Chip and pin compromised by hackers 'within a year'

A former White House chief and US cyber security expert has expressed concerns that chip and pin payment technology could be compromised by hackers within a year.

The secure system was recently broken in a test laboratory, leading to concerns about its future viability.

Theresa Payton believes that institutions need to be thinking about the future and looking at alternative ways to protect card transactions.

With America finally rolling out chip and pin technology across the nation, fraudulent transactions could rise rapidly.

America has lagged behind European nations, which have had the payment system for more than a decade, due to disagreements between retailers, big banks and card associations such as Visa and MasterCard.

"We found in the ethical hacker labs we have been able to spoof chip and pin at the sales terminals,” Payton said.

"If we can do it in the lab, it is usually within a year that the bad guys can do it on a commoditised, scalable rate - so be ready and be thinking about what is after chip and pin. You have got about 12 months."

Payton was the first woman to serve as US President George W Bush's White House chief information officer and oversaw IT operations before becoming chief executive officer of fraud consulting firm Fortalice Solutions.

She recently alleged that international cooperation on tackling online financial fraud had improved, but was not good enough. While there is almost 100 per cent international cooperation on tackling child pornography, this has not been replicated in the financial sector she said.

"It is frustrating because we are funding terrorism every single time they get away with it," Payton added while noting that people ignored the security of the payments system at their peril.

"We need to do better at actually locking people up and shutting them down. It is getting better, but it still has so far to go. I am angry every time one dollar ends up in a bad guy's pocket."

Android Pay, a contactless payment system using smartphones, launched in the UK in May following Apple Pay which launched last year. 

Although, the technology presents another security risk separate from chip and pin, they are confined to purchases under £30, making fraudulent uses potentially less impactful on financial institutions.

Payton also was also positive about the revelations that emerged about the activities of the NSA after former employee Edward Snowden revealed thousands of classified documents in 2013.

The US government accused him of breaking his oath of secrecy and jeopardising national security, but privacy campaigners have lauded the whistleblower as a hero who acted in the public interest after he exposed intrusive state powers.

Payton said she had taken an oath and would go to the grave with most of her secrets - unlike Snowden - but admitted that his actions started an important debate.

"I don't agree with what he did and how he did it. From a compliance standpoint what he did was against the oath and against the law and he needs to work that out with the authorities.

"It did open up a dialogue that we need to continue to have around the globe which is: how do you in the name of security take the information you are collecting in droves and use it in a way that is responsible and reliable and protects the individual liberties of citizens?

"Democracy will only live if you feel that you can live your life and say what you believe without fear of retribution from government. It did start a conversation that we needed to have for a while."

Material provided by Snowden to the media alleged the US has conducted widespread and illegal surveillance of its citizens and other nations.

Recent articles

Info Message

Our sites use cookies to support some functionality, and to collect anonymous user data.

Learn more about IET cookies and how to control them