Monday, October 26, 2009

Cambridge Exposes Flaw in Barclays PINSentry Device

A team from Cambridge University's Computer Lab demonstrated how they could access an account protected by Barclays' online card reader system.



Some banks, including Barclays, are giving online customers hand-held card readers - devices used to help raise security on transactions which are vulnerable to fraud because they can be carried out with card details only and do not require a PIN or signature.



The card reader gives the user a unique pin code every time it is used, allowing the consumer to assert, even from a distance, that they are in possession of the genuine card and not just the details of that card.





But the Cambridge team say that by using a fake chip and pin terminal attached to a laptop the fraudster can learn the customer's name and unique pin code.



A Video Demonstration of the Barclays Hack can be seen by clicking here...



Once they have also tricked the customer into giving out their bank membership number, the fraudster can go into the online account and make transactions. According to Steven Murdoch at the lab, this fraud is already being perpetrated. He said: "I believe this is something fraudsters are already doing, the technology has been out there and they've had time to learn how to do it."



Barclays told the BBC it did not believe this demonstration to be a plausible risk.



Read the Entire Article from the BBC Here



The full report can be seen on Inside Out in the East 1930 BBC One on 26 October .




 

Reblog this post [with Zemanta]

Disqus for ePayment News