Is Chip and PIN the Future?

Robert Siciliano Identity Theft Expert

Chip and PIN is the name of a government-backed initiative in the United Kingdom to implement the EMV standard for secure payments.

There have been rumblings from Europe over the past year  about American based credit cards that solely rely on the magnetic strip not being accepted in the future due to security issues.  Australia recently stated they were getting rid of all magnetic strip based cards and going Chip and PIN within the next few years.

Meanwhile ZDNet reports Researchers at Cambridge University have found a fundamental flaw in the EMV — Europay, MasterCard, Visa — protocol that underlies chip-and-PIN validation for debit and credit cards. As a consequence, a device can be created to modify and intercept communications between a card and a point-of-sale terminal, and fool the terminal into accepting that a PIN verification has succeeded.

“Chip and PIN is fundamentally broken,” Professor Ross Anderson of Cambridge University told ZDNet UK. “Banks and merchants rely on the words ‘Verified by PIN’ on receipts, but they don’t mean anything.”

This new research has shown that a PIN still needs to be entered, but any PIN code would be accepted. That’s not good. The researchers who cracked the code stated that the ability for the badguy to do this in the future is probable due to the fact that the attack itself is “elementary”.  That’s got to warm the cockles of organized crime.

The US has not adopted CHIP and PIN and many argue it is due to the costs involved. With 213 million cardholders and 1.2 billion credit cards in the U.S., there’s no shortage of opportunity for carders to maintain their current pace. However, an investment in a flawed technology isn’t wise.

You can’t protect yourself from these types of scams. However, by paying attention to your statements and refuting any unauthorized transactions within 60 days, you can recover your losses. When using any POS or ATM, pay close attention to details, and look for anything that seems out of place. If your card gets stuck in the machine or you notice anything odd about the appearance of the machine, such as wires, or error messages, don’t use it.

Protect your identity.

1. Get a credit freeze. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. Go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing ATM skimming on NBC Boston