With this quote the security of chip cards debate is opened.

CHIP-AND-PIN systems introduced to foil credit and debit-card fraudsters are making it easier to commit certain types of financial crime, a reformed con man warned last week.

And the evidence is mounting to support his contention.

Chip and pin ‘makes fraud even easier’ – Money – Times Online

He does not believe that chip-and-pin technology, which requires transactions to be verified with a four-digit number rather than a signature, will prove much of a challenge for professional fraudsters.

The information sent out by the hand-held card reading devices used in restaurants is not encrypted, for example. Any criminals nearby with an information receiver can therefore capture the data, including the pin entered — actually making it easier for them to commit certain types of fraud.

The details on the earlier Shell fraud is outlined here.  This fraud resulted in cloning of the card data into mag strip cards.

His concerns about the vulnerability of chip-and-pin were reinforced last week by news that 600 Shell petrol stations have suspended use of chip-and-pin terminals after more than £1m was stolen from customers’ accounts. Fraudsters masquerading as engineers sent to test the equipment instead fitted the keypads with memory chips that logged customers’ card numbers and pin codes.

They then used the information to plunder accounts by making counterfeit cards and using them to withdraw cash from cash machines. Fraudsters were only able to clone the cards’ magnetic strips, rather than the chips, but many ATMs are not yet fitted with chip readers and therefore still use the strips.

The predominant method used by the criminals remains card not present fraud.

Another unfortunate side effect of chip and pin has been to boost internet and telephone credit-card fraud, known as “card-not-present”, for which criminals do not need to know your pin. The cost of this kind of card crime leapt from £151m in 2004 to £183m last year.

It is still being predicted that chip cards can be copied, but this isn’t proven yet.  However it may be possible to circumvent the card security in other ways.

Fears are growing, though, that identity cards will simply make life even easier for fraudsters. Abagnale said: “Within six months the new identity card will have been replicated perfectly. And because it condenses all the information on an individual in one place, the fraudster won’t have to find it.”

Relevance to Bankwatch:

The underlying question remains.  Can the criminals gather chip card information, and close the chip cards.  More research to come, including the relevance of card security schemes (DDA/ SDA).

Technorati Tags: chip+cards, security