Chip-and-PIN readers can be tricked into accepting transactions without a valid personal identification number, opening the door to fraud, researchers have found.
Researchers at Cambridge University have found a fundamental flaw in the EMV--Europay, MasterCard, Visa--protocol that underlies chip-and-PIN validation for debit and credit cards.
As a consequence, a device can be created to modify and intercept communications between a card and a point-of-sale terminal, and fool the terminal into accepting that a PIN verification has succeeded.
Read more of "Chip and PIN is broken, say researchers" at ZDNet UK.