Re: Petrol Station rip off

Go To Mortgage 101

Return To Group Index

From: johannes 
Newsgroups: uk.finance uk.legal
Subject: Re: Petrol Station rip off
Date: Sun, 22 Apr 2007 16:40:52 GMT



norm wrote:
> 
> The recently exposed 'Sri Lankan' card scam seems to involve someone
> scanning the magnetic strip and using a pin entry keyboard that has
> been tampered with to get the pin.
> 
> I understand that there is a complex authentication and encryption
> process between the chip on the card and the combined card-reader and
> keypad which should mean that duplication or reading of the chip's
> data is rather more difficult.
> 
> I therefore believe that I can greatly increase the security of any
> transaction by wiping a damn great magnet over the magnetic strip on
> my card, thereby destroying the data contained on it.
> 
> I would in future tell any retailer where a transaction relied on the
> presence of the magnetic strip to get stuffed.
> 
> Discuss.

As you probably know, there are to types of machines for chip & PIN cards.
There are the standard machines which only reads the chip, as it was
supposed to happen with the chip & PIN technology. But there are also the 
commonly used 'dual' machines which records the magnetic strip at the same
time, God knows why? This is the real problem, since the PIN can often be
got from the CCTV mounted in the ceiling directly over the counter where 
payments are made. Hence a clone could be made by a rogue staff, and 
together with the covertly obtained PIN, and money can be drawn from a
far away bank where the chip isn't used. 

Businesses claim that they use the dual machines as a fall back in case
the customer doesn't have the chip & PIN, as they are reluctant to miss
out on business. They may also capture the strip for marketing purposes,
enabling them to send junk mail, who knows? E.g. why did  TK-maxx have
40 mill card details on their computer?   

The sooner the dual machines are scrapped the better; shops could  have
separate machines for those who still haven't got chip & PIN and want to 
chance their luck. But I have found that this is controversial between
the interests of business and cardholders. Businesses have a thing about
wanting to swipe your card regardless.