Tip:
Highlight text to annotate it
X
so it's possible to build a simple bit of electronics. This is something that we built
to prove the concept but it's possible for criminals to make much smaller ones. And in
fact, criminals have been making much smaller versions of this. And what this device does
is you put the card in to the device.
You can put this up your sleeve if you want and then it will trick the terminal into thinking
that the pen is correct by telling the terminal that the PIN is correct, but telling the card
that there is a signature transaction is going through. And therefore, the card will never
see any PIN, let alone the wrong PIN or the correct PIN.
If your credit or debit card details are used without your consent you should not have to
pay for the losses. Your card provider can't refuse to reimburse you unless they have evidence
that you acted fraudulently, or with gross negligence. The biggest problem with chip
and pin is that the banks are dumping the liability for fraud onto trust in customers.
If a customer disputes a transaction the banks look at the logs and if the logs say that
the transaction wasn't authorized by a PIN, they just reverse it back to the merchant.
But if the logs say that the transaction was authenticated by means of a PIN, then they'll
say that the customer was negligent, or must have been mistaken, or completely to a lie.
So, what we have found is it's possible to trick a chip and pin terminal into accept
a transaction even when the wrong pin has been entered. You can type in any pin you
want, 00000, but the terminal will say that the PIN has been verified correctly and that's
the receipt that the bank will use to try to pin the blame on the customer.
We've produced a number of papers which have shown flaws in the chip and pin system. And
the banks have typically tried to pretend that there wasn't a problem or ignore to or
simply stop it becoming a public issue. In one case where we showed how people were tampering
with chip and pin terminals the banks refused to help the police prosecute the two people
who were responsible for the fraud.
And more recently, when we showed or how it was possible for bad guys to manipulate signals
between cars and terminals, so that the wrong pins could be used. role in fixing the problem,
the banks simply demanded that the student thesis that described all this should be taken
down from the web. Chip and PIN is new payment method.
But car providers should recognize that the vast majority of their customers are law-abiding,
and don't deliberately put their card details at risk. We'd like the payment car sector
to ignore this and process payments immediately. Anything short of this isn't allowed under
the regulations and sends out a bad message out to [xx] For all our free advice on what
to look our for and how to deal with card fraud, click on the link below.