Chip and PIN Vulnerable
This both is and isn’t news. In the security world, we knew that replacing credit card signatures with chip and PIN created new vulnerabilities. In this paper (see also the press release and FAQ), researchers demonstrated some pretty basic attacks against the system—one using a paper clip, a needle, and a small recording device. This BBC article is a good summary of the research.
And also, there’s also this leaked chip and PIN report from APACS, the UK trade association that has been pushing chip and PIN.
kyb • March 12, 2008 3:46 PM
It’s all irrelevant – nobody checks that their terminal is a genuine one anyway. Easy enough to make one that reads the magstripe and asks for a PIN, then apparently breaks, so the merchant has to use one of the many paper based back ups.
There’s no need to actually communicate with the bank at all.