New Chip-and-Pin Cards Have Shocking Security Flaw

By Steve Anderson August 11, 2016

Remember the furor over chip-and-PIN cards? How these were so much safer than magnetic strip cards and how we'd all be so much better off once we put them to use? The hype seems to have run just a little farther than the average user might like, as word from NCR says that the chip-and-pin card may have a new security flaw that could render these less safe than previously thought.

Since chip cards still use a magnetic strip, but one that tells the system to turn to the chip instead, the strip is the focus of the flaw. Credit card hackers can change the nature of the magnetic strip, making it seem like a card without a chip altogether, and allowing hackers to gain access to the credit card as if the chip were never there to begin with.

For chip cards, this is a disaster. Already, retailers were complaining about the expensive new infrastructure required to handle chip card systems, along with the delays involved in actually using the cards. The last thing anyone needed to hear was security issues. What's more, vendors are noting that the problem lies at the retailer level, as retailers aren't encrypting transactions made with chip cards.  That burden is being put on the retailer, and word from the National Retail Federation is that just the upgrade to chip cards already costs around $25 billion. Worse, the chip card infrastructure sold to the retailers doesn't have encryption as a default feature, so that's another expense going to the retailer, who's already under fire from online and mobile shopping.

Some new developments are making attacks on such cards even easier. So-called “shimmers,” devices that record transaction data, are being covertly inserted into ATMs and the like by hackers, who can then take that transaction data and put it to use for their own ends. This latest tactic joins others being tested or operating in the field at last report; as far back as 2011, Aperture Labs and Inverse Path were running briefings about harvesting PINs from EMV.

There were already difficulties with getting retailers to switch over to Europay / Mastercard / Visa (EMV) standards, exemplified by the chip-and-PIN system, thanks to the sheer expense and difficulty involved. Now, revelations that the system isn't all that safe unless a whole new set of expenses are taken on may well doom this change before it fully starts, liability shifts aside. If retailers start rebelling against this, they may well consider eschewing cards altogether in favor of a growing array of mobile payment options instead.

That opens up some significant opportunities to cut banks and cards out of the market, and may well end up doing a lot more damage than anyone suspected. This won't be an easily fixed mess, but it's clear that strong tactics are called for in the face of significant potential losses.




Edited by Alicia Young

Contributing Writer

SHARE THIS ARTICLE
Related Articles

ITEXPO's IBM Keynoter: AI is Here Today

By: Paula Bernier    2/20/2018

Many folks think the artificial intelligence is something we'll see in the future. That's true. AI will be employed in a broader variety of more sophi…

Read More

The Blockchain Event Draws a Crowd

By: Paula Bernier    2/20/2018

The Blockchain Event in Fort Lauderdale draws a crowd, offers some answers, and raises lots of interesting questions. Why have some cryptocurrencies g…

Read More

Hughes: WAN Optimization Expertise, Homegrown Solution Differentiate SD-WAN

By: Paula Bernier    2/16/2018

The SD-WAN marketplace is a crowded one. But Hughes Network Systems says it brings unique expertise and proven technology to the table. And that, Jeff…

Read More

Juniper Security Expert: Behavior Analytics Helps Address Threat Complexity

By: Paula Bernier    2/16/2018

Organizations are changing their cybersecurity strategies, says Juniper Networks Cybersecurity Strategist Nick Bilogorskiy, who presented the closing …

Read More

Welbitz Wins ITEXPO's Idea SHOWCASE

By: Paula Bernier    2/16/2018

It was a sweep. Both the audience and the judges at ITEXPO's IDEA Showcase Thursday picked Welbitz as the winner. The company went up against fellow s…

Read More