Thieves Crack Chip & PIN Bank Accounts

spen666
spen666 Posts: 17,709
edited August 2008 in Campaign
How safe is Chip & PIN?
Crime gangs have cracked the chip and pin system, leaving millions of British bank accounts at risk of being plundered.

Banks and customers are powerless to pre-vent the thieves helping themselves to their cash, experts warned.

Thousands of accounts have already been hit by the crooks, who are stealing codes from card readers at shop checkouts.

Anyone who uses a chip and pin card to pay for their shopping is a potential target.

Gangs are hiding devices inside card readers to reveal customers’ pin numbers.

These are emailed across the world and used to clone a new card, which is then utilised to empty the victims’ bank accounts.

The fake cards have been used as far afield as India, Pakistan, Canada and several African countries.

If people want to be sure fraudsters won’t get hold of their data they shouldn’t use their debit or credit cards
Andrew Goodwill, of fraud monitoring firm 3rd Man Group

Andrew Goodwill, of fraud monitoring firm 3rd Man Group, said: “There is absolutely nothing anyone can do about it. The devices look no different to those that haven’t been tampered with.”

The scam was revealed yesterday after a police raid in Birmingham on Monday uncovered stolen chip and pin terminals, account numbers and counterfeit magnetic stripe cards.

The Dedicated Cheque and Plastic Crime Unit, which uncovered the fraud, warned: “It should be noted that the criminals have overcome the security features of several different manufacturers.”

Officers investigating the highly organised gang with international links have already uncovered at least 100 compromised machines.

Mr Goodwill added: “If people want to be sure fraudsters won’t get hold of their data they shouldn’t use their debit or credit cards.”

The security breach has been an open secret in the industry but operating chiefs have tried to keep it quiet to avoid spreading panic.

Sandra Quinn, of the payments association Apacs, said yesterday: “They steal readers from retailers, cracking them open, and try to recreate one and then put it back in a shop.

“We have been aware that this has been going on because police have been getting reports that terminals are being stolen.”

Shop owners said the scam could see a return to cash. The Federation of Small Businesses said: “Plastic is very popular but now we could see a return in the popularity of cash, which has been in decline.”

When chip and pin was made compulsory in 2006, the industry said it would slash credit card fraud.

The Financial Ombudsman Service receives around 100 cases a month about disputed withdrawals.

The British Retail Consortium said last night: “UK retailers always take the protection of cardholder data seriously and are continuing to invest millions of pounds to enhance existing security measures.”
Want to know the Spen666 behind the posts?
Then read MY BLOG @ http://www.pebennett.com

Twittering @spen_666

Comments

  • Excerpt from the Daily Mail by any chance? :?
  • nicklouse
    nicklouse Posts: 50,675
    "Do not follow where the path may lead, Go instead where there is no path, and Leave a Trail."
    Parktools :?:SheldonBrown
  • Tom Butcher
    Tom Butcher Posts: 3,830
    How timely - just this weekend had £1420 lifted from our account for 2 payments which show up as being to B'card which isn't ours. I am assuming/hoping we get this cash back. The bank has told me it was a mail order purchase over the phone rather than chip and pin though.

    it's a hard life if you don't weaken.
  • nwallace
    nwallace Posts: 1,465
    How safe is a signature? I doubt i could ever spot a well practised forged signature.

    There was always going to be groups looking to compromise the terminals, really the spec should have required the end of mag stripe (the 2nd easiest to read place on the card your number is held, [the first being what is printed on the card]) and for the encrypted details to be transmitted to the central computer every time rather than allow local decryption to reduce operation time for "trusted cards" that way the intercept on the terminal would have had to have cracked the encryption which is a 1024bit RSA key. A key length that is causing a bit of a problem with a virus that is going round (will take a good few hundred years to crack by brute force with current processing abilities)
    Do Nellyphants count?

    Commuter: FCN 9
    Cheapo Roadie: FCN 5
    Off Road: FCN 11

    +1 when I don't get round to shaving for x days
  • don_don
    don_don Posts: 1,007
    Not sure I completely follow - surely if they 'try to recreate one then put it back in a shop' that means someone in the shop must also be complicit?

    Maybe I'll be more careful if I go to an unfamiliar shop/garage etc, but I don't think there'd be too much chance of this in my local Waitrose would there?!
  • nwallace
    nwallace Posts: 1,465
    Pretty much, the terminal must be compromised this to work.

    2 quotes:

    "The scam was revealed yesterday after a police raid in Birmingham on Monday uncovered stolen chip and pin terminals, account numbers and counterfeit magnetic stripe cards."

    “They steal readers from retailers, cracking them open, and try to recreate one and then put it back in a shop. "


    Things to note
    1) Counterfiet Magnetic Stripe cards, this means the cards are being cloned to the mag stripe not to an EMV chip.

    2) It involves stealing terminals

    Point 2 is important, if i stole a card machine I don't need to intercept the chip data all i need to is slide in a mag strip card reader and i can get the number easy.

    If you have been to an ATM recently you may notice that the card is sucked in at an uneven rate, this is known as "Jitter" this ensures that the mag stripe can not be read by a device that does not know the travel speed (it's done a lot slower than if it was reading the mag stripe).
    Do Nellyphants count?

    Commuter: FCN 9
    Cheapo Roadie: FCN 5
    Off Road: FCN 11

    +1 when I don't get round to shaving for x days
  • Brains
    Brains Posts: 1,732
    The problem of Credit fraud has been around since the middle ages (really)

    Whatever security is produced there will be a method around the problem

    As long as you keep an eye on your bank statments then very little else you can do about it.

    Bank looses, not you
  • We had an attempt to steal £1500 from our account last year, just after the wife had used the card at a Shell garage in Boston. Payment was to "Sky". The attendant was acting a bit odd, she said.
    Another try again a few months back, smaller ammounts, but noticed by checking our account online every week.
    In both cases, we got the money back from the bank/card holder.
    In neither case have we heard anything from the police. Banks don't appear to pursue these thefts, just write off the losses.
    And what's the subject got to do with any particular newspaper?
    The bottom line, is that chip & pin isn't any safer than a card on its own, especially in these days of internet/phone purchasing routes.
    Remember that you are an Englishman and thus have won first prize in the lottery of life.
  • Ambermile
    Ambermile Posts: 117
    Negative banking... stops 'em dead. I always keep my account in the red :lol:

    Arthur

    PS - is that positive banking though?
    The Beastie


    Sic itur ad astra