Those of you who know me should know that one of my fascinations is the phenomenon of Groupthink (or “Folie a Deux”) and one of my professions was working out how to steal things more effectively. I have been avoiding ranting about this topic for a while but it rather amazes me that the press are just starting to realise that all is not well in this nation of British Shopkeepers.
When I first heard that the British Government were pushing this Chip and Pin idea; I seriously had to check tha it wasn’t April the first. For those people lucky enough not to be in the UK, Chip and Pin is a new way of paying for things with a Credit or Debit Card.
British payment cards have a little chip in them at one side, effectively making them into a smart card. They also have the magnetic and signature strip on the back so that they can be used abroad or used in cash machines without chip readers. When you pay with one of these, you either give it to the person at the till, or pop it into the little card reading machine yourself, wait for it to confirm the amount and then type in your 4 digit PIN to complete the purchase. This should ring some alarm bells already simply on the basis of casual theft. Anyone standing close to you when you are hassled in a shop queue and not being at all careful (as presumably you would be at a cash machine) can see you type your PIN and then thump you a few yards up the street, nick your cards and clean your account out at the closest cash machine.
This is a little dirty for the likes of a weblog like this but it’s not something that should be ignored just for that reason. Saying that this isn’t where the real issue lies. The real issue lies in the fact that the cards still have the magnetic strip and don’t use a different PIN for the smartcard and the strip. Financially, it is not very viable to clone a smartcard at the moment; it’s possible but until it becomes more useful (that would be when identity cards come into force) the risk is still low. On the other hand, it is pathetically easy to copy a magnetic strip. When you give your card to somebody before you type the PIN into a machine, you don’t know what they are doing with it. Have they swiped it and copied the strip? Is the “Chip and Pin” machine recording your number? Is there a camera in the roof monitoring what you type on the keypad? All it takes is one swipe of your magnetic strip by a shop assistant, a waiter, a petrol attendant or a well equipped prostitute and a knowledge of your PIN and your details could be sent to across the world within seconds, your stripe details written to another card and your bank account cleared before you have even left the shop. Personally I find it quite annoying when the country’s biggest supermarket (that’d be Tesco) has their staff take your card off you and swipe it behind the counter rather than let you slide it into the card reader like most other shops do. At least when I physically put the card into the machine myself I know that it can’t be reading the magnetic stripe. Tesco are just asking for staff fraud to happen. In fact, any checkout employees reading this who want to buy a 3 track magnetic card reader/writer, I am doing a good deal on them.
It seems obvious that for this to be classed as an advance in security is just idiotic but then that is a fundamental of Groupthink. Next time how about just sticking a photograph on the card? it’d be easier and cheaper. TV shows like “The Real Hustle” have been showing you how to rip people off for the last year with this and international gangs (should I be emotive and say GANGS PROBABLY LINKED TO ORGANISED CRIME AND TERRORIST ORGANISATIONS?) have been stealing hundreds of millions using this nice and easy free cash machine for quite a while now. It’s only in the last couple of weeks that it seems to have hit the news.
As far as I can see, the government decided that the country should all have Chip and Pin from February the 14th, 2006. Supposedly it is possible to demand a card that doesn’t have a chip; I will have to remember to do this sometime. It’s be nice to have seen any of their reasonings and to find out who their security consultants were so that we could all stand around and throw peanuts at them. Frankly and speaking from a professional point of view here, they must all either have been fucking morons with no understanding of anything at all or just out of their head on the Crade-A cocaine they’d bought with the money the government threw at them for their advice.