Leader: Should we now doubt chip and PIN?

This week we've heard that chip and PIN payments at Shell petrol stations across the UK have been stopped. It's in reaction to news that a number of handsets were tampered with to enable the theft of around £1m from customers.

Cue doom and gloom from the doubters who've said all along that chip and PIN was always going to prove problematic. Never mind the fact that fraud has fallen since chip and PIN was introduced. Never mind the fact that nothing is going to be 100 per cent secure, especially if there is inside collusion as appears to have been the case here. 'We told you so' became a common refrain.

But is that line of debate worth following? This isn't about the wider reliability of chip and PIN, it's about the specific incident in question.

The doubters certainly aren't keen to linger on the fact that many of the fraudulent payments which were taken in this case were reportedly processed overseas. Why? Because it was easier to make transactions where chip and PIN is currently not in use - while the magnetic strip and PIN number are easily overcome hurdles, the chip poses a far sterner challenge to fraudsters.

And with credit card companies and banks being more thorough in vetting overseas payments - which anybody who has had to phone from a hotel lobby to ensure their bank they are indeed in New York, or wherever, will attest - this channel is also tightening.

Forged cards do still work in UK cash points, to cater for our US cousins and others who refuse to abandon the magnetic strip. But the stats suggest over-the-counter payments are more robustly protected by chip and PIN than by a signature, and typically present a more profitable target for fraudsters than cash point fraud.

There is blame to be apportioned here, however, because money went missing and when that happens somebody must be to blame. A spokeswoman for Shell told silicon.com that all the handsets are "fully accredited and comply with all relevant industry standards".

So that's hardly a glowing testimony for those relevant industry standards, for starters. Let's start looking at the checks and balances in place there.

Obviously the handsets weren't tamper-proof, we've been told as much, though we're also told that was an anomaly, unique to the handsets in question and not affecting others of the same design from the same manufacturer.

You may be as sceptical as we were upon hearing that - that the faulty machines should have come into contact with individuals likely to spot and exploit the fault - but while the investigation is ongoing we can only assume, as with many crimes, that criminals have seized upon the window of opportunity afforded by such an unlikely occurrence, though surely with some idea of what they were looking for.

Which brings us on to the people. The crimes here were committed by people who according to Apacs had easy access to the systems, the terminals and the working-day processes of the petrol station or stations in question.

It's likely whatever electronic system is in place an individual with the time, the access and the inclination can steal from customers. Whether it's call centre staff taking card numbers, a checkout worker in the supermarket, a waiter in a restaurant, a receptionist in a hotel or a worker in a Shell garage.

This is a problem of process, not technology and by letting this cloud our judgment of chip and PIN, which is here to stay, we're allowing ourselves to stare so hard at the scapegoat we miss the real problem.