nothing surprising there, is there? Now look at the receipt. The receipt says that the card is a MasterCard - it's not obvious, but it's there. Look at the AID on the print out and notice the "4". For a Visa card, it would be a "3". Maybe you didn't spot it, but it is worth thinking about. Like everything else these guys do, it isn't always all that it seems!

I personally still feel safe, and I, like Ross Anderson, have also been doing this for 25 years!!!!

I would like to see my bank offering Chip and PIN cards that *DON'T* have a signature strip on the back. In the 21st Century, we still place far too much emphasis on proving who you are by writing your name on a bit of paper and hoping it "looks sufficiently similar" to another bit of paper with your name written on. I'm sorry, what?

I don't like the fact that someone could steal my cards and commit fraud by taking advantage of places still allowing you to sign for transactions instead of entering a PIN.

A chain is only as strong as its weakest link - and the fact that signing hasn't been completely banned means that the weaklist link is about as strong as a piece of dust, therefore the whole system is pretty pointless. OK, it's cut fraud and a PIN system is infinitely better than a "write your name in the same squiggly way every time" system, but they need to do it properly!

Additionally, all our credit cards should have photo ID printed on the cards. That would make a stolen card much less useable!

Edit to my previous comment: They should remove the mag strip as well as the signature strip.

Right, lets try this one again (retry on comment 42) but to avoid any comments viewed to be defamatory or otherwise breaking house rules i'll write it as a fictional scenario below.

Lets say IF I used to work for a market leading chip and pin terminal company and IF maybe per chance I used to test a lot of quality and security based issues with them. It MAY or MAY NOT have been that many problems could have been raised on the quality, operation, interaction, useability and security weaknesses of the systems. It may also be the case in such a fictional scenario that these issues were known, discussed, accepted and the equipment shipped anyway. I'm guessing companies have to meet payment milestones in some cases to get paid right? of course this is only a fictional scenario but it could also be that systems maybe put out into retail points of sale with known bugs and a high percentage failing and then being sent back to the manufacturer to be refurbed. Who knows they may even reload the same software that failed before as software is a complex world right? it now works for now and you could then ship the terminal or pin pad again and charge a fee for refurb. I'm not saying this kind of things go on, I guess you'd need to ask the banks how many of their customers experience issues like that but is one possible theoretical scenario which could explain why maybe sales/performance driven companies may be tempted to consider quality and system design as a lower priority to shipping something, anything out.

maybe these kind of things go on in life?

all of the above is written as if it is a fictional scenario to fuel the debate, please leave this post uncensored to help the debate. ta.

I have a much more simpler, low-tech method. Stand behind someone in supermarket and you will see their pin then steal their wallet, run to the first cash-point and rob them blind.

Retailers are simply unable to provide customers with private enough space which would secure the pin upon entry. Security cameras routinely record your pin details every day which is another huge problem as you are exposing your pin regularly to strangers.

If someone steals money from you using your pin banks are going to put the blame on you squarely as it is your responsibility to keep your pin secure. I have a feeling that this shifting of responsibility to the customer is the main reason why banks have introduced this flawed system and that we will end up picking the bill for it in more ways then one.

Using biometrics is the way forward. Iris recognition is being used in Cairo Amman Bank in Jordan by customers at ATMs without using any card or pin to draw cash. This is not a pilot, this is rolled-out and being used at hundreds of locations.

The following link explains the deployment:

https://www.youtube.com/watch?v=mcx5cj0E3Bk

The following link has the story as reported by BBC Middle East Business Report:

https://www.youtube.com/user/Irisguard#p/u/13/S-qqUY8DPj0

This is the world's first bank to deploy Iris recognition in all its branches and on all its ATM machines. Needless to say, using Iris recognition proves the person's identity in ways that no card/pin or username/password is capable of.

It always makes me laugh when people claim Chip and PIN is flawless and tamperproof when from Day One of the scheme you have had to enter your PIN on unprotected keypads in shops across the country.

It is the easiest form of ID to steal. Watch someone enter their PIN, steal their card, spend, spend, spend. Even signatures are more secure than that.

In all the time this system has been around there are still no proper protection guards on keypads to allow even the few who want to try to hide their PIN the opportunity.

I reckon on any given day of the week, the average citizen could, if inclined to do so, note down around 5 PIN numbers of stranger's cards without any effort at all. And people think its foolproof.

Coupled with the fact that banks still think card fraud is a minor crime...... good grief.

