Chip and Pin protection cracked like a rotten foreign egg

Davey Winder
Thursday, 14 August 2008 15:10

Your IT - Home IT

As the chip on your card is accessed by the reader for the real transaction taking place, the concealed device also logs all the data including the PIN number as it is entered. When the device is later removed, all that data can be harvested.

The simplest way of doing this is to simply transfer it onto individual blank magnetic strip cards. Much cheaper and easier than complex Chip and Pin cards.

And while these cards can be used overseas to withdraw cash from ATMs, there is little incentive to even bother looking elsewhere.

The DCPCU raid on premises in Edgbaston, Birmingham, revealed stolen Chip and Pin terminals and card readers, cloned magnetic strip cards, dedicated computer software for cloning, and numerous cloned card account numbers.

Jane Milne of the British Retail Consortium said "Customers should be assured that UK retailers always take the protection of cardholder data seriously and are continuing to invest millions of pounds to enhance existing security measures."

While the head of the DCPCU, Detective Inspector John Folan, added “We are sending a very clear warning to fraudsters that these crimes will not be tolerated, and that we will continue to target them and disrupt their fraudulent activity."

Two people have been formally charged in relation to the raid, with conspiracy to defraud.