Chip and Pin has reduced payment card fraud in the UK by £145.8 million to 'just' £73 million in the three years since it was introduced. It has also driven overseas card fraud through the roof: up 77 percent in the past year alone. News of a new criminal exploit could push that figure even higher...
The Dedicated Chip and Plastic Crime Unit (DCPCU) does not have quite the same magnetic attraction as, say, the Flying Squad of old or even the more modern High Tech Crime Unit. Yet this team of specialist police are actively protecting UK citizens from those organised gangs who would clone our credit cards and siphon off our funds.
Perhaps the most important bit of that previous paragraph was use of the term 'magnetic attraction' as this really is at the heart of the latest attempt to bypass Chip and Pin credit card protection.
While Chip and Pin remains pretty much the safest method of making a credit card transaction, until the whole world jumps off the sinking magnetic strip card ship there will always be a risk of fraud.
Even to Chip and Pin card users it now seems.
Although banks covering most of Europe have agreed to introduce Chip and Pin cards by 2010, that still leaves an 18 month window of opportunity for criminals to exploit the insecurity of magnetic strip cards.
In fact, the window of opportunity is wide open as the USA appears to have no plans to move to Chip and Pin at all.
Which will be good news for the organised gangs which are now targeting petrol stations in the UK for card skimming attacks on Chip and Pin readers. The DCPCU successfully raided an alleged card fraud factory in Birmingham earlier this week.
The Birmingham gang had managed to conceal card skimming devices inside the Chip and Pin readers at a total of 30 retail checkouts, mainly in petrol stations. These work like all card skimming scams of old.
As the chip on your card is accessed by the reader for the real transaction taking place, the concealed device also logs all the data including the PIN number as it is entered. When the device is later removed, all that data can be harvested.
The simplest way of doing this is to simply transfer it onto individual blank magnetic strip cards. Much cheaper and easier than complex Chip and Pin cards.
And while these cards can be used overseas to withdraw cash from ATMs, there is little incentive to even bother looking elsewhere.
The DCPCU raid on premises in Edgbaston, Birmingham, revealed stolen Chip and Pin terminals and card readers, cloned magnetic strip cards, dedicated computer software for cloning, and numerous cloned card account numbers.
Jane Milne of the British Retail Consortium said "Customers should be assured that UK retailers always take the protection of cardholder data seriously and are continuing to invest millions of pounds to enhance existing security measures."
While the head of the DCPCU, Detective Inspector John Folan, added “We are sending a very clear warning to fraudsters that these crimes will not be tolerated, and that we will continue to target them and disrupt their fraudulent activity."
Two people have been formally charged in relation to the raid, with conspiracy to defraud.
by Davey Winder
No comments:
Post a Comment