= Serge Humpich =

Serge Humpich
- Born: 1963

Serge Humpich is a person who discovered a serious flaw in the Carte Bleue system used in France for credit cards. He tried to contact banks without success of warning them, and so decided to perform a public "show" where he bought subway tickets while using the flaw in the card system. He was convicted in 2000 to a ten months suspended sentence. He was 36 at the time, and lost his job as a result of the case.

==Biography==
Serge Humpich was born to a mother who taught industrial sewing at a vocational school and a father who was a potash miner. He grew up in Alsace with his younger sister, in Wittenheim for the first six years, then in Pulversheim from 1969.

He obtained a scientific baccalauréat before continuing his studies at the Institut national des sciences appliquées de Lyon. After graduating as an electrical engineer, he worked in finance as a computer developer. For 12 years, he designed decision support and back office processing software to manage trading orders and risks.

In his spare time, he became interested in the security of everyday devices, and began working on the French smart card in particular in the mid-1990s.

In 1997, he discovered a flaw in the bankcard security system. By reverse engineering a payment terminal he had bought from a retailer, he analyzed every stage of the smart card payment procedure and broke the public-key cryptography used to authenticate cards by the reader. This flaw enables the creation of cards accepted by terminals, but not linked to a bank account.

In the summer of 1998, he appointed a lawyer specializing in industrial law and two industrial property experts to try – unsuccessfully – to negotiate his "know-how" with the CB Bank Card Group, warning them of the vulnerability he had discovered. To demonstrate the feasibility of this technique, he carried out a public demonstration of the vulnerability of the cards by withdrawing eleven books of rapid transit tickets, together with ten bills, using ten cards of his own manufacture from vending machines in the Balard (métro de Paris) and Charles Michels station. This attempt led to a search warrant, the seizure of his equipment and his detention in police custody.

On February 25, 2000, he was found "guilty of falsifying bank cards and fraudulently introducing them into an automated processing system". This was despite widespread support for his action, which had revealed technical and design flaws in the bankcards that needed to be corrected. He was given a 10-month suspended prison sentence and subsequently withdrew from the appeal procedure he had initiated. Following his conviction, he wrote a book, Le cerveau bleu, recounting his version of the case, as an appeal "to all". Meanwhile, the public prosecutor's office appealed, and the Paris Court of Appeal upheld the TGI's verdict on December 6, 2000.

Dismissed from GFI for gross misconduct following the media coverage of his case, he set up a company in the United States and a few years later returned to France, where he worked for Bearstech.

== Bibliography ==
- Ingrand, Cedric (2000-02-26), "French credit card hacker convicted", The Register.
- Jessel, Stephen (2000-02-25), "Credit card whistleblower sentenced", BBC.
- Webster, Paul (2000-01-22), "Banks fail to give credit to fake smart card 'genius'",The Guardian.

== Other sites ==
- Pele, Laurent "French banking smartcard cracked : the story!", (a time line of events, with links to many articles)
- Brontosaurus (2003-09-25), "Serge Humpich", (an Everything2 article on Serge Humpich)
