Still better than mag stripes!
Chip-enabled credit cards are reportedly doing little to prevent fraud
- Thread starter midian182
- Start date
I work for a POS hardware supplier that works exclusively with a popular global fast food chain. I can attest that fast food is the biggest culprits of lax payment security. Up until just recently, all stores in the US were required to move away from Windows XP. Only within the last year have they been implementing network security to keep unauthorized devices off the store network. Even then, the security is minimal and still extremely susceptible to breaches by anyone who has a decent understanding of network protocols. If you want the United States as a whole to change, you need to start with fast food.
This. Businesses upgrade only when you hold a gun to their head. Security is expensive and business owners typically don't see any ROI on security so they drag their feet until you literally force them to upgrade. The good thing about EMV that I think a lot of people not in this arena fail to realize is that with EMV came new PCI standards requiring the use of firewalls, the latest versions of pos software and payment software, along with a myriad of other new rule changes. Regardless of how secure EMV might be, just to get up to the level of processing with EMV requires a lot of other changes to the payment environment which is all good for security.
Doesn't it make you feel warm and fuzzy to think that your card security is in the hands of a frugal business owner who doesn't understand why he needs to upgrade his POS terminals from windows XP?
S
senketsu
I'm in Canada, debit card and credit card both chip and PIN. And yes, in the last year I've had to replace both cards due to fraud.
The last one on the CC was someone using it to buy a tour bus ticket for Thailand and Cambodia. The bank was actually going to have me fill out forms that it wasn't me for the slightly over $100 CAD amount, but they never arrived. I guess the fact that I was using my card in my hometown while at the same time, the same card was being used in Cambodia tipped them off LOL.
The last one on the CC was someone using it to buy a tour bus ticket for Thailand and Cambodia. The bank was actually going to have me fill out forms that it wasn't me for the slightly over $100 CAD amount, but they never arrived. I guess the fact that I was using my card in my hometown while at the same time, the same card was being used in Cambodia tipped them off LOL.
wiyosaya
Posts: 9,759 +9,644
Um, no!
His instance happened this past June 2018 and virtually every CC issuer in the US has had chip cards for some time now. Besides, I've known this person for 20+ years, he is among the most technically inclined people I know. I have never known him to lie about something like this. He was obviously quite frustrated while recounting what he had to go through with the "bank" (e-bay) that issued the card.
D
DelJo63
Citicard called to review recent purchases on the East coast at a beauty salon
Also demonstrates credit profile is monitored for YOUR protection as well as theirs.
- I am a male
- resident in SoCal
- and at home not traveling
Also demonstrates credit profile is monitored for YOUR protection as well as theirs.
Fobus
Posts: 127 +103
utter nonsense. For small purchases it takes just as long as counting cents from your wallet, if larger, I end up spending more time putting the things that I bought in my bag than paying with a card. It would be funny how backwards USA is on some stuff until you realize how much they dictate to the world...
ShagnWagn
Posts: 1,297 +1,085
Using a chip is pointless.
1. Chips don't read about half the time
2. It has to fail three times, then you still end up using the swipe, which works.
3. Annoying customers in long lines
4. Credit cards don't use pins. Only debit card (for me), which I don't use.
5. Retailers don't even check IDs at all. It could be a stolen/lost card and they never know.
6. Chips have absolutely no effect for online purchases.
Know what? Cash is faster and cheaper. It saves transaction fees. The cost of everything would be 3-5% cheaper due to the overhead of credit cards. That is a huge savings.
I worked at Mastercard for a short time. You should have heard how angry execs would get if they heard you or anybody used cash instead of a card.
1. Chips don't read about half the time
2. It has to fail three times, then you still end up using the swipe, which works.
3. Annoying customers in long lines
4. Credit cards don't use pins. Only debit card (for me), which I don't use.
5. Retailers don't even check IDs at all. It could be a stolen/lost card and they never know.
6. Chips have absolutely no effect for online purchases.
Know what? Cash is faster and cheaper. It saves transaction fees. The cost of everything would be 3-5% cheaper due to the overhead of credit cards. That is a huge savings.
