RE: Shell suspends chip and pin after £1m fraud

[Richard Clayton]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <C6F343320DAC194BA010FD66AD4936230D74AD@home.usermgmt.local>,
David Biggins <David_Biggins@usermgmt.com> writes

>Looks like they successfully tampered with the "tamper-proof" terminals: 

in the article you quote Ms Quinn says "tamper resistant" which is at
least achievable if you spend enough money ....

... the terminals may or may not be "tamper evident" but without
training the public what to look for, that's probably not very helpful

>http://publicservices.pipex.com/Pipex/News/Story_Page/0,13319,5337_1206517,00.ht
>ml
>
>Interesting that such a breach of a core aspect of the system's security can 
>occur and yet APACS remain confident that it is not a systemic issue.

I think it's significant that Shell has shut down ALL of their chip and
pin systems (with consequent costs to them as the merchant should other
types of fraud occur) -- suggesting either that the "hack" was done over
a network, or that it is not especially easy to check if a particular
machine has been compromised or not.

However, as Ross indicates, we may need to wait for the trial and (these
days almost inevitable) subsequent fly-on-the-wall TV documentary to
find out :)

- -- 
richard                                                   Richard Clayton

Those who would give up essential Liberty, to purchase a little temporary 
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBRGBtOZoAxkTY1oPiEQJMXACfdD7x9azFK4BlDaE1NxTCcG2IXGgAmwf7
9ivx21yFmwj53l9p3kNXDgSO
=8MGu
-----END PGP SIGNATURE-----