A flaw in chip and PIN threatens millions of accounts

Scientists have discovered a flaw in chip and PIN technology that could endanger millions of credit and debit cards

It’s been four years since the chip and PIN system became universal on Valentine’s Day 2006, replacing the use of signatures. But now, just as we’ve developed our own discrete ways of punching in PIN codes, we’re told the technology could be flawed.

The discovery suggests stolen cards could be used in shops and bank cash machines without needing to key in the four digit PIN.

According to researchers, thieves are attaching a small circuit

board containing a computer chip to the stolen plastic card, which can

be concealed up the sleeve.

This chip communicates with a

computer stored in the backpack worn by the criminal when using the

card at a cash-point or shop. When asked for a four-digit PIN to make a

transaction, they only need to key in random numbers.

Professor Ross Anderson, form the Cambridge University Computer Lab,

has discovered several ways to beat the thieves, but insists the

software surrounding this system should be urgently re-written.


think this is one of the biggest flaws that has ever been uncovered

against the PIN system, and I have been in this business for 25 years,’

he said.

Consumer lawyer, Stephen Mason, agrees. ‘The loopholes

in the chip and PIN system are serious and I don’t think they have been

properly addressed by the banks. They really have to think about this


When the new PIN system came into play, it was guaranteed to reduce card fraud as thieves couldn’t use the card without knowing the number. Card fraud fell initially, but then rose by 43% by the end of 2008, and is now thought to have risen even higher last year.

However, the banks trade body, the UK Cards Association, denied the discovery was anything to worry about. ‘We believe that this complicated method will never present a real threat to our customers cards,’ it said.


Reading now