Analysis: The rise (and fall) of Chip and PIN

IT PRO traces the history of Chip and PIN in the UK and how criminals have began to target its weaknesses to commit fraud.

It's already difficult to imagine Britain without Chip and PIN. It is difficult to believe that before 2006 we actually lived in a time where it was common for us to hand over a card to a retailer, let them take it away from us for processing, and where security was based on whether somebody thought your signature matched.

Chip and PIN replaced this manual process, and as a security counter-measure it usually works. However, it is not flawless, and it has been reported that several law enforcement bodies are conducting detailed investigations into its weaknesses.

It all started so well. Back in late 2006 we were there to see Chip and PIN mark its official six month birthday, and it was trumpeted as a massive success. It was responsible for a 60 million reduction in fraud in 2005, but the warning signs were already there in the form of a 21 per cent increase in cardholder not present (CNP) fraud.

We were also there to cover Chip and PIN's first birthday at the beginning of 2007. By this time all credit and debit cards in the UK had been replaced with Chip and PIN-capable ones, but again joy was tempered as security experts claimed fraudsters were simply moving to other ways to defraud account holders. This meant more sophisticated ways for hackers to break in, such as targeting back-end systems, as well as more CNP fraud.

The same month IT PRO saw the first example of hacking Chip and PIN terminals directly, thanks to researchers from Cambridge University.

First of all they managed to configure a Chip and PIN terminal to play Tetris, but more seriously they could sabotage a reader to commit fraud.

One of the biggest criticisms of Chip and PIN is that it shifts responsibility for fraud to the victim rather than the retailer, making it harder for innocent cardholders to avoid losing money.

The Cambridge researchers this year discovered that it was possible to hack Chip and PIN terminals, obtain PINs and collect credit and debit card details. The research paper claimed that all you needed to tamper with readers was "a bent paperclip, a needle, a short length of wire and some creative thinking."

But whatever the case it is impossible to argue that Chip and PIN is not a better system than the one it replaced.

In March APACS claimed card fraud losses decreased two years in a row, while card fraud abroad in countries that do not use Chip and PIN had increased by a massive 70 per cent.

The current problems are largely to do with the fact that criminals are cloning cards and using them in places where Chip and PIN has not be implemented, rather than actually exploiting Chip and PIN technology flaws on home soil. However, it is disturbing to know that there are now factories out there which have the equipment to hack Chip and PIN cards and create counterfeits.

Banks have to acknowledge that there are so many ways PIN numbers can be acquired that fault can no longer be blamed wholesale on victims being careless with their PIN numbers.

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Leading the data race

The trends driving the future of data science

Download now

How to create 1:1 customer experiences at scale

Meet the technology capable of delivering the personalisation your customers crave

Download now

How to achieve daily SAP releases

Accelerate the pace of SAP change to support your digital strategy

Download now

Recommended

Your essential guide to internet security
Security

Your essential guide to internet security

23 Sep 2020
How to enable private browsing on any device
privacy

How to enable private browsing on any device

22 Sep 2020
Third-party apps are tracking your WhatsApp activity
social media

Third-party apps are tracking your WhatsApp activity

21 Sep 2020
Ransomwiz lets you test your security with simulated ransomware
ransomware

Ransomwiz lets you test your security with simulated ransomware

21 Sep 2020

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
Windows Server flaw sparks emergency US gov warning
vulnerability

Windows Server flaw sparks emergency US gov warning

21 Sep 2020