Submission + - Chip and PIN Payment Card System Vulnerable to Attacks (net-security.org)
An anonymous reader writes: The chip and PIN system employed by most European and Asian banks is definitely more secure than the magnetic strip one, but it doesn't mean that it doesn't have its flaws. It can routinely be misused via ATM or POS skimmers and cameras recording PIN numbers as they are entered by card owners, but there are other ways as well. A team of Cambridge University researchers has recently discovered that a flaw in the way that the algorithms for generating unique numbers for each ATM or POS transaction are implemented makes it possible for attackers to authorize illegal transactions without ever having to clone the customers' card. "The UN (unique number) appears to consist of a 17 bit fixed value and the low 15 bits are simply a counter that is incremented every few milliseconds, cycling every three minutes," they discovered.