I think everyone here is missing the point. One of the major selling points of credit cards is that they have a built-in insurance system. If you buy something with a credit card, you can get the money back if the transaction turns out to be fraudulent.

This insurance system is not free - you pay for it in the ridiculous interest rates. As a result, banks are not really interested in the details of how the fraud was perpetrated - they're only interested in how much money they lose compared to their insurance premiums. It makes little difference whether the insurance company is a separate organisation or another division of the same bank. The only calculation necessary is "are we making, or losing money?"

It therefore does not surprise me that all of the banks that you spoke to dismissed the problem as: "We're the same as the competition". In short - the banks MANAGE fraud, calculating it as a predictable loss.

If just one bank somewhere could come up with a system which reduces fraud by 50%, they would have a competitive advantage, in that their insurance premiums would be lower, so they could offer lower interest rates on their credit cards. But in the real world, the technology is developed by the big banks (who are also their own insurance companies) and they don't see it as worthwhile to spend money on this.

It's about percentages of percentages, and how much real money is better technology worth? Especially when it's not the banks' money, but your money and my money at stake.

A couple of years ago I saw a news article about a supermarket (it may have been the Co-Operative, but I may be wrong...) which allowed its customers to register their bank details and their finger print with them, and then had fingerprint readers installed on the tills.

It was only a trial, but a great idea I thought. Why did it never take off?

I'd sign up straight away. In fact, the banks should let you opt to register your fingerprint and then we should gradually replace all the Chip+PIN machines with ones that also allow you to choose that method.

Obviously we'd still have to allow PINs for the paranoid obsessive types who seem to create and believe conspiracy theories about this, that and the other, refusing to tell anyone their name in case they get shipped off to Guantanamo Bay, etc. etc. but for the rest of us who just want to get on with our lives and take advantage of useful advances in technology - it would be good!

So CHIP and PIN has been revealed to be unsafe - no surprise there! Only a question of time... The system seems to be fooled quite easily. Scary! Really?

What is actually new?

In the USA always, and increasingly also in Europe, I am handed back my credit card and pocket it BEFORE I sign the receipt. The attendant usually does not look at the signature. If I was brave enough I could sign with 'Donald Duck'.

In USA hotels they swipe the card when you arrive. No questions asked, no signature taken, no PIN entered. The night before you leave they slip the bill under your room door. You leave. Transaction done!

When paying for parking (e.g. at airports) or when buying a train ticket in a vending machine in many countrys you do not have to enter a PIN. Just swipe the card.

On the phone you tell the merchant your card number, expiry date and security code. So they have everything to use your card anywhere and as many times as they like.

In the UK some female test buyers successfully used cards issued to males and vice versa. Does anybody ever wonder why 'Miss XYZ' is wearing a full beard?

Question: Does any of the above suggest that the word 'SAFE' should be used in connection with cards at all?!?

And what do the banks do? They 'profile' us to spot fraudulent transactions. In real life this works as such:
Recently I booked flights for hundreds of pounds over the phone. Nothing happened. A few weeks later I got my card cancelled and my online account locked for buying a £1.50 Megabus ticket! For me this was a usual transaction, done many times before, while the flights weren't. When I bought £5 funfares on National Express, the alarm bells rang too! Different card from a different bank. Same with EasyBus and a third card. Where is the logic? Who bothers phoning them back after the third time in a row? Last month I bought very expensive jewellry with a brand new card. Went through straight away... Anybody bother explaining this to me?

Surely it's up to the shops to make sure the customer doesn't have a wire attached to his card!

If shops check for suspicious wires, and cardholders report their cards stolen as soon as they notice, then the system is fairly secure. If use of a signature is stopped, as described by another poster, then this "loophole" is closed altogether.

Sorry, but I find this article to be sensationalist and unrealistic.

Ross Anderson is a serial self-publicist, and you have to question the motives for widely publicising a flaw that is probably not widely known by fraudsters. And now they are further miniaturising their device - why? for what purpose?
No one in card payments would suggest that this or any other system is infallible - the annually reported fraud figures clearly suggest otherwise.
It cost several billion pounds to roll-out chip and PIN and it'll cost a lot more to upgrade it. Who will pay for this, first the banks, then the retailer and ultimately you. I wonder whom is going to benefit from this, perhaps a group of Cambridge boffins with a solution they want to see adopted?

