1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Chip-enabled credit cards are reportedly doing little to prevent fraud

By midian182 · 42 replies
Nov 12, 2018
Post New Reply
  1. Research firm Gemini Advisory revealed that three years after chip-enabled cards were rolled out in the US, they have done little to combat fraud. Out of the 60 million cases of credit card theft in the last 12 months, 93 percent were equipped with the new chips.

    The majority of these compromised cards—75 percent—were stolen at the point-of-sale devices, while only 25 percent came from online breaches.

    The EMV standard, which is named after the Europay, Mastercard, and Visa companies that created it, was designed to reduce fraud by creating an encrypted handshake between the card and the merchant’s POS terminal. It is meant to replace traditional magnetic-strip cards, which contain data that criminals can easily intercept.

    Gemini says the biggest problem is that merchants are failing to properly configure their POS systems, thereby allowing criminals to install data-stealing malware or skimmer devices. The information is then sold on the dark web in large bundles to other criminals, who embed it onto the magnetic strips of plastic cards. Because the fallback mechanism for a malfunctioning chip in the US is swiping, these fake credit cards can be used to make purchases.

    The report explains that larger merchants are starting to increase security around their POS networks, forcing criminals to focus on medium and small companies. But the US continues to have the worst credit card security in the world.

    Permalink to story.

    misor likes this.
  2. ForgottenLegion

    ForgottenLegion TS Guru Posts: 365   +367

    USA didn't have chip and pin until 2015! Wow, how backwards.

    Will they ever make it to contactless?
    Reehahs likes this.
  3. seefizzle

    seefizzle TS Evangelist Posts: 413   +287

    Contactless payments are available in the United States currently and somewhat widespread.
  4. fl21289

    fl21289 TS Booster Posts: 92   +75

    We are in 2018 and with the chip it takes 3x as long as before to complete your checkout...
    ShagnWagn, Robinson Ochoa and p51d007 like this.
  5. swagdaddy

    swagdaddy TS Rookie Posts: 18   +6

    Not even Chip & PIN yet! Technically we have Chip & Sig but never have to provide the Sig part so it's basically just 'Chip' cards.
    Godel likes this.
  6. Uncle Al

    Uncle Al TS Evangelist Posts: 5,150   +3,573

    No surprise there ..... there were more than a few reports of them being diverted and cracked before they even became widly circulated .....
    psycros likes this.
  7. R00sT3R

    R00sT3R TS Guru Posts: 145   +327

    What people make, people break.
    Robinson Ochoa likes this.
  8. Puiu

    Puiu TS Evangelist Posts: 3,300   +1,751

    what? how? unless you forgot your pin (if you have a CC with one) then it should not be slower.
    Dustyn likes this.
  9. mbrowne5061

    mbrowne5061 TS Evangelist Posts: 1,161   +628

    We have the chip, still no pin. In the city, or at chain stores, you use your chip. About half of those then ask for a sig. None ever ask for pins. Outside the cities, I would say have use chips, and the other have pieces of cardboard stuffed into the chip readers that say 'swipe only'.

    Our chip&pin is a half-conceived solution that was only half implemented again.
    Robinson Ochoa likes this.
  10. Richard M

    Richard M TS Member

    I have no idea where you guys saying that you are never asked for pins are shopping as I am asked for my pin on a regular basis.

    One thing to keep in mind is that most cards have a dollar amount before they ask for your pin depending on the bank that issued them. My bank asks for all purchases over $50 and my credit cards range from $50-$150 before they ask and anything less than that no pin needed. This is totally up to the individual bank and not controlled by the store.
  11. psycros

    psycros TS Evangelist Posts: 2,624   +2,363

    This is true, and it makes the chips utterly useless since criminals can simply make innumerable small purchases then return them for cash. Oh sure, it might throw up a red flag but by then its too late and they just switch to the next stolen account.

