Security Flaw in EMV Credit Card Chip Revealed.


Security Flaw in Credit Card Chip Revealed.


The nationwide switch to EMV chip cards has been making news for quite some time. But is this EMV contactless payment card system flawless?
Well, computer security researchers from NCR have come up with startling revelations regarding EMV chip credit cards. EMV cards come with a credit card chip as well as a magnetic strip and are touted to be highly secure against counterfeit attacks. Unfortunately, the magnetic strip designed as a safeguard in the credit card can be knocked down. The magnetic strip code can be rewritten so it appears chipless again. Credit card thieves can use this credit card chip flaw to their advantage and keep counterfeiting and causing huge losses to card issuers and banks alike.

Related: Understanding EMV Chip Card Technology.


The Chip Card Flaw

Presenting their findings at the Black Hat computer security conference, researchers claim that the prime cause for the flaw could be the failure of retailers to encrypt their transactions. The researchers created a rogue app that pretends to be POS (point of sale) terminal, which could read a contactless card through a wallet and fool it to authorize counterfeit transactions.

An alteration of data on the magnetic stripe can fool the terminal. This raises the risk of foreign currency transactions fraud. Any attacker using Android could get up close to a chip card and exploit the foreign currency flaw.

However, Visa continues to downplay the threat of counterfeit transaction, citing multiple safeguards that are in place to secure each transaction throughout the Visa system.

The retail industry has been complaining against upgrading to EMV, which could cost up to $25 billion. The latest discovery of the credit card chip flaw bolsters their claims of not upgrading to EMV, which has been forced upon them by banks.

Related: Would EMV Chip Based Cards be More Secure with PIN?



On top of it, payment terminal makers design machines without setting encryption as a default option. Even vendors that install the machines forget to turn on encryption. Some vendors provide the EMV capable machines without the correct software to enable EMV.

Unaware of the major encryption flaw, the focus of retailers is on protecting the network that runs the payment system, exposing the exchange of information between the machine and credit card. As a result, any hacker that breaks into the system can easily decipher the communication.

Related: EMV Capable Terminal – To Lease or Buy? Don’t Get Scammed!


Risk, Risk, More Risk

Researchers fear that credit card thieves might function like pickpockets and hide in crowded places to screen their malicious activities. Moreover, the whole payment process is quick, taking less than 500 milliseconds for card detection and transaction completion.

It is likely that attackers would limit their card-charging attempts to $160-$320 range to avoid overdrawing the accounts. Additionally, the rogue app stores transactions for later, making it easier for hackers to “harvest” multiple contactless card transactions at once, that too offline. Hackers could exploit Visa’s contactless EMV specification, which is designed to conduct transactions offline, and pocket huge sums of money.

Related: How to Reduce eCommerce Fraud Risk.


Risk Mitigation

Researchers suggest requiring online authentication of all Visa transactions. Or Visa could mandate all foreign currency transactions to require a PIN code to prevent the risk exposed in the credit card chip flaw report.

Visa says it has been constantly updating safeguards to mitigate the risk and prevent such fraudulent attacks.


Contact Us for more information on Credit Card Processing, or eChecks and ACH Transactions. Or take us up on our FREE Merchant Account Analysis¬†offer. We’ll analyze your merchant account rates and let you know how to Save! If you are ready, you may be able to Switch and Save!



Share This