Fake Britain Chip and Pin etc

Just to check... are the scanners scanning the chip or scanning the magnetic strip. There was an interview on Radio 4 with some bank security guy and he said the weakness was the magnetic strip, but because people like travelling they had to continue to use the magnetic strip as too few countries accepted the chip technology which was apparently very secure compared to the old magnetic strip technology. Dunno how true this is, though.

OIC. *sighs at banks*

This is the only reason chip and pin was introduced, to shift more responsibility onto the card holder.

I had a problem in a restaurant in Paris, the bill came and I paid with my debit card, the clown waiter keyed in the wrong amount, adding a extra zero so my EUR 50 bill was now EUR 500. He handed me the terminal without showing the amount - like a lot of these terminals, it was just asking for my PIN. Took ages to get the money back and my own bank were of no help whatsoever as I had keyed the PIN in, even though I had my bill and the debit card receipt showing different amounts, and a letter from the restaurant admitting their mistake.

6-7 years ago (maybe longer) I did some work with a company that was involved in testing chip and pin security, (memory is a bit fuzzy but I seem to think they were responsible for handling the money transfers between banks/retailers/credit card co's, although I may be wrong on this) they were horrified at how insecure it was. They told an annecdote of how they cloned one of the internal guys cards, stuck a chip on a library card and paid for petrol at the garage over the road with it.

They considered the magnetic strips more secure as the technology to clone chips was easier to use and far more readily available.

Are banks still pressing on with the RFID/proximity cards? I saw someone paying in a coffee shops with one the other day, and I seem to recall TFL had a tie in with a bank so your debit card was also your oyster card.

I'd imagine those are stupidly easy to close, standing around with a RF reader on a busy tube platform must get a few dozen cloned cards...

anyone know if the PIN is stored on the card? or is the content of the card encryted and the PIN is the key to unlock it?

If it's the latter surely it cant be that hard to "brute force" the card by trying 9999 PINs "offline" on your own equipment.

The Chip and pin idea was flawed as an idea.

Before person A had to use their card, because they needed their signiture.

Now, person A can give their card to someone they trust, person B, and they can use their card.

Use cash.

Yes, nobody ever forged a signature, did they. And Little-Miss-minimum-wage at the Tesco checkout rigorously checked every single signature during her 40-hr working week.

Fraud isn't new, and technology simply doesn't move fast enough to keep it at bay for long.

They have CCTV cameras in ATM's IIRC.

I can't remember the last time i actually gave my card to the person behind the desk, you just put it straight in the machine, and with the self scan things now, how would they ever know?

The limit applies in the UK, but isn’t enforced worldwide.

My bank records showed me making a genuine transaction in a UK shop. Less than 30 minutes later my card was used in South Africa. It was used repeatedly until the balance was gone and the account hit the overdraft limit. They exceeded the daily limit that I can withdraw by thousands of pounds.

I was later told by the bank that the daily limit doesn’t work properly in some countries. In the UK the ATM’s are interconnected and the daily limit is applied across the UK. In South Africa and elsewhere, the ATM talks to the UK bank, but not to each other.

For some reason the UK bank computer doesn’t enforce the daily limit, it’s the ATM’s. I think that the bank tells the ATM not to issue more funds that day and to tell the other ATM’s. But the ATM’s in some countries don’t do that. So all the thieves have to do is visit a succession of ATM’s withdrawing the daily limit at each. My Bank statement showed this happening and I could trace their progress across the country.

The banks need to modify the system so that the approval or rejection of transactions is conducted entirely here, not overseas. This would have limited the loss.

The second easy thing the Bank could do is have their computer check the location of transactions against time. There is no way that my card could have been used for a transaction in the UK and travel to South Africa in under thirty minutes.

If the system refused transactions where it’s impossible for the card to have travelled between the two places in the time available then it would have prevented it. Had it refused my card in the UK because it had just been used in South Africa first, I would have immediately contacted my Bank. They could have then stopped the succession of withdrawals before they lost thousands.

A number of colleagues and I all had our current accounts emptied. We compared transactions and identified the single place we had all used in common, a petrol station. We visited the petrol station and identified a card skimmer in use.

The skimmer included a pinhole camera built into the plastic shroud around the keypad that is supposed stop people seeing you entering the pin. I habitually shield the keypad with my wallet, but the camera was closer than that.

We deliberately avoided alerting the fraudster to the fact we had observed the skimmer. We thought we would prefer to see them arrested.

The Police took the attitude that only the Bank could report the crime. So we contacted the fraud department at the Bank and drew their attention to the location of the skimmer in operation.

As far as I can tell no action was ever taken to investigate and arrest those responsible. I raised this with the bank and never had a sensible reply.