How PINs are Highly Insecure when Making Payments

Welcome to our 5-part blog series on why to Bin the Pin. In this first post, Henrik Knudtzon, Chief Financial Officer at IDEX Biometrics explains how PINs are highly insecure when making payments.

No matter how much the financial institutions buckle down to fight the challenges of payment security, it often becomes difficult to outsmart the payment card scammers. They will always come up with ingenious techniques and add to the increasing number of payment card fraud cases. Hacking Personal Identification Numbers (PINs) of users is one of the topmost activities on the hitlist of the payment fraudsters. How do they do it and what do you need to be aware of?

Payment card skimming
We often come across news reports of ATM transaction fraudulence and card skimming is one of the major reasons behind this. This involves the installation of a card skimming device in the ATM machine to capture all of the card details including the PIN from the strip of the card. Fraudsters can then replicate the card to use it for subsequently withdrawing money.

Chip switching trick
Researchers have confirmed the use of seamless chip-switching techniques underpinned by a slip of plastic which is duplicated with a regular credit card. With further investigation, it was found that criminals have modified stolen cards to insert another chip inside them which is capable of replicating the PIN sent to a Point of Sale (POS) terminal.

Man-in-the-middle attack
Remember how a squad of cyber swindlers in the UK embezzled their way to raking in about €6 million by hacking mid-sized and big European companies? They gained access to corporate credentials and requested the customers concerned to make payments to bank accounts. This was an act of a man-in-the-middle attack which is still practised in many countries. This basically happens when a middleman is involved in intercepting the information exchanged between two systems. This can happen in many forms online such as email, Wi-Fi, internet surfing, social media, etc. So next time you use your PIN for any type of online communication, you can’t rule out the chances of identity theft.

Keypad jamming
This trick involves jamming the ‘Enter’ and ‘cancel’ buttons with glue or by inserting a small pin at the edge of the buttons. Once the customer enters the PIN after pressing enter/OK the transaction does not go through making it look as if the machine is not working. Most of the time the customer leaves and the fraudster removes the glue or pin from the machine immediately to make progress with the cash withdrawal process.

So what’s the solution?
After successful trials, tech experts have come up with a sure-fire solution called Biometric Identification. This involves the use of the user’s physical attributes such as fingerprint recognition every time a payment is made. The good news is that IDEX Biometrics, a leading fingerprint sensor systems provider, has already joined forces with financial giants such as Mastercard for promoting a foolproof customer identification system across the world.

Learn more about this leading-edge technology here.

Our next post in the Bin the Pin series will look at payment security and biometrics vs. the PIN.