About us | Jargon Buster | Site map | Contact us

Buy your credit reports online or call us free on 0800 612 0421 (Monday to Friday, 8am - 5pm)

Home	Check your Credit Report	Free Credit Score	Find a Lender	Debt Advice Centre	Check your Postcode	Free Identity Theft Check

Identity Theft: Is Chip & PIN security vulnerable to criminals?

Richard Catlin
18 February 2010

Chip & PIN, the standard security measure for almost all face-to-face credit and debit card transactions in the UK, has been around for almost 7 years now and has helped to bring about a significant reduction in levels of fraud.

New research from the University of Cambridge has now cast doubts on the security afforded by Chip & PIN, raising fears that criminals could once again start to focus on stolen cards.

The first Chip & PIN transactions in the UK took place in Northampton in May 2003, before being rolled out across the country. The reduction in fraud relating to lost and stolen cards was almost instantaneous, with a £60 million drop between 2004 and 2005.

The reduction in face-to-face fraud has continued, but also seems to have prompted fraudsters to target alternative methods of deception - such as using UK cards in countries that are yet to fully implement Chip & PIN. Identity Theft has also increased at a worrying rate during the recession.

Without going into the details of where the security flaw lies, it involves tricking both the card reader, and the Chip embedded in the card, into thinking that the transaction has been authorised.

The original card is placed in a separate card reader and connected via a discreet cable to a copy of the stolen card. The extra kit sits in a backpack, with the cable running down the inside of a sleeve for concealment. The card then slots into the reader at the till as usual.

When card readers are set by the retailer automatically to ask for a PIN, this new deception technique is able to override that, and convince the machine that the transaction has instead been authorised using a signature. Although PIN entry has replaced signatures at all but a few retailers, card readers still retain signatures as an optional method of authentication.

At the same time, the card (and issuing bank) is tricked into believing that the PIN was entered correctly, and so the transaction is authorised there too.

The card industry has responded to the claims by saying that the security flaw is only theoretical, and that the technology remains safe, but the real risk of criminals exploiting it remains to be seen.

There are a few basic steps you can take to reduce your chances of falling victim to fraudsters, either through cloned or stolen cards, or identity theft. Our free Identity Theft Check Service will not only highlight which areas of your lifestyle put you at risk, but also give you advice on how you can best protect yourself when using credit cards both at home and abroad.

Check your risk for free now