NOT
FOOLPROOF
Shell suspended chip-and-pin payments in 600 UK
petrol stations after more than £1m was siphoned
out of customers' accounts. Sandra Quinn,
spokeswoman for the Association of Payment
Clearing Services, said, "These pin pads are
supposed to be tamper resistant, they are
supposed to shut down, so that has obviously
failed." So this so called
"foolproof" system isn't. (Source: BBC News, May/06) |
FRAUD SOARS
Plastic card fraud has soared to its highest ever
level as foreign-based criminal gangs target
British consumers. Eighteen months after chip and
PIN became compulsory, credit and debit card
fraud is up by more than a quarter.
The £263.6 million total in the first half of
the year is the highest six-month figure on
record and puts it on course to break the £505
million annual peak in 2004. The fraud is being
driven by overseas criminals who exploit security
loopholes in countries such as America, where
there is no chip and PIN system, and in France,
Italy and Thailand.
Typically Britons will have their card details or
magnetic strips copied or stolen while abroad.
Alternatively, the details are obtained in
Britain then sent abroad. (Source: Daily Mail, Oct/07) |
|
|
CHIP AND PIN
One in five people
using the new chip and pin credit and debit cards is
still signing for goods rather than using a pin number.
Retailers can refuse to accept signatures if the customer
has a chip and pin card. According to research by card
provider Visa, 20% of people are not using their pin
because they haven't memorised it.
Some shoppers blamed lack of enthusiasm from shop staff,
while others said the new system made them nervous.
Evidence suggests there are also some cardholders who are
not using the new facility because they do not believe
their banks have told them how to. Three in five
cardholders now have a chip and pin card, a new payment
system aimed at combating card fraud.
Chip and pin cards include a "smart" chip, a
better way of storing information than the existing
magnetic strips and when shoppers pay with a chip and pin
card, they are asked to enter a four-digit number instead
of signing a receipt. The aim is to switch all UK cards
to chip and pin by the end of 2005.
A leading security expert warned that new chip and pin
cards could be open to fraud. Professor Ross Anderson,
from Cambridge University, said criminals will be able to
capture card and pin data to "make up" forged
cards but the banking industry rejected his concerns and
said the system is extremely robust.
Mr Anderson said, "The sort of thing that I expect
to go wrong is that villains will set up in business with
equipment that will capture customer pins. Now we're all
being trained to use our pins at the point of sale it's a
simple matter to set up a market stall and capture card
and pin data. They can make up forged cards and use them,
for example, at cash machines."
But Sandra Quinn, who represents banks and retailers on
chip and pin cards, disagreed saying, "We don't
think they can use fake machines because the machines
themselves are engineered to read the chip so they must
be reading the chip very carefully. That makes the
transaction itself extremely secure." (Source: BBC News)
Concerns
are growing that the introduction of chip and cin is
causing serious problems for many thousands of people,
including those who have been forced to adapt now that
the Government has scrapped benefit books in favour of
payments directly into bank accounts. But most vulnerable
by far are older people who could previously cope with
signing a payment slip, but simply cannot remember their
Pin when they are in shops or post offices.
David Sinclair at Help the Aged said, "There are
about 750,000 victims of low-level dementia who will
struggle to use chip and cin. We have come across some
appalling cases where customers have been forced to leave
their shopping behind because they could not remember
their Pin. We have even heard of post offices that keep a
list behind the counter of all the Pin numbers of their
regular customers."
Help the Aged is angered by the fact that there is an
alternative, but it says the banks don't want people to
know about it. People unable to cope with chip and cin
can ask for 'chip and signature' cards that do not
require the user to remember a four-digit number.
"We would like to see an amendment to the banking
code to force banks to offer information on chip and
signature," he said.
The Post Office has also been criticised because of the
apparent inflexibility of its card account, which does
not offer a signature as an alternative to a Pin. The
Government stopped paying benefits such as pensions and
child benefit via post office benefit books and started
payments via bank accounts from April 2003. Many
customers who want to continue collecting their benefits
from their PO now rely on an account that is operated
using a chip and pin card.
Ruth Barker at the Post Office says the organisation has
consulted special interest groups such as the Disability
Rights Commission to make keypads easier to use. She
said, "We train counter staff fully at all branches
on how to help people with the chip and pin machines and
the majority of customers are very happy with the new
system."
She added, "If ever the card cannot be used, for
example when the wrong Pin has been entered accidentally,
we are able to make emergency payments of £20 a day
without the card to regular customers who are known at
the branch. We are doing everything we can to ensure that
people will be helped to use Pin pads successfully, but
those who really cannot use Pin pads will not be expected
to do so." (Source: Mail on Sunday)
Crime
gangs have cracked the chip and pin system, leaving
millions of bank accounts at risk of being
plundered. Banks and customers are powerless to prevent
the thieves helping themselves to their cash. Thousands
of accounts have already been hit by the crooks, who are
stealing codes from card readers at shop checkouts.
Anyone who uses a chip and pin card to pay for their
shopping is a potential target. Gangs are hiding devices
inside card readers to reveal customers pin
numbers.
These are emailed across the world and used to clone a
new card, which is then utilised to empty the
victims bank accounts. Andrew Goodwill, of fraud
monitoring firm 3rd Man Group, said, There is
absolutely nothing anyone can do about it. The devices
look no different to those that havent been
tampered with. The scam was revealed after a police
raid in Birmingham uncovered stolen chip and pin
terminals, account numbers and counterfeit magnetic
stripe cards.
The Dedicated Cheque and Plastic Crime Unit, which
uncovered the fraud, warned, It should be noted
that the criminals have overcome the security features of
several different manufacturers. Officers
investigating the highly organised gang with
international links have already uncovered at least 100
compromised machines. Mr Goodwill added, If people
want to be sure fraudsters wont get hold of their
data they shouldnt use their debit or credit
cards.
The security breach has been an open secret in the
industry but operating chiefs have tried to keep it quiet
to avoid spreading panic. Sandra Quinn, of the payments
association Apacs, said, They steal readers from
retailers, cracking them open, and try to recreate one
and then put it back in a shop. We have been aware that
this has been going on because police have been getting
reports that terminals are being stolen.
Shop owners said the scam could see a return to cash. The
Federation of Small Businesses said, Plastic is
very popular but now we could see a return in the
popularity of cash, which has been in decline. When
chip and pin was made compulsory in 2006, the industry
said it would slash credit card fraud. The Financial
Ombudsman Service receives around 100 cases a month about
disputed withdrawals. (Source: Daily Express, Aug/08)
|
|
|