 
|
|
In partnership with:
16 May 2006 First major Chip and PIN fraud hits ShellSarah HilleyOil company, Shell last week suffered a £1 million Chip and PIN fraud in the UK that is likely at the hands of an insider. Eight people have been arrested in connection with the crime. Sabotaged card readers were discovered at Shell forecourts. The POS terminals were reportedly tampered with to steal customer’s information. Dr Mike Bond, Security Director at Cryptomathic said: “this would require detailed knowledge of the design of the POS terminals.” The only known Chip and PIN fraud method as of yet uses old hat techniques. Criminals use terminals to steal account details and then make stripe card counterfeits similar to traditional ATM fraud. It is carried out “in much the same way as has been done for years at cash machines (ATMs)", said Bond. Shell has temporarily stopped taking payments with Chip and PIN at 600 petrol stations. Customers have to go back to writing their signature. Chip and PIN become mandatory in the UK in February. The Shell fraud is the first public setback for the technology. The slogan of the campaign is “safety in numbers.” But Dr Bond still believes Chip and PIN is a success. “I think Chip and PIN is going quite well, aside from maybe exaggerated expectations. The tradeoffs between security and convenience chosen by the banks seem pretty sensible.” However he warns of futuristic relay attacks that designers will have to plan for. Relay attacks occur when “a card's conversation with a fake terminal is transported wirelessly across the world to commit a fraud at the exact moment a legitimate customer makes a payment.” He said that academic researchers have come up with a possible answer involving "range bounding schemes."
|
|