Interesting issue that I hadn't heard about. I don't think it will prevent the adoption of "chip & pin" cards in the US. We know from its' use in Europe that the system works. There's a lot of money at stake so I see the industry getting it together pretty quick to make the cards reliable. After all what's the alternative? Stay with the existing system? It makes sense that the POS terminals will continue to accept mag strips as a "fall back" for a while though.
The following link discusses previously know Vulnerabilities in EMV EMV Vulnerabilities prior to the article posted in message #1 of this thread. -- Tom
Vulnerabilities exist, but I don't see how this relates to the simple problem of quality control in card manufacture. The only question is will "chip and pin" be more secure then the current system?
Hi Victek, My post in message #4, was not intended to "relate" to the non-simple problem of quality control in card manufacture, but to supplement interested readers of background information about EMV for those readers unfamiliar with it, but have possibly heard about "Chip and Pin" technology. -- Tom
Fair enough Tom Given the known vulnerabilities I'm interested in what you think about how Chip & Pin compares with the current mag-strip system. Also, why do you feel making C&P cards reliable is "non-simple"?
Hi Carver, You need to read up on the EMV link I posted previously as there is going to be a liability change that takes place with the "Chip & Pin" card rollout in the USA this Autumn. -- Tom
Hi Victek, Current mag-strip system is not secure enough therefore prone to new vulnerabilities the black hackers will find. It is the unknown vulnerabilities that we should all be concerned about because we know the black hackers will find them. By definition, and success in Europe, the C&P cards are more secure than mag-stripe cards. Making C&P cards is not so simple as it is fraught with reliability/maintainability/availability (RMA) problems not only at the manufacturing stage, but at the rollout stage in terms of compatibility with existing POS terminals which goes back to the design stage, IOW RMA begins well before the design stage (i.e. the requirements stage) and continues though the rollout stage. If you don't get it right from the get go, then you are doomed to repeat the sequence in the quest for RMA as Quality Control as a process needs to pervade the entire project at multiple companies in an industry that only after breaches of security discovers that it has a HUGE security problem which centers around trust worthiness of the consumer - let alone the liability issues. Heaven forbid that the Consumption Industry runs into an obstacle that prevents the consumer from "consuming" commercial products - the engine of our Consumer Economy! -- Tom
Liability is going to transfer from the banks to the merchants as "Chip & Pin" is rolled out, but I don't see anything suggesting that current protections for consumers who are victims of credit card fraud will be removed. Am I missing something about this?
More like forever, since it is, as you stated, meant as a fallback, which always work, so basically Chip & Pin is not safer, since you can just ignore it. Currently it works like this: 1. POS tries to use a contact-less and PIN, if it fails, 2. it tries chip and PIN, if it fails, 3. it just uses a classic magnetic strip.
Well, I don't know about "forever". It will take time for C&P to penetrate the market sufficiently to make phasing out cards with magnetic stripes practical. It's all about the money. The push in the US is motivated by the recent enormous card fraud, eg Target, etc. If they're sufficiently afraid of that happening again they will move forward.
How can a chip prevent a fraud? When you pay by a card, the terminal stores your card info regardless of the payment method. Of course, that also depends, if the verification is online or offline, but offline payments are much more cheaper and prevail in USA. Banks claim, that chip/contact-less are safer, because they are encrypted, who cares, if you can make a terminal at home, which can read it.