LAS VEGAS -- Computer researchers have found yet another flaw in the upgrade to the chip-based credit cards in the United States, according to a CNNMoney report.
The chip on these credit cards have been praised for making them nearly impossible to counterfeit. While the cards also contain a magnetic strip, that strip is supposed to tell the payment machine to use the chip.
But computer security researchers at Duluth, Ga.-based payment technology company NCR demonstrated at the Black Hat computer security conference this week how credit-card thieves can rewrite the magnetic-stripe code to make it appear like a chipless card again and allow counterfeiting.
This “glaring hole” in EMV (Europay, MasterCard and Visa) is possible because of the way many retailers are upgrading their payment terminals, NCR said; they are not encrypting the transaction.
“There’s a common misperception EMV solves everything,” Patrick Watson, one of the NCR researchers, told CNNMoney. “It doesn’t.”
The discovery of this flaw bolsters the retail industry’s complaints against the upgrade, the report said. The National Retail Federation (NRF) has long complained about the upgrade, which is estimated to cost American retailers $25 billion.
Major terminal manufacturers Ingenico and Verifone told CNNMoney that they offer point-to-point encryption on retailer’s machines, but it’s up to retailers and their partners to turn it on.
NCR researchers advised retailers to “encrypt everything.” They also said consumers should pay with special apps on their phones and watches whenever the option is available.
Members help make our journalism possible. Become a CSP member today and unlock exclusive benefits, including unlimited access to all of our content. Sign up here.