The EMV Chip Isn’t as Secure as We Thought

The EMV Chip Isn't as Secure as We Thought

The transition to the EMV chip has not been an easy one. I don’t know about you but I face major anxiety when I find myself at the register not knowing if I should swipe my card or insert it. God bless those who put a sign on their transaction machines indicating which route to take.

But all the fuss is justified when you think about all the security benefits that come from the EMV chip, right? Turns out they aren’t as secure as we once thought.

Computer security researchers at the payment technology company, NCR, demonstrated how credit card thieves can rewrite the magnetic strip code to make it appear like a chipless card again. This allows them to keep counterfeiting, just like they did before the chips were installed in the cards.

This glaring hole in the EMV chip system is possible because of the way many retailers are upgrading their payment machines. They are not encrypting the transaction.

NCR presented their findings at the Black Hat computer security conference on Wednesday, August 4, and showed that EMV doesn’t solve everything. The discovery of this flaw bolsters the retail industry’s complaints against the upgrade, which was forced upon them by banks. Retailers could spend millions of dollars upgrading to EMV and still not protect their customers from massive credit card theft.

To make the situation even worse, payment terminal makers keep producing machines that don’t have the encryption by default. Vendors who sell and install these machines at shops don’t simply flip the switch to encrypt; they have to buy into the extra security.

The NCR advices shops to “encrypt everything” in a transaction and asks customers to use the payment apps on their phones instead of physical cards whenever they can.

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

  • The Need for a Comprehensive Strategy Addressing Cybersecurity and Quantum Technology

    The Need for a Comprehensive Strategy Addressing Cybersecurity and Quantum Technology

    Over the past two years, the Biden Administration has taken a series of steps centered on quantum and cybersecurity. Read Now

  • IoT Saves the Day

    IoT Saves the Day

    Today, creating a safe environment across schools, hotels, office buildings, housing complexes and other facilities has become a necessity. There are so many dangers lurking in buildings of all sizes and shapes from fire hazards, vaping issues, chemical/air quality issues, intruders and so much more. Read Now

  • One Pane, Less Pain

    One Pane, Less Pain

    Just because a solution is built on an open-standards platform doesn’t ensure that all the vendors’ systems will work together as promised. Some features may not be supported, or not supported to their fullest potential. Read Now

  • Revamping Wrigley Field

    Revamping Wrigley Field

    When talking about baseball in the United States, it’s hard not to think of the Chicago Cubs and Wrigley Field. With a history spanning more than 100 years, the Chicago Cubs are one of the most recognized teams in professional sports. Read Now

Featured Cybersecurity

Webinars

New Products

  • ALTO Neoxx Electronic Padlock

    ALTO Neoxx Electronic Padlock

    Built to withstand all access control needs, the tough new SALTO Neoxx electronic padlock takes security beyond your expectations. 3

  • Kangaroo Home Security System

    Kangaroo Home Security System

    Kangaroo is the affordable, easy-to-install home security system designed for anyone who wants an added layer of peace of mind and protection. It has several products, ranging from the fan-favorite Doorbell Camera + Chime, to the more comprehensive Front Door Security Kit with Professional Monitoring. Regardless of the level of desired security, Kangaroo’s designed to move with consumers - wherever that next chapter may be. Motion sensors, keypads and additional features can be part of the package to any Kangaroo system in place, anytime. Additionally, Kangaroo offers scalable protection plans with a variety of benefits ranging from 24/7 professional monitoring to expanded cloud storage, coverage for damage and theft. 3

  • FlexPower® Global™ Series (FPG) from LifeSafety Power

    FlexPower® Global™ Series (FPG) from LifeSafety Power

    The FlexPower® Global™ Series (FPG) from LifeSafety Power—designed to provide DC power for access control systems in international applications—is now PSE listed for Japan and compatible with the country’s 100VAC applications. 3