Serge Humpich
   HOME

TheInfoList



Click Here for Items Related To - Serge Humpich
OR:
Serge Humpich on:   [Wikipedia]   [Google]   [Amazon]

Serge Humpich is a person who discovered a serious flaw in the
Carte Bleue ''Carte Bleue'' () was a major debit card payment system operating in France. Unlike Visa Electron or Maestro debit cards, Carte Bleue transactions worked without requiring authorization from the cardholder's bank. In many situations, the card w ...
system used in France for credit cards. He tried to contact banks without success for warning them, and so decided to perform a public "show" where he bought subway tickets while using the flaw in the card system. He was convicted in 2000 to a ten months suspended sentence. He was 36 at the time, and lost his job as a result of the case.


Biography

Serge Humpich was born to a mother who taught industrial sewing at a
Vocational school A vocational school (alternatively known as a trade school, or technical school), is a type of educational institution, which, depending on the country, may refer to either secondary education#List of tech ed skills, secondary or post-secondar ...
and a father who was a potash miner. He grew up in
Alsace Alsace (, ; ) is a cultural region and a territorial collectivity in the Grand Est administrative region of northeastern France, on the west bank of the upper Rhine, next to Germany and Switzerland. In January 2021, it had a population of 1,9 ...
with his younger sister, in
Wittenheim Wittenheim (; in Alsatian Wìttana, ) is a commune in the Haut-Rhin department, Grand Est, northeastern France. It is one of the northern suburbs of the city of Mulhouse, and forms part of the Mulhouse Alsace Agglomération, the inter-communa ...
for the first six years, then in
Pulversheim Pulversheim () is a commune in the Haut-Rhin department in Grand Est in north-eastern France. It forms part of the Mulhouse Alsace Agglomération, the inter-communal local government body for the Mulhouse conurbation. Population See also * C ...
from 1969. He obtained a scientific
Baccalauréat The ''baccalauréat'' (; ), often known in France colloquially as the ''bac'', is a French national academic qualification that students can obtain at the completion of their secondary education (at the end of the ''lycée'') by meeting certain ...
before continuing his studies at the
Institut national des sciences appliquées de Lyon The Institut National des Sciences Appliquées de Lyon (; "Lyon National Institute for Applied Sciences") or INSA Lyon is a French grande école and engineering school. The university is located on the La Doua – LyonTech campus, in a cluster o ...
. After graduating as an electrical engineer, he worked in finance as a computer developer.For 12 years, he designed decision support and
Back office A back office in most corporations is where work that supports '' front office'' work is done. The front office is the "face" of the company and is all the resources of the company that are used to make sales and interact with customers and clien ...
processing software to manage
Trader (finance) A trader is a person, firm, or entity in finance who buys and sells financial instruments, such as forex, cryptocurrencies, stocks, bonds, commodities, derivatives, and mutual funds, indices in the capacity of agent, hedger, arbitrager, or spe ...
orders and risks. In his spare time, he became interested in the security of everyday devices, and began working on the French
Smart card A smart card (SC), chip card, or integrated circuit card (ICC or IC card), is a card used to control access to a resource. It is typically a plastic credit card-sized card with an Embedded system, embedded integrated circuit (IC) chip. Many smart ...
in particular in the mid-1990s. In 1997, he discovered a flaw in the bankcard security system. By
Reverse engineering Reverse engineering (also known as backwards engineering or back engineering) is a process or method through which one attempts to understand through deductive reasoning how a previously made device, process, system, or piece of software accompl ...
a payment terminal he had bought from a retailer, he analyzed every stage of the smart card payment procedure and broke the
Public-key cryptography Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic alg ...
used to authenticate cards by the reader. This flaw enables the creation of cards accepted by terminals, but not linked to a bank account. In the summer of 1998, he appointed a lawyer specializing in industrial law and two industrial property experts to try - unsuccessfully - to negotiate his “know-how” with the CB Bank Card Group, warning them of the vulnerability he had discovered. To demonstrate the feasibility of this technique, he carried out a public demonstration of the vulnerability of the cards by withdrawing eleven books of
Rapid transit Rapid transit or mass rapid transit (MRT) or heavy rail, commonly referred to as metro, is a type of high-capacity public transport that is generally built in urban areas. A grade separation, grade separated rapid transit line below ground su ...
tickets, together with ten bills, using ten cards of his own manufacture from vending machines in the Balard (métro de Paris) and
Charles Michels station Charles Michels () is a station on Line 10 of the Paris Métro. It is located in the 15th arrondissement. History The station opened as ''Beaugrenelle'' on 13 July 1913 as part of the initial section of line 8 as its temporary southern termin ...
. This attempt led to a
Search warrant A search warrant is a court order that a magistrate or judge issues to authorize Police, law enforcement officers to conduct a Search and seizure, search of a person, location, or vehicle for evidence of a crime and to Confiscation, confiscate an ...
, the seizure of his equipment and his detention in police custody. On February 25, 2000, he was found “guilty of falsifying bank cards and fraudulently introducing them into an automated processing system”. This was despite widespread support for his action, which had revealed technical and design flaws in the bankcards that needed to be corrected. He was given a 10-month suspended prison sentence and subsequently withdrew from the appeal procedure he had initiated. Following his conviction, he wrote a book, Le cerveau bleu, recounting his version of the case, as an appeal “to all”. Meanwhile, the public prosecutor's office appealed, and the Paris Court of Appeal upheld the TGI's verdict on December 6, 2000. Dismissed from GFI for gross misconduct following the media coverage of his case, he set up a company in the
United States The United States of America (USA), also known as the United States (U.S.) or America, is a country primarily located in North America. It is a federal republic of 50 U.S. state, states and a federal capital district, Washington, D.C. The 48 ...
and a few years later returned to France, where he worked for Bearstech.


References


Bibliography

* Ingrand, Cedric (2000-02-26), "French credit card hacker convicted", The Register
https://www.theregister.co.uk/2000/02/26/french_credit_card_hacker_convicted/
* Jessel, Stephen (2000-02-25), "Credit card whistleblower sentenced", BBC
http://news.bbc.co.uk/2/hi/europe/657135.stm
* Webster, Paul (2000-01-22), "Banks fail to give credit to fake smart card 'genius'",The Guardian
http://www.guardian.co.uk/world/2000/jan/22/paulwebster


Other sites

* Pele, Laurent "French banking smartcard cracked : the story!"

(a time line of events, with links to many articles) * Brontosaurus (2003-09-25), "Serge Humpich"
http://www.everything2.com/title/Serge+Humpich
(an Everything2 article on Serge Humpich) People convicted of cybercrime 20th-century French criminals 1963 births People from Mulhouse Living people 21st-century French criminals {{France-bio-stub