[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated:  Wednesday, 26 February, 2003, 07:01 GMT
Concern over pin number fraud study
By Nic Rigby
BBC News Online

Cashpoint machine
The study suggests faults in pin number security
A corrupt bank employee can discover your debit card pin number after just 15 attempts, according to a study by computer scientists in Cambridge.

The revelation has led to calls for banks to tighten up their security systems.

John McFall MP, chairman of the House of Commons treasury committee, told BBC News Online that if the study is correct the banks need to take action.

"If this research indicates the banks need to do more it is an issue that they should take seriously irrespective of resources," he said.

Flaw in pin numbers

The concern over pin numbers comes as a trial takes place in South Africa over the withdrawal of £65,000 in cash from machines in 190 separate transactions, using a copy of a card.

Cambridge University researchers Ross Anderson and Mike Bond, who have been called as expert witnesses in the trial, believe they have discovered a flaw in the way pin numbers are generated.

We are not blasť about it, but we have good systems in place to stop this
Sandra Quinn, Association for Payment Clearing Services

Mr Bond told BBC News Online that pin numbers can be discovered because they are not chosen randomly, but based on a complex mathematical formula derived from the customer's account number.

Using a simple computer programme and mathematical tables, he was able to discover the four pin numbers after on average 15 guesses.

He said the Government should look at whether more regulation was needed to protect accounts.

'Pressure on banks'

"In the longer term there should be more interest from Government regulators on this issue," he said.

"Banks have not shown any interest in upgrading the system for choosing pin numbers."

Cashpoint machines generic
Banks believe it is "highly unlikely" security would be breached

He thinks people concerned about the safety of their money should "put pressure on their banks to tell you what they are doing to ensure the pin numbers are safe".

"If you really feel you are at risk, you should spread your money across several banks," he said.

But fears raised by this new study are unjustified according to the British banking industry.

Sandra Quinn, of the Association for Payment Clearing Services, said banks are aware of the issues raised by the Cambridge study.

Laboratory environment

"I think it shows a clever mechanical security programme in a laboratory environment," she said.

"But all banks will have their own security with trusted personnel."

She said it was "highly unlikely" that in a real bank environment the pin number security would be breached.

Ms Quinn added: "We are not blasť about it, but we have good systems in place to stop this."

She said that pin number fraud by dishonest employees was less of a concern than thieves looking over people's shoulders to discover their pin number.

Cash machines to offer more
12 Sep 02 |  Technology
Cash machine charges slammed
25 Feb 00 |  Business

The BBC is not responsible for the content of external internet sites


News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia
UK | Business | Entertainment | Science/Nature | Technology | Health
Have Your Say | In Pictures | Week at a Glance | Country Profiles | In Depth | Programmes
Americas Africa Europe Middle East South Asia Asia Pacific