The EMV Chip Isn't as Secure as We Thought
- By Sydny Shepard
- Aug 04, 2016
The transition to the EMV chip has not been an easy one. I don’t know about you but I face major anxiety when I find myself at the register not knowing if I should swipe my card or insert it. God bless those who put a sign on their transaction machines indicating which route to take.
But all the fuss is justified when you think about all the security benefits that come from the EMV chip, right? Turns out they aren’t as secure as we once thought.
Computer security researchers at the payment technology company, NCR, demonstrated how credit card thieves can rewrite the magnetic strip code to make it appear like a chipless card again. This allows them to keep counterfeiting, just like they did before the chips were installed in the cards.
This glaring hole in the EMV chip system is possible because of the way many retailers are upgrading their payment machines. They are not encrypting the transaction.
NCR presented their findings at the Black Hat computer security conference on Wednesday, August 4, and showed that EMV doesn’t solve everything. The discovery of this flaw bolsters the retail industry’s complaints against the upgrade, which was forced upon them by banks. Retailers could spend millions of dollars upgrading to EMV and still not protect their customers from massive credit card theft.
To make the situation even worse, payment terminal makers keep producing machines that don’t have the encryption by default. Vendors who sell and install these machines at shops don’t simply flip the switch to encrypt; they have to buy into the extra security.
The NCR advices shops to “encrypt everything” in a transaction and asks customers to use the payment apps on their phones instead of physical cards whenever they can.
Sydny Shepard is the Executive Editor of Campus Security & Life Safety.