Police in the UK have arrested a third man, believed to be the engineering brains behind a sophisticated programme to read and transmit customer PINs as they are entered at compromised Chip and PIN terminals in retailer check-outs.
Early last week, the UK's Dedicated Cheque and Plastic Crime Unit went public with news that criminals had uncovered a way to bypass anti-tampering protection at Chip and PIN terminals and insert miniature devices capable of recording customer PIN codes and transmitting the data remotely to fraudsters.
The DCPCU said it had arrested two suspects during a bust of a copunterfeit card factory in Birmingham and seized stolen chip and PIN terminals, card account numbers, a card reader and writer, computer software and fake magnetic stripe cards.
The stolen terminals have been sent to forensics for analysis and police have advised retailers the length and breadth of the country to undertake checks of their entire estate of desktop PIN pads. By last week, compromised Chip and PIN terminals had been found in around 30 retail outlets across the country.
However, apart from issuing general guidance, police and Apacs have so far been unable to offer precise advice to retailers on how to counter the fraud or what to look for when checking their equipment.
The latest arrest, late on Friday evening, of the man believed to be the software engineer behind the scam, is expected to shed more light on the scheme and the exact nature of the threat facing the retailer community.