Monday, January 08, 2007

Danger-signs for Chip and Pin

It did happen. Some-one did the obvious and showed the inherent weakness in the design for EMV. This "foolproof" payment system can easily be hacked by tampering with the Point of Sale in the hands of merchants.

Researchers at the University of Cambridge have shown how a terminal designed to read an EMV card can be modified to play Tetris with. They have made a video of their work and have posted it on YouTube. See article.
What is the relevance of this? Well this means that some-one can change a terminal to capture your card information and your PIN when you enter it onto some crimally minded merchant's terminal. This may not be a big issue in High Street London, but take the concept to developing economies and the challenges is almost unsurmountable.
If you are however prompted to enter your PIN number on your own phone when you make a purchase, this problem goes away. Mobile payments are so much more inherently safer.

No comments: