A flaw in chip and PIN threatens millions of accounts

  • Marie Claire is supported by its audience. When you purchase through links on our site, we may earn commission on some of the items you choose to buy.
  • Scientists have discovered a flaw in chip and PIN technology that could endanger millions of credit and debit cards

    It’s been four years since the chip and PIN system became universal on Valentine’s Day 2006, replacing the use of signatures. But now, just as we’ve developed our own discrete ways of punching in PIN codes, we’re told the technology could be flawed.

    The discovery suggests stolen cards could be used in shops and bank cash machines without needing to key in the four digit PIN.

    According to researchers, thieves are attaching a small circuit

    board containing a computer chip to the stolen plastic card, which can

    be concealed up the sleeve.

    This chip communicates with a

    computer stored in the backpack worn by the criminal when using the

    card at a cash-point or shop. When asked for a four-digit PIN to make a

    transaction, they only need to key in random numbers.

    Professor Ross Anderson, form the Cambridge University Computer Lab,

    has discovered several ways to beat the thieves, but insists the

    software surrounding this system should be urgently re-written.


    think this is one of the biggest flaws that has ever been uncovered

    against the PIN system, and I have been in this business for 25 years,’

    he said.

    Consumer lawyer, Stephen Mason, agrees. ‘The loopholes

    in the chip and PIN system are serious and I don’t think they have been

    properly addressed by the banks. They really have to think about this


    When the new PIN system came into play, it was guaranteed to reduce card fraud as thieves couldn’t use the card without knowing the number. Card fraud fell initially, but then rose by 43% by the end of 2008, and is now thought to have risen even higher last year.

    However, the banks trade body, the UK Cards Association, denied the discovery was anything to worry about. ‘We believe that this complicated method will never present a real threat to our customers cards,’ it said.


    Reading now