Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

ATM hack puts banking customers at risk

Gridsure : 04 July, 2008  (Technical Article)
With US hackers having found a way to crack PIN codes for cash machines, GrIDsure proposes hardware independent one time authentication to protect bank accounts
This week news emerged that millions of US bank customers are being left vulnerable to hackers who have found an ingenious way of cracking PIN codes used in cash machines. The attack was the largest in US history with at least 2 million USD stolen and could show a sign of things to come. This kind of attack further highlights vulnerabilities that have never been seen before in the chip and PIN system and shows that static PINs are no longer secure enough to protect our bank accounts.

GrIDsure Chairman Jonathan Craymer comments. 'The UK hasn't yet witnessed an attack of this kind, but this type of scam simply could not work if dynamic, one-time codes had been used in place of fixed PINs. One-time codes present a far more secure option for banking customers and add an extra sense of security. Whether your PIN is obtained through hacks such as this, shoulder surfing, key logging or spyware - it will be completely useless to a criminal as you are issued with a new PIN each time you come to use an ATM or make a transaction.'

The concept of a one-time PIN is not new, but can now be achieved without the need for additional hardware, making security simpler for consumers.

Craymer continued, 'For some time at GrIDsure we've been warning of the vulnerability such fixed codes create, and hope that in future systems designed to protect card-holders will not allow criminals to access fixed codes, potentially allowing them to impersonate customers.'

As cash points can now be remotely diagnosed and repaired online, it is important that security is not compromised as a result. The mode of attack is irrelevant. The reality is that fixed PINs are simply not sufficiently secure to tackle fraud today.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo