Hundreds of drivers caught out by GBP1m chip-and-PIN sting
(Daily Mail Via Thomson Dialog NewsEdge)CRIMINALS have stolen more than GBP1million after copying the credit and debit card details of hundreds of petrol station customers.
The fraud, which affects outlets across the country, highlights serious flaws in the chip-and-PIN payment system which is meant to offer more protection against crime and theft.
Gangs are understood to have targeted petrol stations operated by Shell, BP and other well-known chains to steal card details.
Last night, Shell suspended the chip-and-PIN system in all 600 of its company- owned petrol stations.
The company said drastic action was necessary to protect customers from the possibility of fraud.
Conservative estimates suggest the criminals have cloned more than 1,000 debit and credit cards, stealing more than GBP1million.
A Shell spokesman said: 'In the interests of our customers, we have temporarily suspended chip-and-PIN availability in our UK companyowned service stations.
'This is a precautionary measure to protect the security of our customers' transactions.' The company said customers would be able to pay for fuel, goods and services using their signatures as proof of identity.
'We will reintroduce chip and PIN as soon as it is possible, following consultation with the terminal manufacturer, card companies and the relevant authorities, to ensure that customers can be confident that their transactions are fully secure.' Four hundred Shell petrol stations which are run by outside franchises will continue to operate chip and PIN.
There is evidence that criminals have posed as technicians to implant devices into till terminals at the petrol stations.
These devices captured both the card details on the magnetic strip and the four digit PINs - personal identification numbers - used by customers to authorise purchases.
The information was then used to create cloned cards, which were used to withdraw huge sums of money from cash machines in Britain and abroad.
Shell stressed that all its till terminals had been approved by the banking industry before the chip and PIN regime became compulsory in February.
However, it is apparent that bank industry standards are not sufficiently stringent to ensure that the terminals cannot be tampered with.
Consequently, the problems experienced by Shell could equally apply to thousands of new terminals installed in stores, restaurants and other outlets.
The till terminals at the centre of the Shell fraud investigation were made by a company called Trintech, which supplies many businesses across Britain and the world.
Shell said it was aware of cases of fraud at fewer than ten of its petrol stations.
BP has also admitted a problem with customer card details being stolen from at least one of its stations. This did not involve a chip-and-PIN terminal.
Criminals have attempted to tamper with till pads at petrol stations operated by at least one other major chain.
These cases are unlikely to reflect the full scale of the problem as sophisticated gangs find ways to outsmart the new security regime.
The developments are a huge embarrassment for the banks who assured the nation the chip-and-PIN system would kill card crime.
The finance industry and retailers have spent GBP1billion issuing 141 million new 'secure' cards and installing new terminalsat which they can be used.
The Association of Payment Clearing Services, which speaks for the banks on plastic card issues, claimed the chipand-PIN system was reducing fraud.
Spokesman Sandra Quinn confirmed the problems at Shell.
She said there criminals had also attempted to tamper with till terminals at one other petrol company at least.
However, she tried to play down the significance of the problem.
While she was unable to say how many card details had been stolen, she insisted only a small number of petrol stations were implicated.
'We are confident this is not a systemic issue. This is about a specific till pad and the way it is configured in Shell petrol stations,' she said.
THE CLONING CHEATS COST US GBP1,300
MARY Adkins lost GBP1,300 from her account when her debit card was cloned after a visit to a Shell petrol station.
The theft became apparent in early April when the card was rejected at a store and she and her husband James were told to contact their bank.
'The bank's fraud department told us there had been cash withdrawals in Paris,' said Mrs Adkins from the couple's home near Guildford, Surrey.
'I subsequently found out that more than GBP1,300 had been taken out in a series of withdrawals.
'My confidence in the chip-and- PIN regime has been severely shaken. This technology ought to be secure.
'Now, more than a month later, we are still waiting to get our money back.'
Chris Monk, 53, an electronics engineer from Surrey, believes his card was cloned at a Shell garage in March. He lost GBP600 in what he described as 'mugging by stealth'.
Mr Monk said he always suspected that chip and PIN was not a failsafe system.
'Once digital information has been captured on a device there is scope to copy it,' he said.
'I now face a question over who I can trust when making a purchase.
'In fact I have been using cash over the last two weeks.'
Interview with Fujitsu
Interview with Phone Power