Comments: middle banking in a english muddle

for a little more topic drift, this is a reply to a recent post asking about a UK article where there was fraudulent debit card transactions on an account ... where the issued debit card had never been used (and therefor could never have been skimmed)
http://www.garlic.com/~lynn/2008b.html#67

the reply discusses a process gap/crack that appeared in the transition to (magstripe) signature-debit.

note that there was recent article that debit transactions have exceeded credit transactions:

Debit Traffic Now Bigger Than Credit Transactions for MasterCard
http://www.digitaltransactions.net/newsstory.cfm?newsid=1662

Posted by Lynn Wheeler at February 2, 2008 01:24 PM

I gave a talk on Chip and PIN security vulnerabilities in Girton, a small village on the outskirts of Cambridge, UK. The audience were asked who had been a victim of card fraud and about 90% of the 50 or so people present put up their hands.

It transpired that someone had tapped a local petrol station's Chip and PIN terminal and recorded card details and PINs. The information is then sold on and used abroad, where ATMs are not outfitted with chip readers.

Since pretty much everyone in Girton with a car used the compromised terminal, the high proportion of card victims should be expected. It could be that Letchworth is a similar case. All it would take is a few skimmers in busy locations.

As for the Australia link, I don't think that is particularly significant. Each of the gangs has their preference. For the victims in Girton, Malaysia seemed to be popular but this will vary as fraud-detection algorithms are adapted.

Posted by Steven Murdoch at February 2, 2008 02:13 PM

More or less true, although I believe in this case and many others the term 'identity theft' is a clever and misleading attempt to portray a bank problem as a consumer problem. Give an old crime a new name and it sounds like a new problem and the blame can be moved.

Much as governments have taken to using the term 'terrorism' or 'race crime' to change the emphasis from the nature of a criminal act to the motivation behind it, and use the easier method of tackling it - removing civil rights, rather than having to actually try to identify and punish perpetrators.

Anyway, it was not identity theft in Letchworth, it was theft implemented by stealing credit card details by sabotaging a cash machine at a local petrol station. Said machine was used sufficiently heavily that nearly everyone in town knew someone who was effected.

The technique appears to be being used by immigrant gangs, and the cash is taken not just via Australia but any country with poor security checks (I was sure the BBC had mentioned Canada rather than Australia for this incident). Don't recall if it was an inside job - it may have been a petrol station employee involved.

So 'gangs targeting one community' is basically FUD. They target one machine, and if in a small communitity that effects a large proportion of residents.

As far as 'identity theft goes', the term is just a clever way for banks to make it sound like it is the consumers fault that they were robbed. Selling insurance against it shows how effective the ruse is. Imagine a bank offering you insurance against future bank robberies.

Posted by Digbyt at February 3, 2008 12:55 PM

well, there was similar case in Canada few years ago, in Ottawa region, also with fuel station as point of PIN collection. I keep in mind that case because friend of mine was among defrauded/robbed, and irony of the case was in fact he is "Russian" for locals, and it was "Russian" gang on fuel station acting too. There were also other peculiar moments in that story, but customers had money returned. I don't insist but probably it is more of case "bank protection legislation is unnecessary strong in UK", which was also cited in famous security book ;)

Posted by A.T. at February 6, 2008 12:43 PM

Fraud: 1 in 5 Cards Cloned At ATMs and Chip & Pin
http://www.financedaily.co.uk/showNews.aspx?loadid=00951

from above:

"Card fraud is a serious concern that is still common despite preventative measures put in place to combat this ,including Chip and PIN,” said Zoe Manton, head of Card Protection at CPP. “Fraud levels increased by 26% in the first six months of 2007 compared to the same period in 2006, to reach GBP264m.”

... snip ...

Posted by Lynn Wheeler at February 6, 2008 05:23 PM

Of course, this means that as people swithc to using cash for payments (I've started doing this for petrol) there is less money in banks; hence, a smaller fraction for fractional reserve purposes.

Posted by darren at February 7, 2008 07:16 AM
Post a comment









Remember personal info?






Hit Preview to see your comment.
MT::App::Comments=HASH(0x559a141223f0) Subroutine MT::Blog::SUPER::site_url redefined at /home/iang/www/fc/cgi-bin/mt/lib/MT/Object.pm line 125.