Chip-And-PIN Security Questioned

Like the constant reports that every food imaginable causes cancer or some other deadly ailment, IT managers looking for the mythical safe security approach would be best served by giving up and having a bowl of hot fudge. This is prompted by a university report out of the U.K. that chip-and-PIN terminals, which were touted as a more expensive but more secure way to validate credit and debit card purchases, are--you guessed it--not secure.

A team at the University of Cambridge "opened up one of the supposedly tamper-proof terminals, replaced its internal hardware with their own, put it back together without any external evidence of tampering and then got the machine to play Tetris," according to a report in Computerworld.

Researcher Saar Drimer said the school's experiments proved that all components of the PIN pads used to authenticate such transactions could be made to interact and respond to input from one another. "This means that the card reader can read information from the chip and display it on the screen. The data from the keypad, such as a PIN, can also be recorded," Drimer was quoted as saying.