    Yep, and the financial industry completely ignored the warnings. I'm actually seeing places that were taking the chip a year ago no longer doing so..all it does is slow down transactions with no benefit and few businesses will tolerate that.
  12. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 11,208   +4,877

    I'll know when someone is hacking my pocket to get my dollar.
    senketsu and ShagnWagn like this.
  13. Capaill

    Capaill TS Evangelist Posts: 829   +439

    In Europe, it's chip and pin for all credit card purchases in the store. No sigs and always need the pin. Unless using contactless / NFC payments.
    Darth Shiv likes this.
  14. wiyosaya

    wiyosaya TS Evangelist Posts: 3,716   +2,076

    We can't have that in the US. Security is not worth the extra time it takes. /sarcasm
    trparky likes this.
  15. kapital98

    kapital98 TS Maniac Posts: 321   +246

    Tbf, security experts and regulatory bodies warned that the chip/signature solution was behind the times and would do relatively little to stop the growth of identity theft.

    The chip was a compromise between legislators who wanted European and Asian style security measures and legislators who wanted essentially no regulation over the market. We got a half baked system that is better than the old one but not by much.

    Many more of us should be using NFC transactions, 2 factor authentication, etc when dealing with debit/credit transactions. Most of can do this but we chose not to because it's just so much easier to use the lax security standards that exist.

    These regulations take years to roll out. There is currently no political motivation to change the laws. So expect things like this to get worse. The chip was just a bandaid to a far bigger problem.
    wiyosaya and p51d007 like this.
  16. p51d007

    p51d007 TS Evangelist Posts: 1,894   +1,169

    I started checking into using the phone/watch to pay as I understand it, when I use the watch, which on my watch (samsung G3) uses the MST. MST uses a ONE TIME token for each transaction, so your "real" card information isn't placed on the device.
  17. Heath

    Heath TS Rookie

    I thought the US issue was that all our cards still have the strip on the back, so until we get rid of that strip, we are all still just as easily prone?
  18. mrjgriffin

    mrjgriffin TS Evangelist Posts: 349   +163

    I assume that has to do with samsung pay? I want to get into those type of things but my area is all about these retard chip readers.
  19. p51d007

    p51d007 TS Evangelist Posts: 1,894   +1,169

    Yes, I use an android (non samsung) phone, and a Gear 3 Frontier watch along with samsung pay.
  20. Darth Shiv

    Darth Shiv TS Evangelist Posts: 1,952   +575

    Just got to rip the bandaid off and ban strip use when a chip is present.
  21. wiyosaya

    wiyosaya TS Evangelist Posts: 3,716   +2,076

    Having recently had my card compromised twice in the past few months, the best thing in the US is virtual credit card numbers - at least as I see it.

    Capital One (no, I don't work for them) seems to have the most versatile implementation of virtual card numbers in that you can assign a number to a particular vendor and if that number gets compromised, then you know the source, and all the other numbers you might have attached to the account are independent from each other and the physical card - meaning you only have to update the one merchant with a new number - assuming that you have recurring payments to them. The only drawback to this if the number from the physical card is compromised, you really don't have a way of knowing where it was compromised if you are using it at physical stores.

    This story also brings to mind that a friend of mine had his card compromised, too, around the same time that I did. It was a chip card, and he was told by his bank that the person who used it had a physical card - chip and all. Just goes to show that counterfeiting a physical chip card cannot be all that hard.
    senketsu and Darth Shiv like this.
  22. Darth Shiv

    Darth Shiv TS Evangelist Posts: 1,952   +575

    They could be bullshitting about the chip part.
  23. fl21289

    fl21289 TS Booster Posts: 92   +75

    Dude before you swipe and pin.... Now insert card.... leave card.... enter pin.... do not remove card.... please remove card. LOL it holds up the line just cause of this.
    senketsu likes this.
  24. BestJoeyEver

    BestJoeyEver TS Rookie

    Yes, but if the merchant is not EMV enabled, then it still falls back to the insecure MSD contactless method.
  25. BestJoeyEver

    BestJoeyEver TS Rookie

    What nonsense! Instead of 6 seconds it takes what? 12 seconds. What merchant are you going to with super sonic service times? That's an operational problem. Card security benefits FAR outweigh any supposed delays.

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...