I think so me of the contributors on this issue are underestimating the real safety issue of chip and Pin because they have never been victim and/or if they were, their money was probably returned to their bank accounts.If they could experience of someone getting hundred pounds of his hard earned money taken fraudulently from him and the effects on his day to day financial life, they would probably be talking in another way.If we have to believe the program,there seems to be an agreement within the banks that the system is not foolproof but still banks have been arguing consistently that someone complaining may have used his card or gave it to a third party to say he was negligent. maybe the contributor of post 46 and 50 will care to know that, in Job v Halifax where i was the victim, the Halifax bank still won the case even after admitting that they had destroyed the transactionas cryptograms which could have ascertained the card involved in the disputed transactions even if i notified them of my intention to complaint the next day i realised the fraud. It makes me wonder what evidences the banks put before the FOS for it to arrive to side with the bank in most cases that the baks have choosen to dispute; what is ironic is the fact that in a country like the united kingdom, we are unable to get the specific number of chip and pins frauds complaints, either from the banks, the FOS or the security services which makes it the more harder to understand on which basis other than alibi, Banks choose to reimburse some people and not others. That i was refused a legal aid certificate to have proper legal representation against a bank that had just been bailed by the tax payer is self telling and for the bank to stake up to £50.000.00 pounds to dispute a £2100 says it all! and none of you can share the financial nightmares Halifax plunged me into.

This is indeed a serious flaw. The EMV compliance was enforced last year in Nigeria, now we are having this issue on our hands. I think it's time the whole architecture is rewritten or maybe we can adopt a new Technology. Is NET1 UEPS technology more secured?

my santander debit and credit cards were stolen from my handbag in cheltenham early january. i cancelled my cards the next day as soon as i noticed they were missing. i was confident the thief could not use these cards because my pin number was secure. However the thief was able to withdraw £1200 from ATMs and purchase goods to the value of £12000 in Cheltenham, Leamington Spa and Coventry. Santander have shown no interest but to bombard me with telephone calls demanding that i repay the amount the thief overdrew on the credit card. santander do not answer my letters and telephone calls end up in call centres in UK and India. Their fraud department do not accept incoming calls. Where on earth do I go from here?

This comment was removed because the moderators found it broke the house rules. Explain.

We have recently been subjected to card fraud with our Post Office Mastercard, the card data can only have been stolen when we used a terminal at a London underground despite hiding our hand when entering the pin. The card remained in our possession during the 2 day trip but was fraudlently used that evening. Whilst we can prove that it cannot have been us, Mastercard are convinced that we must have authorised this transaction using the actual card & pin code and so are liable for the spend. Has anyone else had experience of this? The insist that this is the only possible explanation it can't be. I am interested to hear from anyone else who may be a victim of a similar event.

This comment was removed because the moderators found it broke the house rules. Explain.

I had my wallet stolen this morning. I reported the theft within one hour and yet my accounts have still had £550 removed from them at ATMs. I had no written record of my PINs and I haven't used my cards since the weekend, so I'm confident the PINs were not compromised by someone seeing me enter them.

The key to theft with this technology isn't stealing from shops, it's stealing from ATMs.

This comment was removed because the moderators found it broke the house rules. Explain.

Chip and Pin is not as secure as the banks let us believe. As a Fraud Investigator for Credit Card Refunds I have come across many cases where innocent people have had money taken from their account and the evidence clearly points to a third party using various devices to skim the card. Don't take all that the banks say about these cards being safe. The evidence I have seen and been involved tells me otherwise.

Forget chip and pin....it is now technologically flawed. Return to signatures BUT.... instead of signing the card, write "signature verification by photocard only" Make this an option, get the card issuer to print this requirement on the card, and force the retailer to pay for any unverified signature in case of dispute.
At some stage the issuers will be forced to properly protect the card usage by imposing and installing a SECURE system, ie, photograph of holder with signature included and retailers will have to be more responsible or pay for their negligence.
Chip and pin will remain an option for online or forgetful users, or for unmmanned cash points, with the associated current risks.

This comment was removed because the moderators found it broke the house rules. Explain.

As a small business man, I can tell you that crooks are doing very well thank you. It’s not that banks that are suffering with fraudulent transactions but the business who supply the card holder. Card holders are covered by some kind of insurance by the card insurer.

BUT Aren’t they the clever ones at Cambridge University. Now all the crooks around the world will be trying to uncover what they have discovered. Sometimes is best to keep your mouth shut, O clever one.