UK: Chip and PIN Fraud Hits Lloyds TSB

["Fergie" <fergdawg () netzero net>]

This is the second instance of Chip and PIN fraud I've
heard this week -- the first was with Royal Dutch Shell,
also in the UK.

Via El Reg.

[snip]

Lloyds TSB has admitted that flaws in the new Chip and PIN system recently introduced for debits cards in the UK open 
up the system to fraud. Conventional fraud may be down because of the system but crooks are still able to use cloned 
debit or credit cards in foreign ATMS.

Instead of authorising debit card transactions by signature Chip and PIN means that customers use a four digit PIN code 
to give the go-ahead to purchases.

Although cloned cards won't have a forged chip the PIN associated with this microchip is the same as that associated 
with a magnetic stripe. Foreign ATMs only read this magnetic strip and not the PIN. So providing fraudsters obtain the 
data on the magnetic strip, along with the associated PIN, they are able to make withdrawals overseas using a 
conventionally cloned card, something that wouldn't work on a UK high street. Delays in identifying foreign ATM cash 
withdrawals as potentially fraudulent are compounding the problem.

[snip]

More:
http://www.theregister.co.uk/2006/05/11/lloyds_tsb_chip_and_pin_fraud/

- ferg


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg () netzero net or fergdawg () sbcglobal net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.