New Chip-and-Pin Cards Have Shocking Security Flaw

By Steve Anderson August 11, 2016

Remember the furor over chip-and-PIN cards? How these were so much safer than magnetic strip cards and how we'd all be so much better off once we put them to use? The hype seems to have run just a little farther than the average user might like, as word from NCR says that the chip-and-pin card may have a new security flaw that could render these less safe than previously thought.

Since chip cards still use a magnetic strip, but one that tells the system to turn to the chip instead, the strip is the focus of the flaw. Credit card hackers can change the nature of the magnetic strip, making it seem like a card without a chip altogether, and allowing hackers to gain access to the credit card as if the chip were never there to begin with.

For chip cards, this is a disaster. Already, retailers were complaining about the expensive new infrastructure required to handle chip card systems, along with the delays involved in actually using the cards. The last thing anyone needed to hear was security issues. What's more, vendors are noting that the problem lies at the retailer level, as retailers aren't encrypting transactions made with chip cards.  That burden is being put on the retailer, and word from the National Retail Federation is that just the upgrade to chip cards already costs around $25 billion. Worse, the chip card infrastructure sold to the retailers doesn't have encryption as a default feature, so that's another expense going to the retailer, who's already under fire from online and mobile shopping.

Some new developments are making attacks on such cards even easier. So-called “shimmers,” devices that record transaction data, are being covertly inserted into ATMs and the like by hackers, who can then take that transaction data and put it to use for their own ends. This latest tactic joins others being tested or operating in the field at last report; as far back as 2011, Aperture Labs and Inverse Path were running briefings about harvesting PINs from EMV.

There were already difficulties with getting retailers to switch over to Europay / Mastercard / Visa (EMV) standards, exemplified by the chip-and-PIN system, thanks to the sheer expense and difficulty involved. Now, revelations that the system isn't all that safe unless a whole new set of expenses are taken on may well doom this change before it fully starts, liability shifts aside. If retailers start rebelling against this, they may well consider eschewing cards altogether in favor of a growing array of mobile payment options instead.

That opens up some significant opportunities to cut banks and cards out of the market, and may well end up doing a lot more damage than anyone suspected. This won't be an easily fixed mess, but it's clear that strong tactics are called for in the face of significant potential losses.




Edited by Alicia Young

Contributing Writer

SHARE THIS ARTICLE
Related Articles

How Valuable is Your Personal Data?

By: Special Guest    9/25/2017

Pressure has been growing in the past few weeks for politicians and regulators to clamp down on the monopoly power of Big Tech. Indeed, scrutiny is gr…

Read More

Designing Insightful Dashboards for Decision Making

By: Special Guest    9/21/2017

As businesses continue to accumulate data that has the potential to improve operations and increase revenue, dashboard design is becoming a key compon…

Read More

Artificial Intelligence: The Human to Bot Handoff

By: Special Guest    9/21/2017

Artificial intelligence (AI) is one of the most talked about and debated topics of conversation happening today. It is touching every industry.

Read More

Dark Data - Do You Have a Plan?

By: Special Guest    9/19/2017

Practically every organization has vast amounts of "dark data" in the form of weblogs, machine logs, and logs from sensors on everything from oil rigs…

Read More

Open is the New Black for Mobile Voice Services

By: Special Guest    9/18/2017

It's time for some fresh thinking about voice services. Once the dominant source of revenue for mobile operators, voice calls are now a rare form of c…

Read More