UK based Timesonline reports a flurry of credit card fraud in the first half of 2007. Researchers at Cambridge found chip and PIN merchant terminals lack necessary security encryption. The merchant terminal can be programmed to capture pin and card numbers in order to produce a clone card. The programming takes only 10 minutes.
As reported by Timesonline recently, the popular use of chip and PIN cards has a fraudster in the mix. A merchant can program a chip and PIN terminal to capture all the information needed to create a clone card including the PIN number. Researchers from the Computer Laboratory at Cambridge who conducted the investigation found the vulnerability in the device. There are several reported instances, including an incident at a Shell garage.
The apparent vulnerability of the merchant terminals involves the manufacturer´s failure to build in the necessary encryption technology into the device. The specific encryption required is absent from the present terminal model. Thus, the card runs through the device unproteced.
APACS, the UK payment association in charge of the introduction of the chip and PIN technology acknowledged the possibility cited by the Cambridge researchers. An APACS spokesman stated, "We´re not denying this type of fraud is achievable, but there are easier ways of achieving the same type of fraud, including skimming cards and capturing the PIN using a pin-hole camera." This type of fraud is the current focus of APACS.
In January, 2008 Visa announced that all new cards issued would include a new chip-based technology called "ICVV". The technology is designed to alert banks and merchants when a clone card is being used for products or services. Unfortunately, not all banks have made the new cards available to customers.
According to the Cambridge researchers, the problem with the chip and PIN cards is systemic. According to Saar Drimer, one of the Cambridge researchers part of the problem is that lack of an independent evaluation device´s security technology. In fact, GCHQ a govenmental and industry comprised security group confirmed it had not certified the card system technology.
ASPACS says it tested the security of the device utilizing internationally accepted standards called the "Common Criteria." Further stating that other secure devices are tested using these same standards.
The manufacturer of the terminal device, Ingenico disputed the ease in which the device can be manipulated. Stating in pertinent part, " the method ... requires specialist knowledge and has inherent technical difficulties ... and not reproducible on a large scale."
Be that as it may, ASPACS reports losses resulting from credit card fraud rose 26 percent in the first half of 2007. The monetary loss is 263.6 million GBP.
Related stories:
Interactive Conferencing: New Beta Product ConnectR By iRobot
The iRobot Corporation has expanded its technology to interactive robotic conferencing. The device is currently offered at a reduced cost for candidates in the pilot project. The testers are required to submit surveys of their experiences.
Windows Mobile 6 Update Now Available for U.S. Palm Treo 750 Customers
Palm, Inc. today announced an update to Windows Mobile 6 for Palm Treo 750 smartphone customers in the United States. Windows Mobile 6 brings increased functionality, enhanced user interface and strengthened security and performance to the Treo 750 smartphone, which is offered exclusively in the United States by AT&T. The update is available today as a free download for existing Treo 750 smartphone customers.
ASUS Announces World's First Hardware Based Real-time Overclocking Device
ASUS today introduced the new OC gear as the world's first hardware based real-time overclocking device for graphics cards. The ASUS OC gear will be bundled with the ASUS EN8600GT OC GEAR/HTDP/256M which is upgraded with -1 memory modules. With such a configuration, users can expect up to 30% enhanced overclocking performance and gaming experiences. Full support for Microsoft DirectX 10 will also allow users to experience stunning and complex special effects for their applications and games.
New For Your Wallet, Secure Credit Cards With Displays and a Button
Two security firms have crafted a fully-functional credit card with a tiny monitor and button that will issue one-time passwords. But whether any banks will offer the expensive formfactor is another question.
A medical micropump
Using material similar to bathtub caulk, University of Utah engineers invented a tiny, inexpensive "micropump" that could be used to move chemicals, blood or other samples through a card-sized medical laboratory known as a lab-on-a-chip.
Biometrics for secure mobile communications
Though security applications that verify a person's identity based on their physical attributes, such as fingerprint readers or iris scanners, have been in use for some time, biometric security has only recently started to appear in mobile phones, PDAs and notebook computers where the need for miniaturisation represents a technological challenge.
Eye-catching mobile security on its way
The mobile phone may soon be equipped with a higher level of security thanks to Leeds, United Kingdom-based technical solutions company xVista and its iris-scanning technology.
Probing Question: Is it safe to pay my bills over the Internet?
Managing your money is no easy task. While television commercials make it look easy to do all your banking online in just five minutes, on the next channel, insurance companies warn of crooks that will steal your identity and your money. What’s the deal? Is it safe to pay your bills online?