LAS VEGAS. The general idea behind the new generation of credit cards with chips that require the use o PINs is that they are more secure than credit cards with just a magnetic strip.
The problem with traditional magnetic strip credit card is that they can be skimmed. It’s a problem that chip and PIN is supposed to solve.
It doesn’t.
At Black Hat, researchers demonstrated that they were able to build a Chip and PIN skimmer that could effectively ‘skim’ the PIN.
That’s not supposed to happen.
“We predict that skimming chip will be an attractive target for fraudsters,” researcher Adam Laurie said.
The big issue with chip and PIN is that by using a supposedly more secure technology it enables card issuers to shift liability to the consumer. The researchers noted that in most countries where chip and PIN are used, they say if the PIN has been used it means either the user is doing the transaction or the user was negligent in protecting their PIN.
So what’s the root cause?
If I understood the presentation correctly it’s all about encryption and authentication. If the chip and PIN information and the card reader is all encrypted than it is less likely to be sniffed.
While the impact of exposing chip and PIN as being at risk may sound ominous the goal and the hope of the researchers is to send a message to the U.S (and other places not yet using chip and PIN) so that when they implement they’ll be more secure.
Let’s hope they listen.