Claims by Italian researchers that “Chip and PIN is Broken” have sparked outrage in the industry, with payments specialists defending the initiative left, right and centre.

At the recent CanSacWest security conference in Vancouver, researchers at InversePath claimed that they have found a security hole that exposes chip and PIN protected cards.

The researchers predict that ‘chip skimming’ will become attractive for fraudsters, since it can go undetected for a long time and requires little effort when it comes to installing it. The skimmer is powered by the POS itself.

The research also claims to prove that stolen cards can be used without a PIN.
However, the industry has responded, with Mark Kusionowicz, marketing director at The Logic Group, citing recent card losses as proof that chip and PIN is “definitely not broken”.

“Credit card losses in 2010 were 17 per cent lower than in 2009 and represented the lowest figure since 2000 – chip and PIN has significantly contributed to this drop. Even if we ignore the fact that you would need to have a very distracted shop assistant to fit the skimming device undetected and have customers who somehow wouldn’t notice a blockage making it difficult to put their card into the device, the information that would-be fraudsters could obtain would be of little value.”

Kusionowicz added that there will always be a cycle when it comes to paying for goods and services with cards. “Fraudsters will always be looking for new ways to navigate the security measures that have been put in place and in turn the industry moves to increase protection. Indeed a good number of the fraud-prevention techniques highlighted by the report are already being put in place by the industry. For example, the next generation of chip technology referenced in the piece as being an effective defence against cloning (DDA) has already been mandated by the card schemes by the end of the year.”

Share Story: