This is great news for terminal vendors - lots of new software to write, test and charge to download!

Not so good for Visa, MasterCard et al who will presumeably have to pay for it....

If you read it you see the researchers suggest querying the terminal for the method used to authenticate the card/user.

It is done in a way that can be authenticated hence it can't be spoofed like the original attack requires.

The downside is that it probably requires new cards and certainly new backend software.

"The Cambridge researchers found a flaw that allowed them to build a device that modified and intercepted communications between a card and a point-of-sale terminal. It could fool the terminal into accepting that a PIN verification had succeeded when a PIN had not actually been entered."

It was reported on BBC News and they stated that entering 0000 would allow the payment to go through. You can enter any number and it will work, the news also called this company up and they said the flaw was already fixed a long time ago. Yet did nothing to acknowledge the fact the transaction still worked and paid for the item so it cant of been fixed.

It takes a few bits and bobs to get it working but the end of the day theives would do it because they can get anything they want with this flaw.

And so the security guys keep on trying to stay ahead of the hacking guys... and so life goes on. And they lived happy forever. The End.