Chip and Pin Flaws puts Cards at Risk

It has been claimed that the much lauded chip and pin card scheme is putting millions of UK card holders details at risk as it is so seriously flawed.

The claims, made by security experts, say there is a one in five chance that a card terminal may not recognise a ‘cloned’ card. This increases the chances that any fraudster who has a cloned card can run up debts without the actual owner of the card being aware of it.

The security flaw is being blamed on the fact that the issuing banks are choosing the cheapest versions of the cards. The security alert has already prompted banks on the continent, and especially in France, to use a mor5e secure system.

The equipment required to clone card details can easily be purchased for as little as £300 over the Internet.

Cash withdrawals, sometimes totalling £1m, were made last year at cash machines abroad because repeated transactions at ATM’s no longer flag up at Banks’ head offices as unusual spending patterns.

These fraudulent cash withdrawals are possible in the UK due to the fact that Britain’s 140m credit and debit cards use technology called SDA (static data authentication).

Issuing banks have opted for this technology, as it is the cheapest option. However, issuing banks abroad have moved to a safer system known as DDA (dynamic data protection).

In the UK there are 6.2bn card transactions carried out every year, with one in five of these are carried out ‘offline’. The problem here is that an ‘offline’ transaction means that the chip and pin terminal does not connect with the card holders bank.

Offline terminals cannot detect a cloned SDA card but can detect a cloned DDA card. Newsagents and small shops tend to use terminals that carry out ‘offline’ transactions, leaving them as targets for criminals using cloned cards.

APACS (the Association for Payment Clearing Services) have admitted to the systems’ frailties.

One card security expert said: “ It is something that the industry knows about but does not want to talk about. Many people think it is very easy to clone. One person did come out and say it but he was shunned by the rest of the banking industry.”

Alisdair Milton
9th June 2006