Security Flaw Discovered in Chip-and-PIN Cards

Security Flaw Discovered in Chip-and-PIN Cards

November 12, 2014         Written By Bill Hardekopf

Just when consumers thought their credit cards would be more secure, new research from Newcastle University uncovered a security flaw in chip-and-PIN cards that could lead to a $1 million unauthorized transaction.

The issue comes from the contactless function in the credit card system used in the United Kingdom. The system will not recognize transactions made in currencies from other countries, so it can be tricked to approve any transaction up to $999,999.99 in value. Transactions made in other currencies do not require a PIN for approval. Find a retail outlet where foreign currencies are regularly used, and a thief could make countless fraudulent transactions.

The contactless system also allows criminals to pull data from the cards without actually swiping them.

“With just a mobile phone we created a POS terminal that could read a card through a wallet,” Martin Emms, lead researcher of the project, said in a statement. “All the checks are carried out on the card rather than the terminal so at the point of transaction, there is nothing to raise suspicions. By pre-setting the amount you want to transfer, you can bump your mobile against someone’s pocket or swipe your phone over a wallet left on a table and approve a transaction.”

The researchers presented their findings last week at the ACM Conference on Computer and Communications Security in Arizona.

The information contained within this article was accurate as of November 12, 2014. For up-to-date information on any of the terms, cards or offers mentioned above, visit the issuer's website. Many of the offers on this article are from our affiliate partners, and may be compensated if you take action with any of our affiliate partners.


About Bill Hardekopf

Bill Hardekopf is the CEO of and covers the credit card industry from all perspectives. Bill has been involved with personal finance for over 15 years. He is a frequent contributor to Forbes, The Street and The Christian Science Monitor.
View all posts by Bill Hardekopf