reports in the news feeds around the web at the moment which are totally overhyping - yet understating the most obvious flaw.
this flaw has been proven by a research team at cambridge university.
effectively what they are saying is:
- 1x employee in on the scam.
- 1x modified Terminal
- 1x wireless transmitter.
What the team did was wireless transmit the details and pin code for the card when it was read by the terminal and use it to make purchases elsewhere.
There is nothing new or dramatic here, yes the smart chips are better than a magnetic strip.
but they are still vulnerable to malicious reader attacks.
it really isn't anything new, except they need to get your PIN code as well.
back in 2001 a friend of mine had $18,000 stolen from his visa account in just under 12 hours because there was a racket in the area that were running second machines,
effectively you hand them your card and the would run it through the stand machine then place in into what looked like an unassuming place on the keyboard to rest the card while waiting for the receipt to print.
what it was actually doing is reading the magnetic stripe.
The good news was the police were already onto these guys so my friend got his money back fairly quickly.
I am no expert on such things, but I would guess that until we are at a point where there is no passive side to such a transfer with static data, there will always be the overwhelming capability for nefarious individuals to take an "image" of the encrypted data, and then plant that onto a cloned device.
who knows, solar powered credit cards could be just around the corner.
Other related posts:
Internet Censorship, Guilt by accusation, I'm Angry. very angry (S92a - etc)
Privacy laws get long overdue tidyup over Motorist Registration (NZ)
Thailand vs Youtube.... "team Google, world police"??
Comment by NokiaRocks, on 7-Feb-2007 14:10
Do you have a link to your source?
Comment by sbiddle, on 8-Feb-2007 07:52
At least smart cards in the UK are a damn site more secure than NZ where the banks don't seem to have any problem with around 75% of credit card users still signing for their transactions.. It's a joke - a PIN should be compulsary.