Thursday, February 11
Chip and PIN Vulnerabilities Documented
There is a significant research document that's been published publicly on some issues related to the new Chip and PIN standard. Looks like the vulnerability is associated with a lack of coordination between each of the organizations involved.
The attack although sophisticated is easily used by individual's with no technical understanding of the attack simply a "wedge" inserted between the card and the POS device.
Considering that these cards are all being migrated to by Canada's largest card issuers, this is a big issue. I have not yet confirmed that this affects chip and pin cards issued in Canada.
Link to press release-http://www.cl.cam.ac.uk/research/security/banking/nopin/press-release.html
Link to technical paper-http://www.cl.cam.ac.uk/research/security/projects/banking/nopin/oakland10chipbroken.pdf