Don’t destroy your debit card if your account is compromised

I watched a TV programme the other day “Don’t get done, get Dom” (BBC iPlayer link will expire in a few days which delved surprisingly deep into the issues surrounding “Chip and Pin” debit cards.

When your bank account is breached or compromised by fraudsters, one of the things the banks tell you to do, is cut up your card, and cut through the chip. This, is in fact bad practice, as this chip contains transaction logs for every time the card is used. If a fraudster obtained your card information, there is at least one known way of making a copy so a fake card can be used. By destroying your card, you destroy evidence which could prove your innocence, and point to the use of a counterfeit card.

Security researchers at Cambridge University have demonstrated how it might be possible to trick the card into thinking it’s doing a chip-and-signature transaction while the terminal thinks it’s authorised by chip-and-PIN. This doesn’t work at ATMs(Cashpoints) but could work with counter card devices used in shops and banks.

Other vulnerabilities are discussed here

Moral of the story, don’t cut up your card.