Don’t destroy your debit card if your account is compromised

I watched a TV programme the other day “Don’t get done, get Dom” (BBC iPlayer link will expire in a few days http://www.bbc.co.uk/programmes/b01gxsjz) which delved surprisingly deep into the issues surrounding “Chip and Pin” debit cards.

When your bank account is breached or compromised by fraudsters, one of the things the banks tell you to do, is cut up your card, and cut through the chip. This, is in fact bad practice, as this chip contains transaction logs for every time the card is used. If a fraudster obtained your card information, there is at least one known way of making a copy so a fake card can be used. By destroying your card, you destroy evidence which could prove your innocence, and point to the use of a counterfeit card.

Security researchers at Cambridge University have demonstrated how it might be possible to trick the card into thinking it’s doing a chip-and-signature transaction while the terminal thinks it’s authorised by chip-and-PIN.http://www.theregister.co.uk/2010/02/12/chip_pin_security_unpicked/ This doesn’t work at ATMs(Cashpoints) but could work with counter card devices used in shops and banks.

Other vulnerabilities are discussed here http://en.wikipedia.org/wiki/EMV#Vulnerabilities

Moral of the story, don’t cut up your card.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: