The payment card industry bigwigs are on the attack, after academic researchers from Cambridge University brought into question the security measures which govern the billions of pounds worth of Chip and PIN transactions carried out by UK consumers every year.
Professor Ross Anderson is leading a study into the Chip and PIN system’s potential to protect the data and finances of its users. He and his team have concluded that there is a fatal flaw, which could leave millions exposed to fraud, data loss and monetary theft.
Prof. Anderson has since stated that the payment card industry within the UK is now attempting to silence him and prevent his research from becoming more widely known, in what is a fairly serious series of accusations.
UKCA (UK Cards Association) allegedly sent a letter to Cambridge University, in which it requested that the study’s findings were not published on the internet.
The researchers found that it is possible to make purchases using a portable device even if you do not enter a PIN number which is correct.
Prof. Anderson constructed a blog post and explained in detail the way in which UKCA had attempted to prevent the publication of this damning evidence, which shows the Chip and PIN system is far from totally secure.
UKCA chair, Melanie Johnson, has been reported as saying that the researchers were acting irresponsibly in her opinion, after publishing the findings which could give criminal groups a new way of exploiting payment card users.
The main issue which security experts seem to have with Chip and PIN systems and the bodies which endorse their use, is that they are often treated as completely impenetrable. In turn, the banking sector is thought to perceive research into weaknesses in the system as necessary, but the publication of the resultant details an unhelpful conclusion to proceedings.
Prof. Anderson said that this research will be followed by further indictments from other studies, increasingly the likelihood that the payment card industry will react negatively in the future.
Reports from the Press Association, claim that the UKCA admits sending a letter to the university, but only with the intention of questioning the publication of details that explain how Chip and PIN security can be circumvented.