It now looks as though the Shell chip-and-pin scam I reported on earlier this week was caused by a combination of technology failure and human weakness.
I find this explanation hard to believe. Without revealing too many trade secrets, the PINpads in use in the UK are built to a tight specification that is protected by many layers of security.
I strongly suspect that the fraudsters - apparently the eight people arrested in connection with the million pound scam were scattered across the UK - loaded special software on to the EFTPOS tills at the Shell stations concerned.
This suggests a fairly sophisticated attack and one that could probably be replicated elsewhere, as there are only a handful of EFTPOS till designs of this type in use in the retail industry.
As I've said before, I doubt very much whether we'll find out what really happened, as it's in no-one's interests for the technical details to be made public.
On a linked topic, whilst trundling through Kings Cross station last night, en-route for home, I noticed that the FastTicket machines - which allow you to buy rail tickets without human intervention - now have PINpads on them.
I spent an enjoyable 10 minutes examining the PINpads on the Kings Cross FastTicket machines before having to hoof it to catch my train.
Security? What security? I suppose I'm on CCTV somewhere (fx: laughs hysterically), but I've seen more security at our open-all-hours Spar shop than at Kings Cross...