The Durban High Court has found in favour of Diners Club in a notorious ATM PIN cracking case brought by South African businessman Anil Singh.
The businessman had claimed that R0.6 million had been defrauded from his account during a spate of phantom withdrawals in the UK in 2000.
The case gained notoriety when Citibank, which runs the processing for Diners Club in the UK, won a High Court order in London gagging public disclosure of crypto vulnerabilities in ATMs by Cambridge University scientists who had agreed to act as expert witnesses in the case.
The Cambridge scientists claimed to have discovered serious vulnerabilities in the cryptographic equipment commonly used to protect the PINs used to identify customers to cash machines. They alleged that a bank insider could crack a PIN on an internal bank network in an average of 15 tries, rather than the 5000 tries claimed by ATM network operators.
In his ruling, High Court judge Philip Levinsohn found it more likely that Singh had sold his card details to a criminal gang who then looted his account. He ordered punitive costs against Singh to the tune of R5 million.