EMV, A new kind of secure credit card will be issued by all major credit card companies starting in 2015. WOW Sounds great, more security is always a good thing right? Isn’t that what we all want? Well, hackers have already compromised it in several ways.
EMV stands for Europay, MasterCard and Visa, a joint venture and global standard for inter-operation of integrated circuit cards (IC cards or “chip cards”) and IC card capable point of sale (POS) terminals and automated teller machines (ATMs), for authenticating credit and debit card transactions.
We are told by Visa and Mastercard that EMV is secure, EMV does provide better protection than magstripe, as it is a hardware chip inside your credit card that can’t be duplicated, a big problem with magnetic stripe cards is they were reproduced very easily. The chip generates a one time use number for each transaction, keeping your actual credit card number a secret.
This sounds great so far in theory. Unforgunately the numbers generated for each transaction are actually predictable, which doesn’t give consumers a very warm fuzzy feeling. Wait, there’s more.
Things are a tad better in Europe, a pin number that only you know, is used, and it is a secondary defence in use with the chipped card. However, in the U.S. rollout of EMV, pins won’t be used, it will be a combination of the chipped card, and signature verification… another major security flaw for the American market. If someone steals your card, they can charge what they like till you discover your card missing and report it. The credit card thief doesn’t have to worry about a pin.
Further worries are related to the EMV protocol itself, as far back in 2010, it was proven to be susceptible to MAN IN THE MIDDLE attacks, and in a Black Hat hacker convention in Las Vegas recently,Access Data revealed attack vectors against EMV were well known. Richard Crone, head of Crone Consulting in suburban San Francisco, states: “EMV as a fraud deterrent is a complete joke”.
Come October 2015, we will start seeing our new EMV credit cards arrive in the mail. I don’t see fraud reducing, I just see it changing.
What do YOU think? Post your comments!