Chip and Pin "Weakness" Exposed By Cambridge Researchers 133
another random user writes "A vulnerability in the widely used chip and pin payment system has been exposed by Cambridge University researchers. Cards were found to be open to a form of cloning, despite past assurances from banks that chip and pin could not be compromised. In a statement given to the BBC, a spokeswoman for the UK's Financial Fraud Action group said: 'We've never claimed that chip and pin is 100% secure and the industry has successfully adopted a multi-layered approach to detecting any newly-identified types of fraud.'"
Never trust security through obscurity (Score:4, Informative)
Presumed secure = blame the user (Score:5, Informative)
no liability for banks (Score:2, Informative)
Canadian banks just snuck in an update to the banking agreements--customer is now 100%responsible for losses with chip and pin cards, no doubt due to the ironclad security.
Re:Wasn't this already covered (Score:4, Informative)
European Credit and Debit Card Security Broken
http://news.slashdot.org/story/10/02/11/2129212/european-credit-and-debit-card-security-broken [slashdot.org]
Re:Never trust security through obscurity (Score:2, Informative)
What exactly is this 'chip and pin' system in UK apparently. Sounds British (like fish and chips?)...hahaha.
It's referring to a credit card & a pin number combination for security.
Re:Never trust security through obscurity (Score:2, Informative)
credit and debit card too.
Re:Presumed secure = blame the user (Score:3, Informative)
Re:Never trust security through obscurity (Score:5, Informative)
It's not that they cannot accept card like that, but that the processor will not reimburse the shop in case of fraud. At least that's the case here in the Netherlands.
Its worse - Liability is shifted to the CARDHOLER (Score:5, Informative)
Re-read your chip & PIN liability statements. Chargebacks with chip & PIN are very difficult to do and weighed heavily against the cardholder.
By default, if a transaction is conducted via chip & PIN, the consumer is liable for all charges. The use of a PIN constitutes, in the eye of the bank, de-facto shift of liability for the transaction. In the event of a dispute, it is up to THE CONSUMER to provide evidince that he / she did not perform the transaction. This is a marked shift from the old magstripe / signature liability, where it was up to the merchant to prove that it was you making the purchase in a dispute. Now, it is up to the consumer to prove it WASN'T you - good luck with that!
I am glad people are finally waking up to this because I avoided chip & PIN as long as possible due to this, but it is being rammed down our throats, along with this liability shift, and no one is noticing.
Re:Never trust security through obscurity (Score:4, Informative)