The Chip and PIN card system is the latest innovation coming to your credit and debit cards.
More specifically, the modernization provides consumers a more secure card that is equipped with computer chips that are difficult to clone. This is a welcome innovation in the card security because it helps to ensure a safe method of payment.
But however robust the Chip and PIN card system might look, some hackers could still be able to find a way to compromise the system and prove its security is not perfect at all.
The security issue involves the card system’s Personal Identification Number verification capability. In the days leading up to the release of the Chip and PIN card system in the United States, the PIN verification system was compromised.
The weakness in the Chip and PIN card system was already spotted five years ago by a team of researchers at Cambridge University who published their work detailing how credit and debit cards could be theoretically hacked through the Man-in-the-Middle method.
Using this attack, hackers can pry on the connection between two ends of the communication line and replace the message in transit before it reaches the recipient. The researchers demonstrated the hack by modifying a Chip and PIN card with another chip that can be tailored and then they fixed the card to a board that connected to a laptop containing the software used for the attack.
Read also: The most popular PIN numbers to avoid
Through this method the researchers were able to enter a random series of PIN and perform transactions using a fake card.
And then just recently, a group of attackers successfully carried out the attack method and eventually got arrested. They were able to miniaturized the attack method demonstrated by the Cambridge University security researchers and targeted a single card.
The attackers used a Chip and PIN card that had a FUNcard chip soldered onto it. This type of chip is programmable and works to intercept an automated query for authentication. So when the terminal required a PIN number for verification purposes, the FUNcard chip entered a random PIN and successfully gain authorization as if no malicious activity was taking place.
European banks, credit card issuers and terminal manufacturers were quick to address the problem to protect card systems, though their U.S. counterparts have yet to make any proactive move.
Once you notice a suspicious activity with your card, cancel it immediately in coordination with your credit card issuer. Also, constantly monitor your bank statements and credit score.
