Wednesday, April 22, 2009
Don't believe the spin with chip and pin .
Not so long ago we had to sign on the dotted line when paying for shopping on a debit or credit card. Now, of course, it’s all chip and pin. Just slot your card into a handheld device, tap out your four-digit pin (personal information number) and you’re done. It’s fast, easy, and, according to the banks, far more secure than the old way. Unfortunately, the system hasn’t lived up to its promise. According to recent figures from banking industry body Apacs, card fraud hit a record high of £609.9m in 2008, 14 per cent up on 2007. Even more alarming, the figure has shot up by £182.8m – 43 per cent – since chip and pin became universal on Valentine’s Day 2006. What went wrong? Rather than acting as a deterrent, the introduction of chip and pin cards vastly opened up the opportunities for fraudsters. Previously, pins were used in the 50,000 or so bank cash machines around the country. Now they’re used on more than 900,000 tills everywhere from high street shops and supermarkets to restaurants and petrol stations.
Scammers simply had to work out a way to crack the system... and they did. Last October, Dr Joel Brenner of the US National Counter-Intelligence Executive warned that hundreds of chip and pin machines in stores and supermarkets across Europe had been tampered with, allowing details of shoppers’ bank and credit card accounts to be sent overseas to fraudsters. The details were used to take money from cardholders’ accounts. An organised crime syndicate was thought to have been behind the scam. It must have been an inside job as the machines were doctored, either when they were being built in China, or before they left the production line. Investigators call this “supply chain attack”. It needs slick engineers, too. Dr Brenner says the devices had been perfectly resealed after being taken apart and customised. “It was impossible to tell, even for somebody working at the factory, that they had been tampered with.”
From China, the doctored devices were shipped as normal to Britain, Ireland, the Netherlands, Denmark and Belgium, and were installed in many different outlets – typically with the help of an insider, such as a member of staff. Investigators from Mastercard International reportedly found doctored machines at branches of Asda and Sainsbury’s. Before the scam first came to light in early 2008, hundreds of devices in Britain and other affected countries were copying account and pin numbers from thousands of credit and debit cards. The data was transmitted via mobile phone networks to underworld boffins in Lahore, Pakistan. “White” or cloned cards were then made, which criminals used to withdraw cash and to make “card not present” payments by phone or online. The illicit transactions were always made two months or so after the original card details had been lifted, which effectively obscured the fraudsters’ “cyber-trail”.
...So there you have it, don't believe the spin with chip and pin. For the full newspaper article just click the link above. I thought the system was secure and all the chip and pin machines in use look legitimate. There is no way a customer can avoid these scams unless they go back to cold cash. I do not think that there will ever be a secure method of debit and credit card payments. All this fraud is paid for in the end by you, the customer. When a fraud is paid for by the banks, it is their account holders who take the hit. When a fraud is paid by a company, then the company's other customers pay for it in increased prices. These criminals are not robbing faceless banks and companies, they are robbing you through the knock-on cost of increased charges. But we, the law-abiding consumers, can do nothing about this fraud. Of course the banks and companies give it a lot of spin about secure payment and leave the public in the dark. They do not want you to know just how much money is lost through fraud. These banks and companies will talk about operating costs rather than money lost through fraud. It seems that business accepts a certain level of fraud that it is prepared to sweep under the carpet. It is a surprise just how large an amount they are prepared to write off each year. Of course some companies make it easier than others, like the one where you can print out your own coach travel ticket!
Not so long ago we had to sign on the dotted line when paying for shopping on a debit or credit card. Now, of course, it’s all chip and pin. Just slot your card into a handheld device, tap out your four-digit pin (personal information number) and you’re done. It’s fast, easy, and, according to the banks, far more secure than the old way. Unfortunately, the system hasn’t lived up to its promise. According to recent figures from banking industry body Apacs, card fraud hit a record high of £609.9m in 2008, 14 per cent up on 2007. Even more alarming, the figure has shot up by £182.8m – 43 per cent – since chip and pin became universal on Valentine’s Day 2006. What went wrong? Rather than acting as a deterrent, the introduction of chip and pin cards vastly opened up the opportunities for fraudsters. Previously, pins were used in the 50,000 or so bank cash machines around the country. Now they’re used on more than 900,000 tills everywhere from high street shops and supermarkets to restaurants and petrol stations.
Scammers simply had to work out a way to crack the system... and they did. Last October, Dr Joel Brenner of the US National Counter-Intelligence Executive warned that hundreds of chip and pin machines in stores and supermarkets across Europe had been tampered with, allowing details of shoppers’ bank and credit card accounts to be sent overseas to fraudsters. The details were used to take money from cardholders’ accounts. An organised crime syndicate was thought to have been behind the scam. It must have been an inside job as the machines were doctored, either when they were being built in China, or before they left the production line. Investigators call this “supply chain attack”. It needs slick engineers, too. Dr Brenner says the devices had been perfectly resealed after being taken apart and customised. “It was impossible to tell, even for somebody working at the factory, that they had been tampered with.”
From China, the doctored devices were shipped as normal to Britain, Ireland, the Netherlands, Denmark and Belgium, and were installed in many different outlets – typically with the help of an insider, such as a member of staff. Investigators from Mastercard International reportedly found doctored machines at branches of Asda and Sainsbury’s. Before the scam first came to light in early 2008, hundreds of devices in Britain and other affected countries were copying account and pin numbers from thousands of credit and debit cards. The data was transmitted via mobile phone networks to underworld boffins in Lahore, Pakistan. “White” or cloned cards were then made, which criminals used to withdraw cash and to make “card not present” payments by phone or online. The illicit transactions were always made two months or so after the original card details had been lifted, which effectively obscured the fraudsters’ “cyber-trail”.
...So there you have it, don't believe the spin with chip and pin. For the full newspaper article just click the link above. I thought the system was secure and all the chip and pin machines in use look legitimate. There is no way a customer can avoid these scams unless they go back to cold cash. I do not think that there will ever be a secure method of debit and credit card payments. All this fraud is paid for in the end by you, the customer. When a fraud is paid for by the banks, it is their account holders who take the hit. When a fraud is paid by a company, then the company's other customers pay for it in increased prices. These criminals are not robbing faceless banks and companies, they are robbing you through the knock-on cost of increased charges. But we, the law-abiding consumers, can do nothing about this fraud. Of course the banks and companies give it a lot of spin about secure payment and leave the public in the dark. They do not want you to know just how much money is lost through fraud. These banks and companies will talk about operating costs rather than money lost through fraud. It seems that business accepts a certain level of fraud that it is prepared to sweep under the carpet. It is a surprise just how large an amount they are prepared to write off each year. Of course some companies make it easier than others, like the one where you can print out your own coach travel ticket!
Subscribe to Posts [Atom]