Is Your Chip Card Secure? Much Depends on Where You Bank

2020-07-30 15:09

A recent series of malware attacks on U.S.-based merchants suggest thieves are exploiting weaknesses in how certain financial institutions have implemented the technology to sidestep key chip card security features and effectively create usable, counterfeit cards.

Virtually all chip-based cards still have much of the same data that's stored in the chip encoded on a magnetic stripe on the back of the card.

The iCVV differs from the card verification value stored on the physical magnetic stripe, and protects against the copying of magnetic-stripe data from the chip and the use of that data to create counterfeit magnetic stripe cards.

For EMV's security protections to work, the back-end systems deployed by card-issuing financial institutions are supposed to check that when a chip card is dipped into a chip reader, only the iCVV is presented; and conversely, that only the CVV is presented when the card is swiped.

In 2017, I wrote about the increasing prevalence of "Shimmers," high-tech card skimming devices made to intercept data from chip card transactions.

News URL

https://krebsonsecurity.com/2020/07/is-your-chip-card-secure-much-depends-on-where-you-bank/

#bank #chip