Thursday, August 28, 2008

Two nations, separated by a financial authentication protocol


BBC reports: [edited]

Self-checkout systems in UK supermarkets are being targeted by hi-tech criminals with stolen credit card details.

The thieves claim to have comprehensive details of US credit and debit cards passed to them from an American gang who tapped phone lines between cash machines and banks.

The gang plans to copy card details onto the magnetic stripes of fake cards and then use them in UK stores. In the discussion on the card site those co-ordinating the fraud say they are seeking places to "cash out", meaning strip funds from the bank accounts using fake cards.

In the forum they are asking for information about Asda and Tesco stores in which it is possible to use self-service systems that mules could visit with the fake cards to get at the cash.

The fraudsters are looking for self-service systems to avoid contact with store staff who may spot the fake cards. The funds would be split between the mules who actually carry out the transactions, those organising the mules and the hi-tech thieves who stole the original card numbers.

Representatives from both Tesco and Asda argue that payment systems automatically contact the banks when a card is swiped instead of using chip-and-pin. The banks must authorise the acceptance of a signature.

"If the card has not been reported as having been cloned, yes, it can go through," said a spokeswoman for Tesco. However, she pointed out that swipe and sign transactions represent a tiny fraction of the supermarket chain's trade.
------------

No comments:

 
UA-60915116-2