Beat the Chip & PIN security scare

A flaw in the Chip and PIN security system that protects our credit and debit cards has been uncovered - which allows thieves to make purchases and withdrawals without being identified. We uncover the latest security scare - and show you how to stay safe.

A fatal flaw in the Chip and PIN security system that protects the 66 million debit and credit cards in the UK has been uncovered by researchers at Cambridge University. The loophole means stolen cards can be used in shop terminals and bank cash machines without needing to key in a specific four-digit security number.

The Cambridge scientists found that it is possible to attach a small chip to the back of a typical card that can bypass security measures within Chip and PIN terminals. This chip can be controlled by a small transmitter bought from any high street electronics shop allowing the user to insert any four random numbers. The chip on the back of the card overrides the terminal to approve the transaction. 

The loophole uncovered is serious - but there is as yet no proof that criminals have been exploiting it. Since Chip and PIN was introduced on Valentine's Day 2006 fraudulent losses on high street transactions on the UK have actually fallen dramatically - in 2004 total losses were nearly £220m. Last year, in contrast, they were just £98.5m. 

Nonetheless, overall fraud trends are rising - annual figures released this month from watchdog CIFAS show a 9% rise in fraud overall and a huge 32% surge in identity fraud over the course of 2009.

So, are you at immediate risk? Not necessarily - it's worth remembering that it's usually quite difficult for thieves to raid your current and credit card accounts - even if they have details such as your bank account number, sort code, address or date of birth - as extra layers of security are always needed.  

Even so, it still pays to be vigilant. Fortunately, there is action you can take to stay safe.

Practical ways to stay safe

The most important - and very simple step - to keep safe from fraud is simply to know what's happening to your account at all times.  Sign up for online banking at lovemoney.com and check all your accounts with one log-in, daily - it's a simple two-minute habit that will help you budget more efficiently, as well as keeping your money safe.

If you notice any fraudulent withdrawals or purchases on your account, notify your bank immediately. Fraudulent transactions can appear on your statement without your card having left your possession. There have been a growing number of cases with banks refusing fraud refunds, citing negligence on the account holder's part - rapid reporting of suspicious transactions can help ensure you get a refund. 

To ensure you're never at risk, it's also worth checking your credit report. Suspicious activity can remain undetected for months - your account may have been checked out even if no funds were taken. This could do damage to your credit status - fortunately, you can check your credit report for free with a trial of an Experian credit-checking service.

It's also worth regularly changing your Personal Identification Numbers (PIN) and telephone or internet banking passwords regularly - particularly if you've used, for example, your child's name or your date of birth. Never write any of your security details down and when tapping your PIN in at the cash machine, keep your transaction safe from prying eyes - even this unsophisticated "shoulder surfing" can still yield opportunities for fraudsters.

Beat online security threats

Perhaps the other vital measure to protect your cards is to ensure that your financial details are safe from online fraudsters. Again, this isn't difficult but just requires getting into a few good habits.

First of all, make sure your PC's anti-virus and firewall software is up to date - you can find free protection from a number of sources, including Microsoft's Security Essentials suite. It provides full anti-virus protection, as well as malware detection and removal.

A powerful free alternative is the Avast anti-virus package - unlike with the Microsoft package, anti-spyware software to help detect dormant malicious code is built-in and it too offers automatic regular updates.

This should provide most of the protection you'll need to shop and bank online with confidence - but you'll still need to adopt a couple of good habits. First of all, know how to spot danger signs when shopping on the internet - fortunately, it's easy to spot bogus websites that could see your card details fall into the wrong hands.

When it's time to make a transaction, look for a small padlock in the right-hand corner of your browser (top right for Apple users). This shows that the security of the website is verified by a third-party security agency. Also, note that the beginning of the web-address will start "https:" rather than "http" - the 's' stands for secure. In most up-to-date browsers, the address bar will change colour to signify that you are on a secure server.

And finally, NEVER respond to an unsolicited email - even if it looks like it comes from your bank or an official retailer. One giveaway is slightly misspelt company names in the email or URL - e.g 'Barcclays' instead of Barclays.

Do I need to pay for ID fraud protection?

Many banks are now offering "identity theft protection" products that protect your account fraud - typically charging £6.95 or more a month.  Yet if you follow the steps outlined above, you don't need to pay for peace of mind. To repeat, you will be refunded any money stolen from your account as a result of identity theft, provided you have not been negligent.

Watch our video The Scams That Make You Shiver to discover more ways the fraudsters try to get us to part with our cash, and head to our Q&A section to get the answers to your fraud questions.

Comments


Be the first to comment

Do you want to comment on this article? You need to be signed in for this feature

Copyright © lovemoney.com All rights reserved.

 

loveMONEY.com Financial Services Limited is authorised and regulated by the Financial Conduct Authority (FCA) with Firm Reference Number (FRN): 479153.

loveMONEY.com is a company registered in England & Wales (Company Number: 7406028) with its registered address at First Floor Ridgeland House, 15 Carfax, Horsham, West Sussex, RH12 1DY, United Kingdom. loveMONEY.com Limited operates under the trading name of loveMONEY.com Financial Services Limited. We operate as a credit broker for consumer credit and do not lend directly. Our company maintains relationships with various affiliates and lenders, which we may promote within our editorial content in emails and on featured partner pages through affiliate links. Please note, that we may receive commission payments from some of the product and service providers featured on our website. In line with Consumer Duty regulations, we assess our partners to ensure they offer fair value, are transparent, and cater to the needs of all customers, including vulnerable groups. We continuously review our practices to ensure compliance with these standards. While we make every effort to ensure the accuracy and currency of our editorial content, users should independently verify information with their chosen product or service provider. This can be done by reviewing the product landing page information and the terms and conditions associated with the product. If you are uncertain whether a product is suitable, we strongly recommend seeking advice from a regulated independent financial advisor before applying for the products.