Chip-and-PIN security goes on trial

Court case will examine whether payment card security is as robust as banks claim

A trial that could prove to be a test case for the security of chip-and-PIN card technology starts today.

Alain Job is suing Halifax, claiming that a fraudster withdrew £2,100 from his account at cash machines despite the fact he did not lose his card and changed his PIN as soon as he received it. The bank refused to refund the money, claiming that its chip-and-PIN system is secure.

The case is the first of its kind and could set a precedent for whether or not the security of the credit card chip technology is vulnerable if it were proved Job’s card had been cloned or hacked, it could be the bank’s responsibility to pay.

Job told Computing he was optimistic about winning. “I want the opinion of a judge on this,” he said.

In the US, the burden of proof in such cases falls on banks ­ since a precedent-setting case in the 1990s they have been obliged to provide CCTV evidence of a cardholder making a withdrawal or give the money back.

But in the UK, banks can produce evidence from their computer systems to show that a withdrawal appears to have been made by a customer, said Ross Anderson, a security expert at Cambridge University.

Halifax said it was confident it would win the case.

“We will be defending the action quite strongly. This is not about the money ­it is a point of principle,” said a spokesman.