Major security flaw in chip and pin technology

Not sure if this has been covered on the pin: … again.html

Banks attempt to suppress maths student’s exposé of chip and pin → … 70396.html

If I was part of the card company I would offer him a high salary to come work on the team to improve chip and pin security.

Hmmm, I wonder is this connected with the “cost savings” decision of the main banks to go with the unencrypted version of the system, or does that just affect the communication from the terminals.

Blue Horseshoe

Mark did post a few days ago in the BOI systems failures thread but it’s a bit buried there and the topic is probably worthy of exposure in it’s own thread.

Links originally posted by Mark: … ublication … is-broken/

Would this be a problem in Ireland? Because the two-step here seems to be that one party is told it was verified by signature and the other party was told it was verified by PIN. But in Ireland you aren’t supposed to be able to verify by signature at all any more. Now of course there could be a world of difference between the theory and the practice. But assuming that verified-by-signature is no longer a valid verification in the Irish system we would be fine.

Of course it is possible that I am being hopelessly optimistic here.

And what if your stolen card is used outside of Ireland? :wink: