Researchers find security flaw in chip and pin credit cards

Researchers find security flaw in chip and pin credit cards

August 4, 2016
chip and pin credit cards
source: Shutterstock

The quest to create a better and safer credit card is far from being over. According to a recent article from CNN Money, computer researchers have found a new security flaw in chip and pin credit cards previously considered safe.

EMV – The future of credit cards

Chip and pin cards, or EMV cards, are smart cards that store their data on integrated circuits in addition to magnetic stripes. These include cards that must be physically inserted into a reader and contactless cards that can be read over a short distance using radio-frequency identification technology. To use the card, you also have to enter your personal identification number (PIN).

So far, experts believed chip and pin cards to be nearly impossible to counterfeit. But it seems they were wrong.

The EMV card’s Achilles heel

In addition to the chip, the cards also contain a magnetic strip that tells the payment machine to use the chip. While the chip is impossible to counterfeit, it seems that the magnetic strip isn’t.

Computer security researchers working for payment technology company NCR have recently demonstrated at the Black Hat computer security conference how credit card thieves can rewrite the magnetic strip code. Thus, they can make the payment machine think that it’s dealing with a chipless card. It allows the thieves to keep counterfeiting, just like they did before the switch to chip cards.

This relatively easy way to go around the protection the credit card chips provide is possible because many retailers are not encrypting the transactions.

Fighting progress

US retailers are not happy about the change to EMV cards. They have long complained about this upgrade, which was forced upon them by banks and is estimated to have cost them $25 billion. This new discovery now adds even more gas to the fire.

Payment terminal makers keep producing machines that don’t have encryption by default. So retailers will have to pay even more for basic security. At the moment, they’re focused only on protecting the networks that support their payment systems. It remains to be seen if they choose the path of maximum protection or not.

Where do we go from here

Despite this newly found flaw, chip and pin credit cards are still the best choice if you want to protect your data. In time, credit card companies will develop a better and safer credit card, that will not have this weakness. One thing is certain, though. It’s time to put the old, unsecured credit cards to rest.

Thomas Hookton

Thomas Hookton is a finance journalist, history buff and science fiction connoisseur. Hit him up via email.

Around the web

Join the Conversation