Back in February of this year (it’s still 2010 as I write this), we posted about a BBC Newsnight report that showed how a team of researchers from Cambridge University had managed to find a flaw in the Chip & PIN system.
The flaw meant that with a special bit of kit and a stolen card, the PIN could be bypassed to allow purchases to take place, and this was demonstrated in the Cambridge University cafe.
Whilst the flaw was made public in February, banks had privately been made aware of the problem in October 2009. So in the 14 months since them, you’d think that the banks and payment processors would have been busy fixing the problem, wouldn’t you?
So far, it appears that only Barclays have fixed the problem, and there’s no word on whether there are any other plans for the other banks to sort the problem, but the UK Cards Association (UKCA), who represent the major banks and building societies, are now trying to censor the research by having it removed from public consumption on the University website.
The UKCA sent a letter to the University to ask that the thesis be removed, a request which has been turned down by the university (here’s a copy of the university’s response (PDF)).
The university have pointed out that the UKCA’s request is counter-productive, as many more people will now be made aware of the problem because of the stink of them trying to cover up the problem.
Rather than spending time and money trying to censor this report that has already been doing the rounds for over the year, the banks should be using the resources to get the problem fixed. A problem like this certainly won’t be fixed quickly, but they’ve already had a year to get to work on the problem.
Whilst it’s frustrating that the banks have taken this stance, I think we also need to be realistic about all these systems and accept that there will always be flaws, and we will forever be fixing problems, closing loopholes and gradually making better systems, even if they’re never completely flawless.
photo credit: DeclanTM
- Verifone: Square “Cutting Corners” On Card Security (March 9, 2011)
- BBC Click: Hackers Outwit Bank Security (February 3, 2012)
- Payday Loans For Students? OMG! (January 12, 2012)
- Bank Card Fraud “Our #1 Security Concern” (May 4, 2011)
- Thoughts On Today’s HSBC Outage (November 4, 2011)