Computer researchers giants revealed another flaw in the credit card chip system in the United States. Yes, there’s a trick to undo the security claimed by a chip-enabled card.
The magnetic strip on a credit card is supposed to command the machine to use the chip. The chip on these cards has been admired for making them practically impossible to counterfeit.
But hackers have found a relatively easy way to knock down that shield.
Computer security experts at the tech company NCR demonstrated how credit card hackers can revise the magnetic stripe code to bring it back to look-alike chipless card. This trick makes them successful to counterfeit.
They pointed out their flaw at the Black Hat computer security presentation held on Wednesday. The hack in the chip-based system is only possible because major retailers are upgrading their payment machines: aren’t encrypting their transactions. They leave the information in plain sight for hackers, in the payment machines.
Patrick Watson, one of the experts, told CNN money that “ We assume that EMV solves everything but this perception is wrong.”
The research and statistics of both retail and banking industry people, on Thursday, cast the EMV theory “doubtful.” Randy Vanderhoof, U.S Payment Conference director further added, “ If the data coded on the magnetic stripe can be altered, the terminal might get confused, but on the back end, the system would recognize that the data had been changed and definitely reject the transaction.”
Upgrading Credit Card System A “Joke”
The NRF is also a little puzzled about the upgrade process, which could easily cost USA retailers around $25 billion.
This debatable research shows that American retailers could spend million dollars upgrading system and still not sure about the protection of their potential customers from a disastrous credit card theft like the Home Depot and Target hacks 2 years ago.
In addition to the problem, payment terminal producers keep introducing machines that by default don’t have the encryption. And the vendors who install or sell these systems at shops don’t freak out and turn on encryption. The retailers need to pay extra for basic safeguard.
Verifone and Ingenico, the major machine producers, asserted that they offer the facility of point-to-point encryptions on machines, but it is up to retailers to turn it on.
Currently, the focus of retailers is on protecting the computer network that assists their payment system. During the presentation, the researchers advised retailers to ‘’encrypt every single thing in a transaction’’. They continued by saying that customers should pay with special apps on their smartphones and keep an eye on whenever high technology option is available.
Mike Weber, vice President at Coalfire firm said, “It is a mistake, they are assuming everything is okay but it’s not.”