Smart Cards
John Leyden at The Register reports that security researchers have demonstrated a gaping security hole in Chip and PIN credit card authorizations, which undermines trust in the technology as a means to verify retail purchases. Cambridge University security researchers have demonstrated how it might be possible to trick the card into thinking it’s doing a chip-and-signature transaction while the terminal thinks it’s authorized by chip-and-PIN. The flaw creates a means to make transactions that are “Verified by PIN” using a stolen (uncancelled) card without knowing the PIN number. Fraudsters would insert a “wedge” between the stolen card and terminal, tricking the terminal into believing that the PIN was correctly verified.
