By Dan Ilett, 7 February 2006 12:15
NEWS
A Friday night drinking session had certainly not cost £500, Richard Wolfe thought when he opened his bank statement.
But his statement showed a big withdrawal from his bank account shortly after he'd been to a cash machine that weekend.
"It's really weird," said Wolfe who works for a London PR company. "I went to use a cash machine, put my card in and it jammed in the machine.
"I thought someone was trying to clone it but the machine said it couldn't read the card and spat it out."
It seems that someone had "skimmed" Wolfe's card by placing a cloning device on the cash machine, stealing the details from the magnetic stripe on the card as it was placed inside.
And while his bank, eventually refunded him the £500, he is still surprised that with chip and PIN technology in use this still happened.
"The fact [fraudsters] can use a chip and PIN card in a cash machine is quite amazing," he said.
Retailers are racing to get their tills chip and PIN compliant by 14 February. From that day on, if a non-chip and PIN card is used and the transaction turns out to be fraudulent then the retailer will have to swallow the cost, rather than the bank.
Figures from banking industry body Apacs suggest 99 per cent of all cardholders have at least one chip and PIN card and 2.85 billion PIN-verified transactions took place in 2005.Statistics released from the group suggest that cash machine fraud has fallen by 22 per cent since chip and PIN was introduced last year and counterfeit, lost and stolen card fraud has fallen by 29 per cent (£36m).
So chip and PIN has made it tougher to rip off retailers - but it won't kill off all card fraud.
Martin McMillan, CEO of Level Four, a company that builds software and testing tools for ATMs, said: "Skimming is an altogether different but related problem."
"If you were to have a chip-only card, skimming would disappear. If you make it harder to commit fraud at the point of sale, it will migrate," he said. "As long as you have a magnetic strip on the back of the card, it will be susceptible to skimming," he added.
A spokeswoman for Apacs said: "What we've never said is that it will cut all card fraud. Part of the business case for it is [that without chip and PIN] card fraud would have been £800m by the end of 2005. It was £500m by the end of 2004 but now it's less."
According to the spokeswoman, because the US has yet to roll out chip and PIN - and still relies on magnetic stripe technology - the likelihood is that card fraud will move to the US, or cloned US cards will move to the UK.
"The magnetic stripe has to be there or you can't use the card abroad," she said. "Cards are international. Where's [fraud] going to go? It's going to America. But the majority of the world is going to chip and PIN so that will cut down the options."
David Porter, head of security for security and risk at consultancy Detica added: "For the foreseeable future cards will have the magnetic strip." "It's going to be harder to counterfeit a chip and PIN card. Chip and Pin will cut down certain areas [of fraud] but it won't win the war. More In Focus:- Cheat sheet: Chip and PIN
- Leader: Keeping ahead of the fraudsters
Comments
There are 9 comments. Join the discussion
1. anonymous
""According to the spokeswoman, because the US has yet to roll out chip and PIN - and still relies on magnetic stripe technology - the likelihood is that card fraud will move to the US, or cloned US cards will move to the UK.""
Or cloned UK cards with PINs will be used at not only at cash machines in the UK, but in the USA and throughout the rest of the world. We are the first country to use Chip and PIN with debit AND credit cards.
No it's Chip & Signature Credit cards for me. Safer, no liability shift (to the cardholder), I won't be locked out or embarrassed when buying goods because I've forgotten which PIN is for which card. I've took the card peoples advice and only used one PIN for one card and that's how it is staying.
2. anonymous
why not offer people the option of having a chip only card, with no magnetic strip? I have plenty of cards, but i only use one of them abroad, so why not let me have all the others as chip only, to be used in this country.
3. anonymous
Chip and pin is fine but at some garages you only have to put your card in not your number and this is also the case at Tescos who have introduced no cashiers but you put your shopping through your self. This means that there is no check on the card straight away. Therefore if your card is stolen £55 pounds worth of fuel can be taken and any amount of goods and no-one knows until the card holder recieves there statement
4. anonymous
If you're sure you won't need the magnetic stripe (ever), just erase it with a magnet ;-)
Skimming a blank track won't net them much info.
5. Kevin Fitzgerald
The security of chip & pin cards could be enhanced dramatically by introducing two different PIN numbers for the same card. One to be used where the chip and pin technollogy is available & one to be used when only swipe technology is available. If all UK bank ATMS had chip & pin technology it would be impossible to skim the swipe number at a UK ATM?
6. Alan Stephenson-Brown
With so much noise currently being made around Chip and PIN and the worries for consumers, there are also concerns for the retailer, especially those in the mid-tier. Small, independent retailers have received help from the banks and large national chains have significantly more resource to cope with the technology impact of Chip and PIN. The Valentine’s Day deadline will impact retailers of all sizes at a time when they can ill-afford to lose custom.
Technology, however, should not be the stumbling block or the scapegoat in the retail chain when pre-accredited Chip and PIN solutions are available that integrate with a retailer’s existing hardware and software.
Integration is absolutely vital to a successful Chip and PIN implementation and retailers must not forget their communications infrastructure in this. How transactions are processed, whether it’s over broadband, dial up or ISDN will determine whether transaction times are actually reduced. A chip card has to transmit significantly more data than a magnetic stripe card. On dial up/ISDN, for example, transaction processing times could take up to 30 seconds. Compare that to less than five seconds using a broadband connection and the service difference is immediate, tangible and better for both staff and customers.
Alan Stephenson-Brown
Transaction Network Services
7. Nick Pringle
Although all retailers will be chip and pin by Feb 14th the banks have yet to catch up. I have placed a small piece of selotape over the chip on my HSBC First Direct cash card, so disabling the chip function. I have yet to find an ATM that will not dispense cash. It seems that the banks have not updated their cash machines! Try it yourself.
We rarely used to use our PINs but now we use them several times a day often in situations that have CCTV, notably on PIN pads that have little or no cover over the key pad.
I think we are more vulnerable now!
I bet the banks don't include this type of activity in their 'reduced' fraud figures.
8. martyn
Actually all retailers will not be chip and pin enabled by the magic date including some very large chains.
Makes you wonder how much of the problem is hype as the retailers not comliant by that time will have the liability for fraud transferred to them
9. Rajiv
Why not have system where its not necessary to share your card details with anyone?
Why not use cell phones as mode of payments or mode to make transactions from ATMs or any other merchants?
That would be much safer anyways instead of having any number of chips or pins on the card which evntually will go into the ATM machine and that can be interpreted.