Emily Finch, of the University of East Anglia, has researched criminals and how they adapt their fraud techniques to identity cards, especially the “chip and PIN” system that is currently being adapted in the UK. Her analysis: the security measures don’t help:
“There are various strategies that fraudsters use to get around the pin problem,” she said. “One of the things that is very clear is that it is a difficult matter for a fraudster to get hold of somebody’s card and then find out the pin.
“So the focus has been changed to finding the pin first, which is very, very easy if you are prepared to break social convention and look when people type the number in at the point of sale.”
Reliance in the technology actually reduces security, because people stop paying attention:
“One of the things we found quite alarming was how much the human element has been taken out of point-of-sale transactions,” Dr Finch said. “Point-of-sale staff are told to look away when people put their pin number in; so they don’t check at all.”
Some strategies relied on trust. Another fraudster trick was to produce a stolen card and pretend to misremember the number and search for it on a piece of paper.
Imagine, she said, someone searching for a piece of paper and saying, “Oh yes, that’s my signature”; there would be instant suspicion.
But there was utter trust in the new technology to pick up a fraudulent transaction, and criminals exploited this trust to get around the problem of having to enter a pin number.
“You go in, you put the card in, you type any number because you don’t know what it is. It won’t go through. The fraudster—because fraudsters are so good with people—says, ‘Oh, it’s no good, I haven’t got the hang of this yet. I could have sworn that was my number… I’ve probably got it confused with my other card.’
“They chat for a bit. The sales assistant, who is either disinterested or sympathetic, falls back on the old system, and swipes the card through.
“Because a relationship of empathy has already been established, and because they have already become accustomed to averting their gaze when people put pin numbers in, they don’t check the signature at all.
“So fraud is actually easier. There is very little vigilance at the point of sale any more. Fraudsters know this and they are taking advantage of it.”
I’ve been saying this kind of thing for a while, and it’s nice to read about some research that backs it up.
Other articles on the research are here, here, and here.
Posted on September 6, 2005 at 4:07 PM •