Security threats Toolkit

Shell's £1m chip and PIN fraud 'an inside job'

Tags:
Theft,
Crime,
Chip And Pin

Will Sturgeon silicon.com

Published: 09 May 2006 16:10 BST

A £1m chip and PIN fraud at a Shell petrol station was "an inside job", according to UK payments body Apacs.

Shell suspended the use of chip and PIN payments at 600 UK petrol stations over the weekend as a precautionary measure following the theft of more than £1m from customer accounts.

A spokeswoman for Shell confirmed to ZDNet UK sister site Silicon.com that "a small number of customers have been affected" and added that the company is now co-operating with a police investigation that has already resulted in nine arrests in connection with the crime.

Shell said the company is working with the manufacturers of the chip and PIN terminals, but does not know when its petrol stations will be able to start taking chip and PIN payments again.

The spokeswoman said it is not known whether all affected customers have been informed yet but banks have issued advice to customers to check their bank accounts and statements carefully for discrepancies.

Due to the ongoing nature of the investigation, Shell declined to comment further on the specifics of the case.

But a spokeswoman from Apacs said criminals must have had easy access to PIN pads in order to modify them to enable the theft of PIN numbers and the copying of magnetic strip information — a task which will have taken time.

She said that "without any doubt" it must have been an inside job involving a "conspiring" or "coerced" member of staff.

At the heart of the problem are PIN pads which are designed to shut down if they tampered with. In the case of those supplied to Shell this didn't happen, and it appears this is the vulnerability the theives exploited, said Apacs.

It's likely the news will throw into question the reliability of chip and PIN payments, which became a requirement for most point of sale card payments in the UK in February.

However, the Apacs spokeswoman said: "In the past, one of the fraud hotspots has been petrol stations. As such it's no surprise we've got a situation like this on the forecourt.

"We've never said the fraudsters will disappear. They are organised criminals and they are very sophisticated. But cards are a lot safer now than they were two years ago."

She claimed the speed at which police have been able to make arrests owes a lot to the fact chip and PIN payments can quickly be traced back to the PIN pad which was used.