You may have spotted on the news at the weekend that Shell have suspended the use of Chip and Pin following discovery of a Â£1,000,000 fraud where money was being syphoned out of customer accounts. Of course, the report is pretty non-specific as to what the problem was, with only a statement from a spokeswoman at APACS, who are behind Chip and Pin, about how the pin pads are supposed to be tamper resistant.
However, today the BBC News site posted an item containing advice from Frank Abagnale, whose exploits were immortalised in the film Catch Me If You Can, on how to avoid ID theft. Alongside his advice to not use cheques – they have all the information on them that an ID thief needs, he also laughs at Chip and Pin, highlighting that the fraudsters at Shell got their information from the un-protected magnetic strip on the back of the card. As I mentioned way back in January last year, whilst APACS will tell you how wonderfully secure the chip is, they always skip over the fact that in order to remain compatible with older terminals and cash points, all the relevant information is still in the magnetic strip on the back. I’m just surprised that it’s taken someone this long to pull off a big scam in that way.
The Abagnale article also highlights some other security loopholes with the new system. Take those snazzy wireless terminals that you often see in restaurants, those helpfully decode the information off your card, and then send it over an unencrypted radio connection back to base. Not surprisingly he has little confidence in the governments supposed foolproof ID card system – he gives it six months before someone replicates it perfectly, and with that, everything you need to pretend to be someone else is in the one place. Fills you with confidence really.