Royal Dutch Shell Group .com Rotating Header Image

The Sunday Times: Ireland: Don’t bank on chip and pin to defeat fraudsters

The Sunday Times May 21, 2006

Ireland: Don’t bank on chip and pin to defeat fraudsters

Jessica Bown and Brian Carey

The original Catch Me If You Can conman is not impressed by the new card system

CHIP-AND-PIN systems introduced to foil credit and debit-card fraudsters are making it easier to commit certain types of financial crime, a reformed con man has warned.

Frank Abagnale, whose life story inspired the Leonardo DiCaprio film Catch Me If You Can, served five years for fraud after posing as an airline pilot, a doctor and a lawyer and cashing $2.5m (€2m) of cheques between the age of 16 and 21.


Now 58 he has used his skills to help the FBI fight fraud for 30 years and also works with CIMS, which offers identity-fraud protection services.

He does not believe that chip-and-pin technology, which requires transactions to be verified with a four-digit number rather than a signature, will prove much of a challenge for professional fraudsters.

The information sent out by the hand-held card reading devices used in restaurants is not encrypted, for example. Any criminals nearby with an information receiver can therefore capture the data, including the pin entered, making some brands of fraud much easier.

Abagnale said: “Anybody sitting at another table with a laptop would be able to pick up the messages being sent to and from the card readers.”

His concerns about the vulnerability of chip and pin were reinforced recently by news that 600 Shell petrol stations in Britain suspended use of chip-and-pin terminals after more than £1m (€1.47m) was stolen from customers’ accounts. The equipment was supplied by the Irish company Trintech.

Fraudsters masquerading as engineers sent to test the equipment instead fitted the keypads with memory chips that logged customers’ card numbers and pin codes.

They then used the information to plunder accounts by making counterfeit cards and using them to withdraw money from cash dispensers.

Fraudsters were only able to clone the cards’ magnetic strips, rather than the chips, but many ATMs are not yet fitted with chip readers and therefore still use the strips.

“The full benefit of the ‘chip’ in chip and pin will only come when the system is truly universal,” said Barry O’Mahony, the head of policy and development at Irish Payment Service Organisation (Ipso). “The magnetic strip will remain as the global roll-out of chip and pin continues.” Unfortunately, it is the strip that can be scanned and used for “skimming”.

The stage of roll-out varies across Europe, and even within individual countries. Spain, for example, has focused its chip-and-pin roll-out in tourist areas, something Irish visitors should bear in mind before leaving home without a credit card pin.

One plus point for proponents of chip and pin is that the criminals did not use the fake cards to make purchases from other retailers because they could not clone the chips.

However, Abagnale believes that it will not be long before they find a way to crack the system. He said: “There is no foolproof system. Anything devised by a man or a woman can be defeated.”

Criminals are also targeting chip-and-pin users by fitting cash machines with a device that captures card data and positioning a camera nearby to record customers’ pins.

This can be done by posing as a cash dispenser maintenance man, or by bribing bank employees to allow them access to the dispensers. There have also been cases of dishonest shopkeepers installing cameras to record the numbers that customers key in.

Pin security is naturally paramount. MBNA has become the first card issuer in Ireland to allow a customer to access his or her pin (Personal Identification Number) over the telephone. The security checks are extensive.

This website and sisters,,,, and, are owned by John Donovan. There is also a Wikipedia segment.

Comments are closed.