Tuesday, February 26, 2008

Opening the doors to our bank accounts?

Did anybody watch Newsnight tonight on BBC2?

There was a fascinating feature on the security of chip and pin systems - you know, the machines into which you put your card and tap in your PIN number when you're paying for goods electronically.

Two Cambridge University researchers - Stephen Murdoch and Saar Drimer, showed how easy it was to experiment on a PED (PIN entry device) which they bought for £30 on eBay. Eventually they found they could insert an extra wire onto the circuit board which would 'hijack' both card and PIN data for use in cloning fake cards.

Although "chip and pin" technology has brought down High Street fraud, the problem is simply displaced - often to Eastern Europe. In 2006 a total of £430m was lost to fraud, and almost a quarter of this, £99.6m was lost through cloned cards.

Banks, high street retailers, even industry watchdogs - all were quoted as saying they were "confident" that the pin entry systems were safe.

So how come two men with £30 to spend on eBay showed that it's anything but safe? Surely if our banks and retailers can increasingly refuse to take cash or cheques, we as consumers should insist that the systems used aren't opening the doors to our bank accounts?

No comments: