Chip Cards Not Safe?
A British study shows that the chip on our credit card - initially praised as a secure tool to avoid fraud - isn't as secure as one thought it would be. In fact, scientists at Cambridge University have found out that chips cards can easily be manipulated. This discovery has prompted a quick reaction by the Swedish Trade Federation. They hope the problem can be solved in due course - otherwise this security issue might pose a threat at the entire retail industry.
It's fast, it's easy and it is supposed to be safe: purchasing by using your chip card and the PIN code seemed to lead the way for the retail industry. Previous flaws have been rectified; thanks to the smart chip on your credit card any potential kind of fraud was to be eradicated.
But that is not the case, claim scientists at Cambridge University after they've run tests on how easy it actually is to circumvent the supposedly intelligent system that is meant to protect your bank account. According to the tests, the flaw is that when you put a card into a terminal at the pay desk, a negotiation process takes place about how the cardholder should be authenticated - using a PIN, using a signature or just nothing at all. This process - called subprotocol - is not authenticated, so it is easy to trick the card into thinking it's doing a chip-and-signature transaction while the terminal thinks it's chip-and-PIN.
Consequently, anyone can buy things by simply using a stolen card and whatever PIN code. The actual combination does not matter. In the end, the transactions go through and the receipts say "verified by PIN".
After it took years to install chip-card reading terminals in Swedish stores - for the sake of making cash-free transactions safer - the news of the lack of security within the chip card system has sparked fears among Swedish retailers that this could be the beginning of a previously unseen wave of fraud in this country. According to current Swedish law, a shop owner can be held liable for the damage caused by credit card fraud if the shop does not have a modern chip card-reading terminal.
Speaking to Swedish Television, Dick Malmlund, head of the Swedish Trade Federation, expressed his hope that if the British study proves correct, the issue can be solved fast. Otherwise, warned Malmlund, the lack of security could have devastating consequences for the country's retail industry.