In this first of a two or three part instalment. In them Laurent Simon and I comment on our impressions of David Birch’s Tomorrow’s Transactions Forum, which we attended thanks to Dave’s generosity. NOTE: Although written in first person, what follows results from a combination of Laurent’s and my notes. This was a two day … Continue reading Current issues in payments (part 1)
Today, the UK Cards Association (UKCA) published their summary of bank fraud for 2012. This provides an important insight into banking fraud, and the level of detail which the UK banks provide is very welcome. The UKCA figures go back to 2007, but I’ve collected the figures from previous releases going back to 2004. This … Continue reading UK bank fraud up by 11% in 2012, but how much do customers lose?
I was a guest the annual meeting of the European branch of ATM Industry Association. This was a two day event in London (May 22–23, 2012). I was there thanks to Tom Harper, founder of ATM Marketplace, that is, a B2B website for ancillary cash machine equipment (established circa 1997). Although my interest was to … Continue reading European ATM Conference & the Cashless Society
Information is often an important asset and today’s information is commonly stored as digital data (bytes). We store this data in our computers local hard disks and in our laptops disks. Many organisations wish to keep the data stored in their computers and laptops confidential. Therefore a natural desire is that a stolen disk or … Continue reading Three Paper Thursday: full disk encryption
Every Christmas we give our friends in the banking industry a wee present. Sometimes it’s the responsible disclosure of a vulnerability, which we publish the following February: 2007’s was PED certification, 2008’s was CAP while in 2009 we told the banking industry of the No-PIN attack. This year too we have some goodies in the … Continue reading Bankers’ Christmas present
The bankers’ trade association has written to Cambridge University asking for the MPhil thesis of one of our research students, Omar Choudary, to be taken offline. They complain it contains too much detail of our No-PIN attack on Chip-and-PIN and thus “breaches the boundary of responsible disclosure”; they also complain about Omar’s post on the … Continue reading A Merry Christmas to all Bankers
In the very first paper I wrote on ATM fraud, Why Cryptosystems Fail, the very first example I gave of a fraud came from the case R v Moon at Hastings Crown Court in February 1992. Mr Moon was a teller at the TSB who noticed that address changes weren’t audited. He found a customer … Continue reading An old scam still works
Steven Murdoch, Saar Drimer, Mike Bond and I have just won the IEEE Security and Privacy Symposium’s Best Practical Paper award for our paper Chip and PIN is Broken. This was an unexpected pleasure, given the very strong competition this year (especially from this paper). We won this award once before, in 2008, for a … Continue reading IEEE best paper award
I’ve written enough over the years about people who tried and failed to get money back from banks after seeing transactions on their accounts that they did not recognise. Now I’ve had to go through the process myself. I got a refund from the NatWest after a dodgy debit appeared on the credit card my … Continue reading How to get money back from a bank
The annual Cambridge Science Festival is running during 8–21 March, where there are over 150 talks, demonstrations and other events, open to the public. On Saturday 13th March (16:00–16:45), I will be talking about my recent work on Chip and PIN security. In the same session, there will also be presentations from Leila Luheshi on … Continue reading Cambridge Science Festival: Science research now!