I worked at Mastercard for a short time. You should have heard how angry execs would get if they heard you or anybody used cash instead of a card.
Darth Shiv
Posts: 2,371 +886
Seriously doubt that the chip was compromised. Chips haven't been cracked to my knowledge. The best they can do is fool a merchant terminal into thinking swipe is ok.
I fully agree that cash is faster and cheaper. I always prefer to pay in cash in stores and use my credit card online only. My only security concern is that my card will be skimmed when at the ATM.
Don't overlook the possibility of being robbed. Unlikely but it happens. Just saying.
cliffordcooley
Posts: 13,141 +6,441
So you are saying it is not the chip that was compromised. It was the card reader, or the system validating the chip.
Darth Shiv
Posts: 2,371 +886
Those are basically very locked down systems. Designed to put keys into protected areas of hardware that can't be snooped and so on. Chip cards are designed so that they generate tokens internally. You basically need to crack latest asymmetric encryption standards to be able to forge a token unless somehow you can extract the internal seeds.
So compromising the card reader doesn't actually help you forge chips handshakes. It gives you nothing extra in copying the chips. That's why chips are such a strong advancement. The card number shown on the front isn't what the chip card sends to the vendor. It sends like a one time PIN each time.
I'm 99% sure instead somehow a fallback was tricked into occurring and the old magstripe card number was used instead.
The two other possibilities are
1) The internal card key was compromised via hardware approach. Slicing silicon requires VERY expensive equipment. High 6 or 7 figure.
2) Asymmetric crypto was cracked. Either a weak keysize is used and like cloud computing makes it fairly easy OR there's a weakness.
cliffordcooley
Posts: 13,141 +6,441
@Darth Shiv
That makes sense. I did however think the point in having the chip, was to avoid all other less secure methods.
That makes sense. I did however think the point in having the chip, was to avoid all other less secure methods.
Darth Shiv
Posts: 2,371 +886
In Australia, the banks now enforce chip. You cannot swipe as fallback. If your chip is busted (extremely rare), you can't use the card.
The barrier to entry to that model for the US is the US has an extremely large network of POS machines in the field and old style swipe only payment setups. They would need to be all upgraded to support chip. This could be costly for small business as now they would need to pay for a 4G data plan for the device. The POS terminals generally speaking are hundreds of dollars. Used to be up to $1000 for the ones I used to dev on.
Banks really should subsidise the capital layout and just bite the bullet but I'd imagine it's pretty disruptive to such a massive economy. They would of course have an enormous amount to gain - great reduction in payment fraud! Pretty sure they self-insure. Surely cutting down this loss is worth a lot to them.
S
senketsu
@Darth Shiv
where I shop in Canada, if your card has a chip, you CANNOT use the stripe even if the chip fails. I don't know if this is bank policy like Australia or just the terminals I used.
edit: I'm not sure the chip fails, just often used readers sometimes fail reading the chip.
where I shop in Canada, if your card has a chip, you CANNOT use the stripe even if the chip fails. I don't know if this is bank policy like Australia or just the terminals I used.
edit: I'm not sure the chip fails, just often used readers sometimes fail reading the chip.
Darth Shiv
Posts: 2,371 +886
Yep that's how it is here too. It's a great anti-fraud policy. Banks can also issue on the spot temp cards if you have a failure while your new card is being prepared.
Latest posts
-
Tesla is laying off 10% of global workforce amid declining sales and production cuts- captaincranky replied
-
Logitech thinks the computer mouse needs an AI upgrade- FaTaL replied
-
New Affordable AMD B650 Motherboard Roundup- Starfals replied
-
PlayStation 5 Pro will be bigger, faster, and better using the same CPU
- anastrophe replied
-
How to play PS1 Doom on PC (and why you might want to)- amghwk replied
