London, Dec 29 (IANS) Banks were accused of a cover-up after they tried to silence a Cambridge University scientist who exposed a fatal flaw in chip and PIN card security.
The UK Cards Association (UKCA), which represents the country’s biggest banks, objected to research that showed how a simple 20 pounds device could be used by fraudsters to buy goods without entering a valid personal identification number at the till.
Former Labour MP Melanie Johnson, former treasury minister who now works in the private sector as chairman of the UKCA, tried to stop the embarrassing research being published.
Cambridge University professor and computer scientist Ross Anderson warned the attempt to gag the scientists was ‘a nasty piece of spin-doctoring’ and ‘deeply offensive’, reports the Daily Mail.
The chip and PIN system, introduced in 2006, was intended to reduce card fraud as thieves would not be able to use stolen cards without knowing the PIN.
Scientists at Cambridge began to look for flaws in the system after card users said their cards had been stolen and their PINs used – something the banks still deny is happening.
Research student Omar Choudary described in an M.Phil research project how to build a gadget that tricks chip and PIN machines into accepting cards without a valid PIN.
The cigarette packet-sized device can be concealed up a sleeve while attached to a card. When the card is inserted into a chip and PIN machine at a till, the device uses electronics to ensure the card is accepted.
Choudary was able to buy books and CDs worth 50 pounds in Cambridge HMV, using a borrowed card and the device.
Johnson wrote to the university press office demanding that it remove all details of Choudary’s device from its website.
She said publication on the web oversteps the boundaries of what constitutes reasonable disclosure and gives too much detail on how the chip and PIN system could be overcome.
But Anderson told Johnson: ‘You seem to think that we might censor a student’s thesis – which is lawful and already in the public domain – simply because a powerful interest group finds it inconvenient.’