The French bank card system is supposed to be inviolable. But Mr Serge Humpich (36), a computer programmer who lives alone on a run-down farm outside Paris, invented his very own universal bank card, accepted by any terminal with the use of any four-digit code.
Mr Humpich's discovery gave him access to more than £400 million in annual turnover at the Groupement d'Interet Economique - Cartes Bancaires (GIE-CB), which ensures transactions for 30 million French bank cards.
It was the virtual break-in of the new century. Mr Humpich could have charged meals, clothes and hotel bills indefinitely. GIE would have noticed mysterious accounting errors, but would have had great difficulty in tracing the perpetrator.
But rather than use his invention, the honest hacker approached GIE through a lawyer, offering to sell them his knowledge for £240,000. He stole only two carnets of Paris metro tickets (cost: £13.20), purchased from a computerised vending machine at the request of GIE. Yesterday, at his hearing for "counterfeiting and fraudulent entry into an automated system", a Paris prosecutor recommended a two-year suspended sentence and £6,000 fine for the computer genius.
Mr Humpich realised that retail terminals were the weak link in GIE's system. "When you type a code, the payment terminal sends the code to the card, which tells it whether it's the right code. I made a card that answers `yes' every time, whatever code you enter," he explained to Le Nouvel Observateur.
He bought a used terminal from a shopkeeper and spent four years taking it apart and doing calculations. Mr Humpich claims his only motivation was proving to himself that he could crack GIE's security system. "Imagine there's treasure buried in the Himalayas and you're the only one who can find it. How could you sleep at night without doing it, and without telling people about it?"
Mr Humpich registered his invention in a sealed envelope at the patent office while GIE pretended to negotiate in earnest but filed a lawsuit behind his back. When he bought the metro tickets, GIE said the machines had a low security threshold and asked him to turn four virgin cards into universal cards. He did it in half an hour - plunging the credit card company into panic. It would cost tens of billions of francs to replace all of their cards and terminals.
GIE has managed to minimise media coverage of Mr Humpich's "crime", and the boyish, bespectacled computer geek seemed surprised by the number of photo graphers who surrounded him at the Palais de Justice. At least two television reports have been quashed, one after GIE threatened to sue the station for "incitement to fraud".
The exploit has brought Mr Humpich only grief. His employer fired him when he was charged last August. His little farmhouse - which he had no money to insure - collapsed in the Christmas storms. Now his Internet provider wants to shut down his website (http://altern.org/humpich) because it too is threatened with legal action.
Mr Humpich can console himself with the knowledge that he holds the power of life and death over the French bank card system. "My only defence is to talk," he told L'Observateur. "Anyone who knows what I know can do what I did. The whole payment terminal system will have to be reconsidered."