While Chip and Pin remains pretty much the safest method of making a credit card transaction, until the whole world jumps off the sinking magnetic strip card ship there will always be a risk of fraud.
Even to Chip and Pin card users it now seems.
Although banks covering most of Europe have agreed to introduce Chip and Pin cards by 2010, that still leaves an 18 month window of opportunity for criminals to exploit the insecurity of magnetic strip cards.
In fact, the window of opportunity is wide open as the USA appears to have no plans to move to Chip and Pin at all.
Which will be good news for the organised gangs which are now targeting petrol stations in the UK for card skimming attacks on Chip and Pin readers. The DCPCU successfully raided an alleged card fraud factory in Birmingham earlier this week.
The Birmingham gang had managed to conceal card skimming devices inside the Chip and Pin readers at a total of 30 retail checkouts, mainly in petrol stations. These work like all card skimming scams of old.
But why bother, when all card transactions in the UK are now done via Chip and Pin? That's where the overseas connection comes in. More, including comment from Detective Inspector John Folan, head of the DCPCU, on page 2...
As the chip on your card is accessed by the reader for the real transaction taking place, the concealed device also logs all the data including the PIN number as it is entered. When the device is later removed, all that data can be harvested.
And while these cards can be used overseas to withdraw cash from ATMs, there is little incentive to even bother looking elsewhere.
The DCPCU raid on premises in Edgbaston, Birmingham, revealed stolen Chip and Pin terminals and card readers, cloned magnetic strip cards, dedicated computer software for cloning, and numerous cloned card account numbers.
Jane Milne of the British Retail Consortium said "Customers should be assured that UK retailers always take the protection of cardholder data seriously and are continuing to invest millions of pounds to enhance existing security measures."
While the head of the DCPCU, Detective Inspector John Folan, added “We are sending a very clear warning to fraudsters that these crimes will not be tolerated, and that we will continue to target them and disrupt their fraudulent activity."
Two people have been formally charged in relation to the raid, with conspiracy to defraud.