STRATEGIC PARTNERS
March 30, 2003
DURBAN, South Africa -- International academics are outraged about a court order preventing the media or any witnesses from publicly exposing the computerized security systems of Diners Club International, according to a report in South Africa's The Mercury.
But Diners Club attorneys argue that it would not be right for the public to learn the inner workings of the security systems.
The court reasserted its right to bar certain evidence this week when the public was prevented from hearing the testimony of Diners Club's expert witnesses.
Diner's Club is suing Durban businessman Anil Singh for allegedly colluding with a crime syndicate that attempted to defraud Diners Club South Africa of millions of rands in an elaborate ATM scam, according to the Mercury.
Singh and his wife, Vanithra, are being sued by Diners Club for 600,000 rand (about $76,032 U.S.), the amount it claims was withdrawn from ATMs in London in 190 transactions over two days in March of 2000.
Some evidence was heard in the marathon civil trial in London earlier this month. The case continued in the Durban High Court this week.
The media were barred from hearing the testimony of certain witnesses after the court ruled that security would be breached if information about bank systems was disclosed.
The Singhs, who are contesting the action, claim they were not in London at the time of the withdrawals. Singh said that on the two days on which Diners Club claims the withdrawals were made, he and his wife had their cards with them at all times.
He said he had been advised by Diners Club that the daily ATM withdrawal limit on the cards was 1,000 rand (about $127 U.S.) and that their joint monthly limit was 40,000 rand (about $5,068).
"How then Diners Club can allow the cards to be used to incur expenditure in excess of 600,000 rand on two consecutive days escapes me," he said.
Members of Diners Club's legal team told Judge Phil Levinsohn that it was impossible for withdrawals to be made from an ATM without a PIN. They claimed that Singh knew members of a syndicate who flew regularly to London to withdraw cash using Diners Club cards with the knowledge of the cardholders and may have given his card and PIN to them.
The team said the bank was aware of five cases, including Singh's, where credit cards were used without the cardholders being present. All the cases could be linked to members of the same syndicate through travel records, they said.
In her testimony, a Diners Club credit controller, Saadiya Moned, said a day before the money was withdrawn from Anil Singh's account, he had created a fuss about a hold put on his card. She had assured him that the hold applied only in South Africa.
Singh contends that Diner's Club security is lax. Earlier this year he called in British computer experts Ross Anderson, who has written a book entitled "How To Rob A Bank," and Cambridge University doctoral student Mike Bond to prove his point.
When the trial moved to London to hear those witnesses, Diners Club sought and received a court order that their evidence be kept confidential.
The Cambridge experts said the order would interfere with their research.
"An order preventing public reference to the failings of particular commercial cryptographic systems would not merely impede the progress of science, it would prejudice future litigants. It may even promote crime by suppressing public domain information needed to motivate upgrades to ATM security," they argued.
They said much of the information was already in the public domain, available in academic works as well as on the Internet.
However, the British judge granted the order. "The evidence of Mr. Bond and Dr. Anderson is to the effect that it is possible for security of these systems to be penetrated. But this is a long way from saying this is what happened in this case," he said.
