Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

One time PINs may hold key to preventing chip and PIN frauds

Gridsure : 15 August, 2008  (Technical Article)
With discovery of fraud card factory and increasing threats using Chip and PIN terminals, the banking industry needs to rethink the use of static PINs
The fact that chip and PIN is not infallible has hit the headlines yet again with the news that police raided a counterfeit card factory in Birmingham on Tuesday and found equipment needed to steal details and make fake cards. This latest incident follows warnings by Cambridge University researchers who recently published results of successful attempts to obtain personal identification number (PIN) and credit card details from Chip and PIN terminals.

Jonathan Craymer, chairman of GrIDsure, the developer of a revolutionary new approach to authentication commented: 'Since its arrival onto the British high street over two years ago, Chip and PIN has been hailed as a success, however these recent stories show that the system's reliance on fixed PIN numbers have left it vulnerable to attack.'

'At present, few fraudsters are using the approach of hacking Chip and PIN readers as there are other far easier and more cost effective methods available to them. Fraud on the UK's high streets has reduced since Chip and PIN was introduced, but the same cannot be said for online fraud and so called 'fraud abroad'. There will always be vulnerabilities with authentication systems, but no matter what you do to strengthen the POS terminal you will not overcome the basic problem of people shoulder surfing or key logging a static PIN number,' continued Craymer.

It has been suggested that the Banking Code should ensure that victims are refunded any losses, although with this latest attack, customers' PIN numbers have been used to make the transactions and in recent cases, banks have refused to refund customers where this has happened.

'With 30 UK stores already falling victim to this attack, I am sure we have not seen the last of these attacks yet simple, incremental changes - like addressing the static PIN - could so easily reduce fraud. A fraudster obtaining a one-time PIN will have achieved nothing, a fraudster obtaining a static PIN essentially achieves a ticket to a new ID and its associated account.' continued Craymer.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo