Chip-enabled credit cards are reportedly doing little to prevent fraud

midian182

midian182

Posts: 9,742   +121
Staff member
In brief: After being the standard in Europe for around a decade, chip-enabled credit cards finally came to the US in 2015. They were supposed to help prevent the fraud problem that had reached huge levels, but a new report shows that’s been far from the case.

Research firm Gemini Advisory revealed that three years after chip-enabled cards were rolled out in the US, they have done little to combat fraud. Out of the 60 million cases of credit card theft in the last 12 months, 93 percent were equipped with the new chips.

The majority of these compromised cards—75 percent—were stolen at the point-of-sale devices, while only 25 percent came from online breaches.

The EMV standard, which is named after the Europay, Mastercard, and Visa companies that created it, was designed to reduce fraud by creating an encrypted handshake between the card and the merchant’s POS terminal. It is meant to replace traditional magnetic-strip cards, which contain data that criminals can easily intercept.

Gemini says the biggest problem is that merchants are failing to properly configure their POS systems, thereby allowing criminals to install data-stealing malware or skimmer devices. The information is then sold on the dark web in large bundles to other criminals, who embed it onto the magnetic strips of plastic cards. Because the fallback mechanism for a malfunctioning chip in the US is swiping, these fake credit cards can be used to make purchases.

The report explains that larger merchants are starting to increase security around their POS networks, forcing criminals to focus on medium and small companies. But the US continues to have the worst credit card security in the world.

Permalink to story.

https://www.techspot.com/news/77371-report-chip-enabled-credit-cards-doing-little-prevent.html

 
  • Like
Reactions: misor
No surprise there ..... there were more than a few reports of them being diverted and cracked before they even became widly circulated .....
 
  • Like
Reactions: psycros
ForgottenLegion said:
USA didn't have chip and pin until 2015! Wow, how backwards.

Will they ever make it to contactless?
Click to expand...

We have the chip, still no pin. In the city, or at chain stores, you use your chip. About half of those then ask for a sig. None ever ask for pins. Outside the cities, I would say have use chips, and the other have pieces of cardboard stuffed into the chip readers that say 'swipe only'.

Our chip&pin is a half-conceived solution that was only half implemented again.
 
  • Like
Reactions: Robinson Ochoa
I have no idea where you guys saying that you are never asked for pins are shopping as I am asked for my pin on a regular basis.

One thing to keep in mind is that most cards have a dollar amount before they ask for your pin depending on the bank that issued them. My bank asks for all purchases over $50 and my credit cards range from $50-$150 before they ask and anything less than that no pin needed. This is totally up to the individual bank and not controlled by the store.
 
Richard M said:
I have no idea where you guys saying that you are never asked for pins are shopping as I am asked for my pin on a regular basis.

One thing to keep in mind is that most cards have a dollar amount before they ask for your pin depending on the bank that issued them. My bank asks for all purchases over $50 and my credit cards range from $50-$150 before they ask and anything less than that no pin needed. This is totally up to the individual bank and not controlled by the store.
Click to expand...

This is true, and it makes the chips utterly useless since criminals can simply make innumerable small purchases then return them for cash. Oh sure, it might throw up a red flag but by then its too late and they just switch to the next stolen account.

Uncle Al said:
No surprise there ..... there were more than a few reports of them being diverted and cracked before they even became widly circulated .....
Click to expand...

Yep, and the financial industry completely ignored the warnings. I'm actually seeing places that were taking the chip a year ago no longer doing so..all it does is slow down transactions with no benefit and few businesses will tolerate that.
 
In Europe, it's chip and pin for all credit card purchases in the store. No sigs and always need the pin. Unless using contactless / NFC payments.
 
  • Like
Reactions: Darth Shiv
Capaill said:
In Europe, it's chip and pin for all credit card purchases in the store. No sigs and always need the pin. Unless using contactless / NFC payments.
Click to expand...
We can't have that in the US. Security is not worth the extra time it takes. /sarcasm
 
  • Like
Reactions: trparky
Tbf, security experts and regulatory bodies warned that the chip/signature solution was behind the times and would do relatively little to stop the growth of identity theft.

The chip was a compromise between legislators who wanted European and Asian style security measures and legislators who wanted essentially no regulation over the market. We got a half baked system that is better than the old one but not by much.

Many more of us should be using NFC transactions, 2 factor authentication, etc when dealing with debit/credit transactions. Most of can do this but we chose not to because it's just so much easier to use the lax security standards that exist.

These regulations take years to roll out. There is currently no political motivation to change the laws. So expect things like this to get worse. The chip was just a bandaid to a far bigger problem.
 
  • Like
Reactions: wiyosaya and p51d007
I started checking into using the phone/watch to pay as I understand it, when I use the watch, which on my watch (samsung G3) uses the MST. MST uses a ONE TIME token for each transaction, so your "real" card information isn't placed on the device.
 
I thought the US issue was that all our cards still have the strip on the back, so until we get rid of that strip, we are all still just as easily prone?
 
p51d007 said:
I started checking into using the phone/watch to pay as I understand it, when I use the watch, which on my watch (samsung G3) uses the MST. MST uses a ONE TIME token for each transaction, so your "real" card information isn't placed on the device.
Click to expand...
I assume that has to do with samsung pay? I want to get into those type of things but my area is all about these retard chip readers.
 
mrjgriffin said:
I assume that has to do with samsung pay? I want to get into those type of things but my area is all about these retard chip readers.
Click to expand...

Yes, I use an android (non samsung) phone, and a Gear 3 Frontier watch along with samsung pay.
 
Heath said:
I thought the US issue was that all our cards still have the strip on the back, so until we get rid of that strip, we are all still just as easily prone?
Click to expand...
Just got to rip the bandaid off and ban strip use when a chip is present.
 
Having recently had my card compromised twice in the past few months, the best thing in the US is virtual credit card numbers - at least as I see it.

Capital One (no, I don't work for them) seems to have the most versatile implementation of virtual card numbers in that you can assign a number to a particular vendor and if that number gets compromised, then you know the source, and all the other numbers you might have attached to the account are independent from each other and the physical card - meaning you only have to update the one merchant with a new number - assuming that you have recurring payments to them. The only drawback to this if the number from the physical card is compromised, you really don't have a way of knowing where it was compromised if you are using it at physical stores.

This story also brings to mind that a friend of mine had his card compromised, too, around the same time that I did. It was a chip card, and he was told by his bank that the person who used it had a physical card - chip and all. Just goes to show that counterfeiting a physical chip card cannot be all that hard.
 
  • Like
Reactions: senketsu and Darth Shiv
wiyosaya said:
This story also brings to mind that a friend of mine had his card compromised, too, around the same time that I did. It was a chip card, and he was told by his bank that the person who used it had a physical card - chip and all. Just goes to show that counterfeiting a physical chip card cannot be all that hard.
Click to expand...
They could be bullshitting about the chip part.
 
fl21289 said:
Puiu said:
fl21289 said:
We are in 2018 and with the chip it takes 3x as long as before to complete your checkout...
Click to expand...
what? how? unless you forgot your pin (if you have a CC with one) then it should not be slower.
Click to expand...

Dude before you swipe and pin.... Now insert card.... leave card.... enter pin.... do not remove card.... please remove card. LOL it holds up the line just cause of this.
Click to expand...
fl21289 said:
Puiu said:
fl21289 said:
We are in 2018 and with the chip it takes 3x as long as before to complete your checkout...
Click to expand...
what? how? unless you forgot your pin (if you have a CC with one) then it should not be slower.
Click to expand...

Dude before you swipe and pin.... Now insert card.... leave card.... enter pin.... do not remove card.... please remove card. LOL it holds up the line just cause of this.
Click to expand...
What nonsense! Instead of 6 seconds it takes what? 12 seconds. What merchant are you going to with super sonic service times? That's an operational problem. Card security benefits FAR outweigh any supposed delays.
 
You must log in or register to reply here.

Similar threads

E
The WD Ultrastar Transporter supports up to 368 terabytes of storage in a 30-pound form factor
Replies
17
Views
182
Uncle Al
Uncle Al
D
Intel unveils its Gaudi 3 AI accelerator: 128GB HBM2e memory, set to rival Nvidia H100 and AMD MI300
Replies
3
Views
130
poohbear
P
D
Apple iPhone 17 Pro could be the first phone with TSMC's 2nm chip
Replies
8
Views
144
daffy duck
D

Latest posts

Back