Ross Andersson gets prime time on BBC Inside Out

It was during FC’09 that Ross Andersson and his team at Cambridge University released a research paper that presented some of the vulnerabilities using CAP (I wrote about this earlier). Yesterday BBC Inside Out released a news report based on this report showing how it’s possible to intercept and steal cryptographic information from a cardholder when shopping, and then use this to login and steal money from that persons bank account. Even though the type of attack is achievable, it simply won’t be an issue, as it’s not that easy to get hold of the cardholders ebanking usersname.

This shows a classical fear sell, that every POS-terminal eventually will be tampered with, but introducing security tokens for ebanking and ecommerece have in practical terms significantly reduced the fraud. The fact that the banks have put a chip on the card is already making life more secure for the cardholder, and the same evolution will happen when doing ebanking, using technologies like Todos Dynamic Signatures or alike, which does transaction authentication, based on risk, instead of authenticating the user.


~ by petergullberg on October 27, 2009.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: