24 September 2017
Find out more

Halifax facing chip and PIN fraud lawsuit

07 January 2008  |  16411 views  |  0 card chip

UK high street bank Halifax is facing a lawsuit brought by a customer who claims that fraudsters cloned his chip-based card and withdrew £2100 from his account at ATMs.

Alain Job told UK newspaper The Guardian that he changed the PIN supplied by the bank to a number that only he knew and was in possession of his card when fraudsters raided his bank account.

But the Halifax claims that whoever took the money had access to both Job's card and PIN.

Job is in the process of bring his case against the Halifax to court.

The case casts further doubts over the effectiveness of chip and PIN which was introduced in the UK two years ago in order to eliminate skimming scams where fraudsters copied data stored on the magnetic stripe of a credit to make cloned cards.

Although chip and PIN contributed to a drop in domestic fraud levels fraudsters have switched to using cloned cards abroad in places where chip and PIN hasn't yet been implemented.

Security expert Mike Bond told The Guardian that as well as mag-stripe cards chip-based cards can be copied and cloned, although the technique is more cumbersome and expensive as it involves stealing the PIN and copying a secret key stored on the chip which is used by banks to validate cards.

Bond says that, whilst it is possible that criminals have found a cheaper way to extract data from the chip, there is no evidence that this has happened.

A cheaper way for fraudsters to clone cards is to create a "yes card", says Bond, which doesn't contain a copy of the original card's PIN and secret key.

Instead, the fraudster copies the rest of the chip's data to a smart card. This "yes card" will work with chip-and-pin implementations using a security technique called Static Data Authentication (SDA), says Bond, which enables chip readers to authenticate a transaction without directly contacting a bank.

However, this technique does not explain Job's losses because all ATMs contact banks for authentication, says the report.

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Jump in card fraud abroad drives up UK losses - Apacs

Jump in card fraud abroad drives up UK losses - Apacs

03 October 2007  |  7337 views  |  0 comments
Researchers warn of Chip and PIN relay threat

Researchers warn of Chip and PIN relay threat

06 February 2007  |  19318 views  |  0 comments
Game over for Chip and PIN?

Game over for Chip and PIN?

05 January 2007  |  16148 views  |  0 comments
Chip and PIN boasts 31% drop in counterfeit card fraud

Chip and PIN boasts 31% drop in counterfeit card fraud

10 October 2005  |  9171 views  |  0 comments
UK cardholders flout PIN security guidelines

UK cardholders flout PIN security guidelines

05 July 2004  |  5119 views  |  0 comments

Related company news

 
visit www.sibos.comvisit www.abe-eba.euvisit www.vasco.com

Top topics

Most viewed Most shared
HSBC switches on selfie payments in ChinaHSBC switches on selfie payments in China
13442 views comments | 28 tweets | 44 linkedin
AXA launches blockchain to cover late flight compensationAXA launches blockchain to cover late flig...
9884 views comments | 13 tweets | 28 linkedin
Apple P2P payments service nears launchApple P2P payments service nears launch
8609 views comments | 19 tweets | 27 linkedin
SBI Ripple Asia advances on South KoreaSBI Ripple Asia advances on South Korea
8412 views comments | 16 tweets | 1 linkedin
European Commission makes fintech a priority in supervisory shakeupEuropean Commission makes fintech a priori...
8155 views comments | 32 tweets | 45 linkedin

Featured job

Competitive
New York, NY - USA (some flexibility on location)

Find your next job