The information provided on this website does not, and is not intended to, act as legal, financial or credit advice; instead, it is for general informational purposes only. Information on this website may not be current. This website may contain links to other third-party websites. Such links are only for the convenience of the reader, user or browser; we do not recommend or endorse the contents of any third-party sites. Readers of this website should contact their attorney, accountant or credit counselor to obtain advice with respect to their particular situation. No reader, user, or browser of this site should act or not act on the basis of information on this site. Always seek personal legal, financial or credit advice for your relevant jurisdiction. Only your individual attorney or advisor can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client or fiduciary relationship between the reader, user, or browser and website owner, authors, contributors, contributing firms, or their respective employers.
Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them. Compensation is not a factor in the substantive evaluation of any product.
Computer researchers may have found a flaw in chip-based credit cards. Though the cards are designed to combat fraudulent cloning, apparently there’s a way to rewrite the magnetic strip code so it resembles the standard Europay, MasterCard and Visa (EMV) card.
Researchers at the payment technology company NCR presented their findings at the Black Hat computer security conference last Wednesday, CNN Money reported. “There’s a common misperception EMV solves everything,” Patrick Watson, one of the researchers, reportedly told the site. “It doesn’t.”
All a thief has to do is alter the data on the magnetic stripe so that it fools the terminal, the researchers said. As a result, the researchers suggested retailers encrypt whatever they can to help protect customers.
For their part, major machine makers Verifone and Ingenico said that they offer end-to-end encryption on retailer’s machines, CNN reported. Meanwhile, Jason Oxman, a spokesperson for the Electronic Transactions Association, a trade group, said via email that the issue “actually has nothing to do with the chips” at all. Here’s why:
“Every magnetic stripe on a chip-enabled card has a code on it that tells the POS at a retailer that if the customer tries to swipe the card, they should be prompted to insert the chip card instead. This ensures that the chip is used instead of the magnetic stripe. What this researcher figured out a way to do is alter the code on the magnetic stripe to say to the POS ‘I am not a chip card,’ and then to ask the POS to send the transaction to the issuing bank for approval as a magnetic stripe transaction. This is called a fall back transaction because the transaction should be a chip transaction, but it will fall back to a magnetic stripe transaction.
The issuing bank, when it receives the authorization request, will know that the card is a chip-enabled card [despite] the bad code on the magnetic stripe card, and the issuing bank will make the decision whether to approve the fall back transaction or not, based on a variety of factors. (The hacked code on the magnetic stripe card can only fool the POS, not the issuing bank.)”
Doug Johnson, senior vice president of the Payments and Cybersecurity Policy division at the American Bankers Association, said it’s important to remember banks’ additional protections for customers.
“End-to-end encryption is an important security measure for retail point-of-sale transactions that merchants have endorsed and should implement,” he said. “At the same time, it is important to remember that bank customers will be fully reimbursed for any unauthorized transaction against their account.”
If you carry a chip card and believe you’ve been a victim of fraud, you’ll want to contact your credit issuer immediately to cancel the card. After that, it’s a good idea to monitor your credit reports for any additional signs of trouble. (You can see your free credit report summary, updated every 14 days, on Credit.com.) You may also want to change your financial account passwords and pins to be on the safe side.
Image: alice-photo
April 9, 2024
Credit Cards
October 21, 2020
Credit Cards
August 3, 2020
Credit Cards