Police are warning that a way has been found to hack into chip-and-pin readers to steal customers' details. Specialist police raided a counterfeit card factory in Birmingham and found equipment needed to steal details and make fake cards.

 

Chip-and-pin technology has regularly been hailed as a success in reducing card fraud on the UK High Street. Two people have been charged with conspiracy to defraud after being arrested in connection with the raid. Clone Speaking in general, Det Ch Insp John Folan, of the Dedicated Cheque and Plastic Crime Unit, said that chip-and-pin terminals that have been hacked into have been found in 30 shops in the UK.

 

He told the BBC that it was "a game of cat and mouse" between police and fraudsters, but one that was being tackled early by the authorities. Thieves can steal the card readers and install a hidden device which unscrambles the encoded information when a customer enters their personal pin number. The reader is then put back in a shop, supermarket or petrol station, sometimes with the collusion of a member of staff. Fraudsters can then use the information to create fake cards to withdraw cash in countries where chip-and-pin has yet to be introduced.

 

Apacs, the UK Payments Association, said that over the past three years losses on face-to-face transactions on the UK High Street fell from £218.8m in 2004 to £73m last year owing to the introduction of chip-and-pin. But fraud overseas increased by 77% last year to £208m, 39% of total UK card fraud. Banks throughout Europe have agreed to bring in chip-and-pin cards by 2010. Police want to hear from any retailer who has had chip-and-pin readers stolen or believe their machines have been tampered with.

 

Liability

"Customers should be assured that UK retailers always take the protection of cardholder data seriously and are continuing to invest millions of pounds to enhance existing security measures," said Jane Milne of the British Retail Consortium. Apacs says that chip-and-pin remains the safest method of payment for goods and services but was never claimed to be foolproof.

 

The Banking Code should ensure that any victims are refunded for any losses. Banks usually refund money stolen from a victim's account by fraudsters, but there is a question of liability if customers have entered, or given up, their pin number.

 

Security expert, Andrew Goodwill, from the Third Man group, said this was the first evidence of a breach of the chip-and-pin system, with the encryption of the chip having been broken. In the Birmingham raid, police discovered chip-and-pin terminals, card account numbers, a card writer and computer software. Police said that these details could be used to create fake cards "on a massive scale".  

 

Source: BBC NEWS