UK chip-and-pin credit/debit/bank cards NOT secure

[B33R]

For those of you who don't know what "chip and pin" is, it's where you input a 4-digit PIN code to authorise a credit card transaction. The PIN number is stored on a chip on the card. It's replacing signatures and is apparently "secure" and reliable.

Now, researchers at Cambridge University were able to create a machine for about £100 ($180) that reads the PIN number from the chip and also all the other pertinent information from the card, enabling them to create fake cards and bypass the entire chip and pin system.

All it requires is a dishonest employee to attach the £100 device between the terminal where you input your number and the actual credit card machine.

Unlike the French and German banks, who encrypt the information on the chip, the UK banks decided to save about £1.50 ($2.70) per card and not encrypt it.
So while claiming chip and pin is secure, the UK banks pass the blame onto the customer if their card is fraudulently used, even though it's not the customers fault.

Crazy huh?


More Info

 

[Peter]

Another flaw is that all and sundry can see you put your pin in whenever you pay for something anyway.

 

[hanz]

hmm... I wonder if Estonian banks are encrypt that information
most of the Estonians use those chip-and-pin bank cards

 

[peterstannard]

Another flaw is that all and sundry can see you put your pin in whenever you pay for something anyway.

Yeah. Thats always what's bemused me. Although I guess its no use unless they have your actual card, or a clone of it.

 

[dc1pop]

Your protected against fraud anyway. So hardly worth worrying about imho.

 

[Peter]

Yeah. Thats always what's bemused me. Although I guess its no use unless they have your actual card, or a clone of it.

1 trick that has been used alot is for a gang to watch someone at a cash machine and remember their pin, then a freind of theres follows the person for a while and mugs them. They now have free access to gain as much sach as the card will allow. At least before this was limited by the users dailly maximum limit and also the fact it would only work on cash machines. Now people can watch you type your pin anywhere and they can use the card anywhere. A shop clerk would not even notice any more if the person was even the right sex as they don't look at the card at all (not that they paid much attention before)

Your protected against fraud anyway. So hardly worth worrying about imho.

Are you sure debit cards are protected? Regardless you HAVE to prove that it was not you who used the card which could be extremely difficult.

 

[dc1pop]

1 trick that has been used alot is for a gang to watch someone at a cash machine and remember their pin, then a freind of theres follows the person for a while and mugs them. They now have free access to gain as much sach as the card will allow. At least before this was limited by the users dailly maximum limit and also the fact it would only work on cash machines. Now people can watch you type your pin anywhere and they can use the card anywhere. A shop clerk would not even notice any more if the person was even the right sex as they don't look at the card at all (not that they paid much attention before)



Are you sure debit cards are protected? Regardless you HAVE to prove that it was not you who used the card which could be extremely difficult.

Not really....the chances the fraudster will take the money from your account in the same town you live in a minimal.

This system has been around in France for a lot longer then the UK and they dont seem to have such issues.

Whatever protection you try and have or news ways that are implemented to pay for goods scammers will always come up with new ways thats life.

 

[B33R]

Your protected against fraud anyway. So hardly worth worrying about imho.

You're not protected if someone else gains access to your PIN number, even if you can "prove" you didn't spend the money, it'll still be your fault for giving someone your PIN number (even if you didn't).

They claim the only way for someone else to know your PIN is for you to give it to them. They take no liability because they claim the system is secure.
So if you do lose out because someone else got your PIN, it would be your fault and they won't cover any losses.

They're a law unto themselves and after spending so much money it, they're not gonna admit there is a problem and that it isn't 100% secure.

 

[dc1pop]

You're not protected if someone else gains access to your PIN number, even if you can "prove" you didn't spend the money, it'll still be your fault for giving someone your PIN number (even if you didn't).

They claim the only way for someone else to know your PIN is for you to give it to them. They take no liability because they claim the system is secure.
So if you do lose out because someone else got your PIN, it would be your fault.

They're a law unto themselves and after spending so much money it, they're not gonna admit there is a problem and that it isn't 100% secure.

Of course there not going to admit their is an issue. That would just make the whole country worried etc etc.

But to say youre not protected is stupid. When cash machines are tampered with and banks find out and people have lost money due to this they are compensated. Ive read this on the football forum i visit with is mostly all UK based people and this has happened too a few of them and they have claimed and got money back....

 

[B33R]

But to say youre not protected is stupid.

If someone goes into a shop and buys something using your card (or a copy of) and your PIN, you're not protected.

The banks automatically assume you gave your PIN to them, because they claim the system is secure and the person could've only got the PIN if you gave it to them.

 

[peterstannard]

A shop clerk would not even notice any more if the person was even the right sex as they don't look at the card at all (not that they paid much attention before)

They don't look at/or touch the card in anyway, one of the parts of chip and pin, so they can't/don't check the name etc.

 

[Peter]

They don't look at/or touch the card in anyway, one of the parts of chip and pin, so they can't/don't check the name etc.

That was exactly my point, at least before they were meant to at least check the card and would possibly notice a male for example using a card with mrs smith on it (although as proven they paid little attention).

When cash machines are tampered with and banks find out and people have lost money due to this they are compensated. Ive read this on the football forum i visit with is mostly all UK based people and this has happened too a few of them and they have claimed and got money back....

Cash machines are the liability of the company who runs it, so if that machinary was tampered with or is faulty then yes they are liable, but as B33R states keeping a pin protected is 100% the responsibility to the user of the card if someone else get's it then as far as the bank are concerned it is not their liability. It does not become their liability UNTIL the card has been stolen and then the bank have a clause that they stipulate that they are not liable until (I think it is) 2 hours after being reported so that they can process the report.

 

[Mystic]

Haha there is always a way around anything when it comes to technology