Researchers expose new gap in security of credit card chips
Researchers have found a new flaw in chip-based credit cards that could leave many consumers exposed to potential theft.
According to CNN Money, payment-technology company NCR demonstrated at the Black Hat computer security conference last week how thieves can rewrite the magnetic-stripe code also found on the cards and confuse machines being used in transactions into ignoring the security measure.
The EMV standard – or the smart cards created by Europay, Mastercard and Visa that store data on integrated circuits – has been implemented in Canada and around the world as means to beef up security.
Since its introduction, it has been credited with reducing credit card and debit card fraud, between 2008 and 2014, by 68.37 per cent 89.49 per cent respectively.
NCR said this method of getting around the chip technology is possible because retailers are upgrading their payment machines without encrypting the transaction.
“There’s a common misperception EMV solves everything – it doesn’t,” Patrick Watson, an application security architect for NCR, told CNN Money.
One of the problems is that the companys that are making these payment machines don’t include the encryption, but rather charge extra for the added layer of security.
Retailers have instead focused on ramping up their networks that are connected to their payment systems.
However, the activities between credit cards and the payment machines have been left exposed, in plain text, to hackers who can crack the system.
And the best solution, according to the NCR researchers, remains increasing security across the board by encrypting “everything.”