Antivirus News

When chip and PIN was rolled out across Britain on 14 February 2006, it was presented as a major step against bankcard fraud and a foolproof way of securing card payments. Since then there have been several scares, but overall the system proved to be secure and an important asset in fighting retail fraud.

However, new research from Cambridge has put a major doubt over the robustness of chip and PIN terminals against tampering. The method involves reprogramming a handheld payment terminal, making it possible to record private payment details that are keyed in by the user during the payment operation. According to researchers at Cambridge University, who have sounded the alarm bells, their idea could be easily replicated and criminals could substitute �??fake�?� payment terminals without shoppers suspecting anything.

APACS, Britain�??s payment clearing organisation, has already acknowledged the seriousness of the problem and admitted it is in talks with payment terminal manufacturers to see what can be done to protect users. An APACS spokesperson has also tried to allay people�??s fears, saying that experts carried out the reprogramming operation under lab conditions and it is not a �??realistic threat to retailers�?�. The organisation also underlined the fact that chip and PIN payment terminals were described to be �??tamper-resistant�?�, not �??tamper-proof�?�. This has not been the first hacking incident involving the new payment system: in 2006 Shell had to suspend chip and PIN from its petrol stations after it was revealed that as much as £1 million was siphoned off by criminals who tampered with payment terminals. Chip and PIN users were also warned in 2006 that cloned cards could be used to withdraw money abroad, where terminals only read the ma! gnetic strip of the card.