By Andy McCue, 14 August 2008 16:43
NEWS
Criminal gangs are hacking chip and PIN terminals to steal customer card transaction and PIN details.
The discovery was made by specialist card fraud police unit, the Dedicated Cheque and Plastic Crime Unit (DCPU), when it raided a sophisticated counterfeit card factory in Birmingham. Two people have been arrested and charged with conspiracy to fraud following the raid.
When police raided the premises they found stolen chip and PIN terminals, card account numbers, a card reader/writer, computer software and fake magnetic stripe cards.
According to police the tampered chip and PIN terminals are installed in retail outlets and petrol stations either by someone working on the inside or by threatening staff. The criminals are then able to steal card details and PIN numbers.
These are then used to create fake magnetic stripe cards containing the stolen card details, which can be used to withdraw money from cash machines or pay for goods in shops in countries that have yet to roll out chip and PIN technology.
This type of fraud increased by 77 per cent last year to £207.6m, according to figures from UK payment industry body Apacs.
Detective chief inspector John Folan, who heads up the DCPU, said in a statement: "These arrests are a significant development in our fight against the organised criminal gangs responsible for this type of fraud. To date, compromised chip and PIN terminals have been found in less than 30 retail outlets throughout the UK. Together with the banking and retail industries we are working to ensure this figure is minimised."
Jane Milne, British Retail Consortium (BRC) director of business environment, added in a statement: "Customers should be assured that UK retailers always take the protection of cardholder data seriously and are continuing to invest millions of pounds to enhance existing security measures. BRC members have been working closely with the police and Apacs to further their investigations and minimise any impact on customers."
Comments
There are 5 comments. Join the discussion
1. anonymous
If the card industry can't assure PIN never mind Chip integrity, how can they ever hold anyone liable for PIN based fraud?
2. Jeremy Wickins
A signature was always better. PINs, especially 4-digit ones are utter bo... er, rubbish!
3. Simon
"Criminals adapt to change"
In other news, day follows night, Pope still Catholic !
It beggars belief that people ever thought that this might not happen - it is such an obvious thing to do, and apparently fairly trivial thanks to underlying gaps in the security model.
4. bharatgoyal
Plastic money brings convenience to customers and convenience to robbers
5. anonymous
It's not the length of the PIN that's the problem. The encryption protecting the information has been compromised so the length of the PIN is immaterial.
I fear it was a case of 'when' this happened rather than 'if' but it concerns me that this has happened so early in the life of this method.