Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Chip and PIN vulnerability minor compared to on-line fraud potential.

Gridsure : 03 March, 2008  (Technical Article)
With researchers having uncovered vulnerability with POS terminals used with chip and PIN cards, GrIDsure points out the need for alternative to static PIN authentication methods.
The news that chip and PIN is not infallible has hit the headlines with Cambridge University researchers publishing results of successful attempts to obtain personal identification number (PIN) and credit card details from chip and PIN terminals.

While the report is a valuable reminder to the public and the industry that Chip and PIN is not perfect, GrIDsure, the developer of a revolutionary new approach to authentication argues that we must remain realistic about the threats.

"The Cambridge University researchers should be applauded for highlighting the vulnerabilities of Chip and PIN to the public, making them more aware of its potential dangers, whilst also reopening the debate within the industry," said Steve Howes, CEO, GrIDsure. "However, we should not get too carried away, and must look sensibly at the most common threats out there today."

At present, very few fraudsters are using the same technique demonstrated by the Cambridge researchers as there are other far easier and more cost effective methods available to them. Fraud on the UK's high streets has reduced since Chip and PIN was introduced, although the same cannot be said for online fraud and so called 'fraud abroad'. There will always be vulnerabilities with authentication systems, but no matter what you do to strengthen the POS terminal you will not overcome the basic problem of people shoulder surfing a static PIN number.

"Systems exist now that are more secure than current Chip and PIN methods and yet easier for the public to use," continued Howes. "It is time we stopped looking for the nirvana to end fraud once and for all, and instead concentrate on making practical and incremental improvements to tighten security - starting by addressing the static PIN number - which can cut down on fraud immediately."

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo