Skip to main content

Chip & SPIN: serious fraud comes home to roost

I was intrigued to see over the weekend that EU law enforcement officials have uncovered a sophisticated scam involving GSM transmission units being pre-installed in Chip & SPIN terminals manufactured in China.

Basically the GSM data modules appear to have transmitted all the card data - including the PINs - from transactions the units process.

Several major retails, including Asda and Tesco, have been hit by the fraud, which is all but undetectable, since the terminals were modded before they left the factory.

The Reuters newswire reports that the terminals weighed about 80 grams more than normal, which is the only way that anyone checking the units could discover whether they were fraudulent or not.

The fraudsters are also reported to have waited a couple of months before using the card data and associated PINs, so as to make detecting the fraud more tricky.

Wow - a pretty sophisticated scam and one that drives right through the heart of Chip & SPIN.

And you know what? If we all still used signatures for cards (as I still do) the fraudsters could not have achieved what they did.

I wonder how many millions the banks lost to the Indian and Asian fraudsters...