Petrol firm Shell has suspended Chip-and-Pin payments in its U.K. petrol stations after more than £1 million ($1.45 million) was stolen from customer accounts. Eight people have been arrested in connection with the fraud.
Details of the fraud remain unclear, but is being investigated by the Metropolitan Police cheque and plastic crime unit. The Association of Payment Clearing Services (Apacs) said the fraud was only related to one chain of petrol stations.
Chip-and-Pin is a way of paying for goods and services with a credit card using a four-digit pin instead of the customer's signature.
Shell said the suspension of such payments was temporary precaution and has reverted to using customer signatures for payment authorisation.
A Shell spokeswoman told the BBC that the "Shell's Chip-and-Pin solution is fully accredited and complies with all relevant industry standards." And while the service was suspended, the company hoped to reintroduce it as soon "as it is possible, following consultation with the terminal manufacturer, card companies and the relevant authorities."
Security experts said consumer confidence in the system would be shaken by the incident.
"The fact that the first breach has occurred so soon after the full implementation in February, shows just how determined and sophisticated today's fraudsters are," said Andrew Moloney, senior product manager at RSA Security's consumer solutions division.
"Research report after research report confirms a growing lack of consumer confidence in banking online, and the impact of further breaches affecting a mainstream payment system like Chip-and-Pin could be devastating," he said.
He said this theft proved is that no one technology solution can be relied upon to prevent card or online fraud.
"A risk-based, layered approach to security, where detailed transaction monitoring and behavioural analysis, post authentication is in place to help detect fraudulent activity, is the only way to redress the balance and restore consumer confidence," said Moloney.