"Cambridge security researchers have discovered serious problems with how ATMs authenticate transactions, though an industry group has shrugged off the method as too complex for scammers to use."
Security researchers say they have found a vulnerability in the ubiquitous chip-and-PIN system that could effectively allow bank cards to be cloned.
In a paper (PDF) presented to a cryptography conference in Belgium on Tuesday, the University of Cambridge researchers said the flaw undermined banks' claims that the chip-and-PIN or 'EMV' system was prohibitively expensive to clone.
"We can now explain at least some of the increasing number of frauds in which victims are refused refunds by banks which claim that EMV cards cannot be cloned and that a customer involved in a dispute must therefore be mistaken or complicit," the researchers said in the paper's abstract.
The researchers said their work began after hearing of the case of a Mr Gambin, "a Maltese customer of HSBC who was refused a refund for a series of transactions that were billed to his card and which HSBC claimed must have been made with his card and PIN at an ATM in Palma, Majorca on the 29 June 2011".
Continued : http://www.zdnet.com/chip-and-pin-flaw-blamed-for-cloned-bank-cards-7000004130/
A picked pocket in Mallorca reveals crack in chip-and-PIN security
Chip and skim flaw lets crooks fake credit card transactions
Chip And Pin Flaw Uncovered By Cambridge Boffins
Chip and PIN payment card system vulnerable to "pre-play" attacks