According to researchers at Cambridge University, EMV (Europay, Mastercard, Visa) users must be even more aware of all charges applied to their accounts than ever before. They claim that there is an integral defect in EMV’s chip-and-PIN validation protocol for debit and credit cards. Subsequently, a machine can be built to alter and obstruct communications between a card and a point-of-sale terminal. The reason for alarm is that the terminal can be tricked into receiving a false PIN verification.
Although there has been no record of this happening in the UK as of yet, researchers have created this hacking device in an attempt to illustrate the flaw. They were able to trick a card reader into validating transactions, without correct PIN numbers, with certified cards from six issuers including Barclaycard, Co-operative Bank, Halifax, Bank of Scotland, HSBC and John Lewis.
The researchers contend that it does not take a rocket scientist to make such a device. The financial attacker could carry the device in a backpack with wires running down a sleeve, to connect to the stolen valid card and the terminal. Basically the device would override the verify PIN instruction dictated by the terminal, causing it to respond with the 0x9000 PIN verification code that allows the transaction to go through, even though the PIN is incorrect, therefore giving the attacker full access to your money.
Although this is a frightening scenario, there are ways for you, the consumer, to protect yourself. Always keep constant watch over your bank statements and look out for possible fraudulent charges. If you happen to lose your card, get in contact with your bank immediately to cancel it.
(Via ZD Net UK)