New Chip and PIN fraud unmasked
According to a report published in The Daily Mail by crime correspondent Charlotte Gill, thieves are now stealing the card reading machines, taking them apart and installing devices that record card numbers and PIN details. The audacious villains are then returning the terminals from whence they were appropriated.
According to Gill, detectives are expressing concerns that these devices are so sophisticated that they can actually transmit card details straight to a mobile telephone.
In addition, cards are being cloned and used in countries like the United States, Italy and Australia where cash machines don’t have to read the details contained on the microchips now embedded on cards manufactured in the UK.
Birmingham raid on ‘factory’
The fraud warning was issued after police in Birmingham arrested two men who had set up their own ‘factory’ in a house. A raid turned up stolen Chip and PIN terminals, card account numbers, readers and a host of counterfeit magnetic stripe cards. One of the ways criminals have been accessing the terminals is by applying for jobs in targeted stores. In other cases, they have been posing as engineers and demanding that shop owners let them take the terminals away for servicing or ‘upgrades’.
Specialist officers from the Cheque and Plastic Card Fraud Unit said the Birmingham operation they’ve uncovered had managed to steal card machines from 30 shops, supermarkets and petrol stations across the country. Thousands of cards had been read and cloned over many weeks.
Sandra Quinn of Apacs told The Daily Mail: “Whereas fraudsters used to put pinhole cameras above the Chip and PIN device to access the card number, they now manipulate the terminals themselves in order to access such information. The PINs are being accessed from inside the reader. We’re aware that this has been happening because police have been receiving reports that terminals are being stolen.”
Retailers ‘frightened’ into action
Experts warned last year that Chip and PIN – launched in 2006 – is not as secure as the banks claim. One team of researchers from Cambridge University said it was simple to install a doctored machine for a ‘real’ one in most retail outlets. Many retailers were frightened into action, with Shell suspending Chip and PIN payments at 400-plus garages when criminals began to target such outlets.
Gill reports that, only last week, a petrol station cashier was jailed for helping to defraud almost the entire village of Houghton-on-the-Hill in Leicestershire. Abdul Samad Mohamed Raik had cloned more than 500 debit or credit cards to steal GB pound 175,000 in a global fraud said to be driven by links to a guerrilla group in Sri Lanka. Raik was using a fake machine to copy card details.
Comment from the industry
“The gut reaction of the security industry when there’s a breach of this nature is to pile on technology fixes in a bid a put a sticking plaster over the issue. There’s always a bigger and better technology, but it’s rarely a solution as technology will inevitably get cracked,” said Stewart Hefferman, chief operating officer at Swindon-based TSSI.
“Instead, the security industry should go back to basics and examine the fundamental issue that lies at the root of the flaw,” said Hefferman.
In this instance TSSI believes that credit or debit cards should be uniquely assigned to an individual through some form of biometric identification such as fingerprinting, and then that information should be encrypted and stored on the card. “Technology for technology’s sake is rarely a solution for security breaches,” concluded Hefferman. “In the case of credit or debit cards, they need to be verified against the individual and that requires some form of biometric solution.”
New Chip and PIN fraud unmasked
According to a report published in The Daily Mail by crime correspondent Charlotte Gill, thieves are now stealing the card […]
IFSEC Insider
IFSEC Insider | Security and Fire News and Resources