New Chip-and-Pin Cards Have Shocking Security Flaw

By Steve Anderson August 11, 2016

Remember the furor over chip-and-PIN cards? How these were so much safer than magnetic strip cards and how we'd all be so much better off once we put them to use? The hype seems to have run just a little farther than the average user might like, as word from NCR says that the chip-and-pin card may have a new security flaw that could render these less safe than previously thought.

Since chip cards still use a magnetic strip, but one that tells the system to turn to the chip instead, the strip is the focus of the flaw. Credit card hackers can change the nature of the magnetic strip, making it seem like a card without a chip altogether, and allowing hackers to gain access to the credit card as if the chip were never there to begin with.

For chip cards, this is a disaster. Already, retailers were complaining about the expensive new infrastructure required to handle chip card systems, along with the delays involved in actually using the cards. The last thing anyone needed to hear was security issues. What's more, vendors are noting that the problem lies at the retailer level, as retailers aren't encrypting transactions made with chip cards.  That burden is being put on the retailer, and word from the National Retail Federation is that just the upgrade to chip cards already costs around $25 billion. Worse, the chip card infrastructure sold to the retailers doesn't have encryption as a default feature, so that's another expense going to the retailer, who's already under fire from online and mobile shopping.

Some new developments are making attacks on such cards even easier. So-called “shimmers,” devices that record transaction data, are being covertly inserted into ATMs and the like by hackers, who can then take that transaction data and put it to use for their own ends. This latest tactic joins others being tested or operating in the field at last report; as far back as 2011, Aperture Labs and Inverse Path were running briefings about harvesting PINs from EMV.

There were already difficulties with getting retailers to switch over to Europay / Mastercard / Visa (EMV) standards, exemplified by the chip-and-PIN system, thanks to the sheer expense and difficulty involved. Now, revelations that the system isn't all that safe unless a whole new set of expenses are taken on may well doom this change before it fully starts, liability shifts aside. If retailers start rebelling against this, they may well consider eschewing cards altogether in favor of a growing array of mobile payment options instead.

That opens up some significant opportunities to cut banks and cards out of the market, and may well end up doing a lot more damage than anyone suspected. This won't be an easily fixed mess, but it's clear that strong tactics are called for in the face of significant potential losses.

Edited by Alicia Young

Contributing Writer

Related Articles

Why People Don't Update Their Computers

By: Special Guest    7/13/2018

When the WannaCry ransomware attacked companies all over the world in 2017, experts soon realized it was meant to be stopped by regular updating. Even…

Read More

More Intelligence About The New Intelligence

By: Rich Tehrani    7/9/2018

TMC recently announced the launch of three new artificial intelligence events under the banner of The New Intelligence. I recently spoke with TMC's Ex…

Read More

Technology, Innovation, and Compliance: How Businesses Approach the Digital Age

By: Special Guest    6/29/2018

Organizations must align internally to achieve effective innovation. Companies should consider creating cross-functional teams or, at a minimum, incre…

Read More

Contribute Your Brain Power to The New Intelligence

By: Paula Bernier    6/28/2018

The three events that are part of The New Intelligence are all about how businesses and service providers, and their customers, can benefit from artif…

Read More

TMC Launches The New Intelligence - an Unparalleled AI and Machine Learning Conference & Expo in Florida

By: TMCnet News    6/28/2018

TMC announced the launch of The New Intelligence conference and expo - The Event Powering the AI Revolution. This exciting new event will take place o…

Read More