You are here  IT Management Security Alerts

Police probe international link in chip and Pin fraud

Ian Grant
Thursday 21 August 2008 12:21

Police are investigating a possible link between compromised credit card readers found in Birmingham and Ireland.

Detectives suspect an international organised crime gang may be behind the dodgy readers, a spokesman for payment industry trade body Apacs and the DCPCU, a dedicated UK police unit to investigate cheque and plastic card fraud, confirmed today.

A Garda (Irish police) spokesman told Computer Weekly, "Recent activity in Ireland has a similar modus operandi to the UK. It is the latest trend in this type of fraud in moving from targeting ATM machines and targeting retail outlets to skim card details."

Compromised readers capture card holders' Pin numbers and personal details and transmit them via a Bluetooth connection to a PC where they are captured and later sold on to criminals.

Irish police recovered 47 devices and UK police say they found compromised readers in "less than 30" UK shops.

Computer Weekly reported earlier that police are telling retailers to check their card readers for signs of tampering. Apacs recommends keeping readers under guard to avoid them being taken home, their electronics replaced secretly, and put back into service to steal customers' details.

Researchers at Cambridge University showed on Christmas Eve 2006 how to compromise a card reader and make it play Tetris, the popular computer game.

In February 2008 they showed how to use them in a way similar to how police say were used in Ireland.

Apacs said at the time, "This type of attack requires far greater effort and engineering to execute than you currently estimate, is significantly difficult to industrialise to the number of devices that would gain criminals the return they would expect, and therefore, is not economically viable to criminals."

Yesterday an Apacs spokesman said the association stood by that assessment.

The Garda spokesman said all Euopean police forces liaise and exchange fraud information through Europol and Interpol. He said the Irish and London fraud bureaus were in close contact. "In these investigations we are not in a position to comment further for operational reasons," he said.