[Dave Birch] This proves how stupid I am compared to criminals. This had never occurred to me, but as I soon as I read about it I recognised the brilliance of the idea. Banks have tried in a variety of different ways to make it harder for criminals to attach card skimming devices to ATM. So the criminals have looked around for other places where unattended terminals with PIN entry are located and have discovered that the self-checkout machines in supermarkets provide an excellent attack opportunity. Of course!

Lucky Supermarkets discovered tampered credit/debit card readers in the self check-lanes of its store in Alameda’s Marina Village Shopping Center and 18 other Lucky markets, and is urging those who used the machines to check their credit and debit accounts.

[From Warning to Customers of Lucky’s Self Check-Out Lanes – Alameda, CA Patch]

I’ve actually bought stuff at that Alameda Lucky, although it was last summer so I’m probably safe. I would never, under any circumstances, have used a debit card there anyway. I never use a debit card in supermarkets, or indeed anywhere else. I was forced to use a debit card in Lidl recently because they don’t take credit cards, so next time I go there I will use a prepaid card. I buy things at Morrison’s in Woking on a more regular basis, and since I won’t use my debit card at POS that means no cash back, so that if I want cash I have no option but to use my Barclays debit card in the ATM there. Uh oh.

CASH machine users are being told to be on their guard after a cloning device was found at a Woking supermarket. The device was discovered at the Morrisons store in Goldsworth Road, Surrey Police said.

[From Card cloning device found on Morrisons cash machine – News – getsurrey]

Cards aren’t safe anywhere it seems.

Susan Grant, director of consumer protection for the Consumer Federation of America, is calling for more security and legal rights for debit card fraud victims. “When unauthorized debits are made, consumers are in a much more troublesome situation … because the money’s been quickly withdrawn from their account,” she said. “With an unauthorized credit-card charge, you haven’t paid it yet.”

[From Thieves Favor Debit Cards]

Indeed, but this is tackling symptoms, not causes. You can see why this is going on. It’s because we still, insanely, put magnetic stripes on the backs of our cards, and those stripes can be copied and used in places where there are no chip readers in the ATMs (i.e., the US). In developed countries, this problem has been recognised and dealt with.

The introduction of chip and pin payment cards has lead to 99 per cent drop in ATM card fraud, says Central Bank of Nigeria (CBN)

[From ATM fraud drops by 99% as CBN sets up E-Fraud Forum]

I have absolutely no idea why Barclays puts a magnetic stripe on my debit card, I have no idea why John Lewis puts a magnetic stripe on my MasterCard and I have no idea why Barclaycard puts a stripe on the back of my splendid OnePulse Visa card. I have a Travelex US$ prepaid card with a stripe on it that I am quite happy to use in shops in the USA until such time as they install chip and PIN readers. Surely it would make life easier for Barclays and for me if they just declined all stripe transactions on my cards. I can easily transfer money to Travelex US$ prepaid card via FPS, so what’s the problem?

These are personal opinions and should not be misunderstood as representing the opinions of 
Consult Hyperion or any of its clients or suppliers


3 comments

  1. Fallback has long been a sore point in the UK.
    When the crims steal a valid Chip & PIN card, simply smack the chip with a hammer, or reverse 12volts into it, and hey presto instantly useable mag swipe card.
    Pan Key Entry has to be a far safer fallback method than swipe, as you just about guarantee the card number entered is the one on the card, but this is not allowed by the schemes. I think the UK acquirers are generally in agreement that mag swipe is bad and should be removed, but the reason always stated is scheme rules interoperability etc.

  2. I actually think all these companies likes fraud, because it is the reason they can charge 3% or more of each transaction. If it wasn’t for this fraud, we’d be more outraged of this cut. The fraud losses probably isn’t too bad, and provides the raison d’être for the 3% charge.

  3. If the magnetic stripe on your credit card were to be accidentally damaged, I suppose you would not need to ask your bank for a replacement in too much of a hurry… Unless you wanted to use it abroad or change your PIN (the motorised reader on ATMs is triggered by the mag stripe, after it has pulled in your card it reads the chip).

Leave a Reply to Gary Cancel reply


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
%d bloggers like this: