Content deleted Content added
m link magnetic stripe card using Find link |
→Vulnerabilities: Added information on efforts to better control access to devices containing customer PIN numbers. |
||
Line 63:
Cambridge University researchers Steven Murdoch and Saar Drimer demonstrated in a [[Newsnight|BBC Newsnight]] programme one example attack, to illustrate that Chip and PIN is not secure enough to justify such a shift in liability<ref>http://news.bbc.co.uk/1/hi/programmes/newsnight/7265437.stm</ref> <ref>http://www.bbc.co.uk/consumer/tv_and_radio/watchdog/reports/insurance_and_finance/insurance_20070206.shtml</ref>. However APACS, the UK payments association, disagreed with the majority of the report, stating "The types of attack on PIN entry devices detailed in this report are difficult to undertake and not currently economically viable for a fraudster to carry out." <ref>http://www.channelregister.co.uk/2008/02/27/credit_card_reader_security_pants/</ref>
In October 2008 it was reported that hundreds of chip and pin readers had been tampered with so that the card and PINs could be siphoned off for use by criminals.
Organized crime tampers with European card swipe devices, ''The Register'', 10th October 2008, http://www.theregister.co.uk/2008/10/10/organized_crime_doctors_chip_and_pin_machines/</ref> This vulnerability has spurred efforts to implement better control of electronic POS devices over their entire lifecycle, a practice endorsed by electronic payment security standards like those being developed by the [[Secure POS Vendor Alliance|SPVA]].<ref>
Technical Working Groups, Secure POS Vendor Alliance, 2009, http://www.spva.org/technicalWorking.aspx/</ref>
The Cambridge University exploit allowed the experimenters to obtain:
| |||