Bank cards industry in censorship row after student finds security flaw

A Cambridge University professor is accusing the bank cards industry of making a "very nasty attempt at censorship" over a flaw in chip and PIN technology.

The UK Cards Association, which represents the country's biggest banks, wrote to the university to try to remove the online publication of research which shows how a 20 hand-held device could be used to buy goods without entering the correct PIN.

Melanie Johnson, a former Labour Treasury Minister who now chairs the association, wrote to the university's director of communications earlier this month saying the publication "oversteps the boundaries of what constitutes responsible disclosure".

She said the paper, The Smart Card Detective, by MPhil research student Omar Choudary, "places in the public domain a blueprint for building a device which purports to exploit a loophole in the security of chip and PIN". She asked for the research to be removed.

Ross Anderson, a professor of security engineering at Cambridge University, said: "This was absolutely unacceptable. It was a very very nasty attempt at censorship."

He said exposing vulnerabilities in the system was an example of responsible disclosure.

He accused the association of trying to have a thesis censored because a powerful interest found it inconvenient.