---

@lenz99 wrote:

So with an EMV card, I understand if card info is stolen it can still be used online, but what happens if:

 

1. I use the card instore which got hacked later, will my card info got stolen?

 

2. If I use the card online and card# was stolen, can the theif use a replicated non-EMV card in store?

---

For question 1,

EMV wold not prevented the Target hack. You can read it here

http://blog.shift4.com/2014/01/why-emv-isn-t-the-answer-to-breach-at-target.html

For number 2:

Yes, mag strip card copy.

---

@slicemans wrote:

---

@lenz99 wrote:

So with an EMV card, I understand if card info is stolen it can still be used online, but what happens if:

 

1. I use the card instore which got hacked later, will my card info got stolen?

 

2. If I use the card online and card# was stolen, can the theif use a replicated non-EMV card in store?

---

For question 1,

 

EMV wold not prevented the Target hack. You can read it here

http://blog.shift4.com/2014/01/why-emv-isn-t-the-answer-to-breach-at-target.html

 

For number 2:

 

Yes, mag strip card copy.

 

 

---

Thanks. Realize that EMV is not enforced so a magnetic strip copy will still work on old terminal. So how about a store with EMV reader? will fake card fail then?

---

@lenz99 wrote:

---

@slicemans wrote:

---

@lenz99 wrote:

So with an EMV card, I understand if card info is stolen it can still be used online, but what happens if:

 

1. I use the card instore which got hacked later, will my card info got stolen?

 

2. If I use the card online and card# was stolen, can the theif use a replicated non-EMV card in store?

---

For question 1,

 

EMV wold not prevented the Target hack. You can read it here

http://blog.shift4.com/2014/01/why-emv-isn-t-the-answer-to-breach-at-target.html

 

For number 2:

 

Yes, mag strip card copy.

 

 

---

 

Thanks. Realize that EMV is not enforced so a magnetic strip copy will still work on old terminal. So how about a store with EMV reader? will fake card fail then?

---

There's some confusion in this thread. The "wouldn't have prevented the Target hack" BS is technically true, but irrelevant. See, as long as you don't swipe first (a lot of people do!) the terminal never sees the magnetic track data. The chip has plaintext track equivalent data, yes, but this data isn't actually the same. The CVVs are different as they are calculated using 999 for the service code instead of the actual service code of the card.

Thus, if you make a magstripe card from the magnetic stripe equivalent data, the bank should clearly see a counterfeit card is being presented, as the CVV is incorrect, are reject the transaction.

If you copy the magstripe and use it in a fully chip-enabled terminal, the service code will tell the terminal to have you swipe the card.

Therefore, in short, you can't copy data from the chip to a magstripe and have it work. You can't copy the magstripe and use it in a chip-enabled terminal. You have to copy the magstripe (so people would have to swipe their card to load THAT data into memory), then use the copies at non-chip-enabled terminals.

Enough people still haven't quite understood that you don't swipe chip cards in chip terminals, so yes, there'd be plenty of usable data if the Target hack occurred today, but the data will become virtually useless by the end of the EMV migration. Whenever that happens...