Shell suspends chip and pin after ?1m fraud

Peter Fairbrother ukcrypto at chiark.greenend.org.uk
Wed, 10 May 2006 00:31:52 +0100 

Peter Tomlinson wrote:

> tamper-evident enclosure

There is no such thing, and especially so when the enclosure can be replaced
in toto (i know of a chap who does imitation plastic goods, extremely well -
fools the professional, never mind the man-in-the-street).

And when they come in different sizes, and the crook can fit a small real
one in what looks like the enclosure for a larger one.

Add to that the disconnection between the collection of data and the actual
fraud, which may take place months and thousands of miles apart, and we have
a recipe for disaster on a major scale.



The two main problems both lie in the basic PIN idea - first, a PIN does not
link to a person in the way a signature does, and we don't like them because
the customer loses out in terms of accountability. There must be a large
number of people who have been cheated in this sting - did the crooks keep
records? I doubt it.

Did they do a "free lunch" sting? If so then anyone in the UK who drives can
say they went into (or even may have gone into) one of those garages to
refuel, and their PIN has been exposed, and it would be very hard for anyone
to say otherwise. Almost everyone in the country's PIN may have been
exposed. It isn't Shell who pay for this, it's the banks who issued the
cards, either in bad feelings or money.

 

Second, to have even a reasonable level of security the PIN accepting
equipment must be secure, else it is easy for criminals to abtain PINs and
the magstripe data to go with it.

The banks can to some extent keep accepting equipment secure, eg for their
hole-in-the-wall machines which are under their direct control, but when PIN
accepting equipment is universally deployed it is impossible to keep the
data secure - crooks can get PINs and magstripe data, as we have seen - and
with a PIN only data is required to complete a transaction.


PINs may have worked reasonably well for ATM's, but they don't work for
everyday payments - the data simply cannot be kept secure. This is an
elementary mistake which is going to bite back, hard. It is not possible for
the man-in-the-street to reliably keep his PIN secure. Furthermore, it is
not reasonabe fot the issuers to assume that he can.

The CHIP is almost completely irrelevant here - it functions in only about
3% of the world's outlets, almost all in the UK.



I predict that UK CHIP-and-PIN cards will become the target of choice for
criminal and fraudsters, especially international operators.

With no signature to link to a human being, and the ability to get cash from
ATM dispensers rather than goods to fence, it is also easier for them to
avoid getting caught!

The other likely effect will be that UK cards will become hard or even
impossible to use abroad.



Of course the banks might withdraw the PIN and beef up the chip, that would
be sensible, but - are they sensible?


-- 
Peter Fairbrother