Card fraud factory raided

Fraudsters have found a way to tamper with retailers’ Chip and PIN readers and steal credit card details, including people’s PINs.

This development could make it harder for people to persuade their bank that they have not been negligent with their PIN but are in fact fraud victims.

The sophisticated operation was uncovered after police raided premises in Birmingham and found equipment needed to steal card details and make counterfeit cards on a massive scale.

A police unit, the Dedicated Cheque and Plastic Crime Unit (DCPCU), said it had found a factory-style setup. Stolen Chip and PIN terminals, card account numbers, a card reader/writer, computer software and fake magnetic stripe cards were taken from the premises.

The DCPCU comprises officers from the Metropolitan and City of London police forces who work alongside banking industry fraud investigators. They tackle cheque and card fraud crime in the UK and said early indications are that these criminals have been tampering with retailers’ Chip and PIN terminals.

A device is put inside the terminals, which can then unscramble information, including transaction data and PINs held by a card. This information is stored by the device until the criminals come back to remove them. It is believed to be the first evidence of a breach of the encryption in a chip and PIN card being broken.

Andrew Goodwill of anti fraud specialists, The Third Man said. "Everyone in the credit card industry knew that this day would arrive, and expected this serious compromise to have happen before now.”

Apacs said the cloned cards could not be used at UK Chip and PIN cash machines or in shops using the system. However, the banking organisation said the details would have been used to create fake magnetic stripe cards that can be used fraudulently in countries that have yet to roll out Chip and PIN. It said cloned cards could be on the streets within hours of the details being stolen.

This type of fraud – known as fraud abroad – increased 77 per cent last year, totalling £207.6m.

Two people were arrested last night in connection with the raid and charged with conspiracy to defraud. Alerts have also been sent to thousands of retailers asking them to inspect their Chip and PIN terminals.

Detective Chief Inspector John Folan, who heads the DCPCU, said: “These arrests are a significant development in our fight against the organised criminal gangs responsible for this type of fraud.

It is not known how many retailers have been targeted but it is thought that many if these devices are coming in from Eastern Europe.

“To date, compromised Chip and PIN terminals have been found in less than 30 retail outlets throughout the UK. Together with the banking and retail industries we are working to ensure this figure is minimised.

“We are sending a very clear warning to fraudsters these crimes will not be tolerated, and that we will continue to target them and disrupt their fraudulent activity."

Andrew Goodwill said consumers should limit their exposure to this crime as much as possible.

"One way would be to use credit not debit cards, as if the card details are compromised the fraudster can only steal the bank's money. By using a debit card a fraudster can clean out your bank account in a matter of minuets.

"It can take anything from 3 to 4 months for a bank to compensate you if your debit card is compromised. In the meantime you will have your bills to pay," he said.