cancel
Showing results for 
Search instead for 
Did you mean: 

EMV Chip Security

Valued Member

EMV Chip Security

Here's Proof That the EMV Chip in Your Credit Card Is Working

Written by Matthew Cochrane on Dec 29, 2017.

https://www.fool.com/credit-cards/2017/12/29/heres-proof-that-the-emv-chip-in-your-credit-card.aspx

 

I never knew what the chip in your credit card did. Also interesting how the added security of chips were forced into place by changing the liability from bank to vendor.


Goals: FICO of 800+; Costco Anywhere Visa
Garden Club Member: 12/2017 until 12/2018
As of 12/2017: EX98 763 | EX08 741 | TU08 762 | EQBank08 758
Message 1 of 10
9 REPLIES
Established Contributor

Re: EMV Chip Security

But here's the thing: when my BofA card had a bad chip, after trying it three times the POS allows me to slide the card. Transaction completed no problem.

 

It would be no problem for an attacker to take an old card, fry the chip, encode the stripe, and go on their merry way stealing money.


TU FICO 8: 734 (12/17) — Ex FICO 8: 738 (1/18)
Message 2 of 10
Valued Member

Re: EMV Chip Security

I wonder who would be liable for the fraud purchase in your situation. The issuer or vendor?


Goals: FICO of 800+; Costco Anywhere Visa
Garden Club Member: 12/2017 until 12/2018
As of 12/2017: EX98 763 | EX08 741 | TU08 762 | EQBank08 758
Message 3 of 10
Established Contributor

Re: EMV Chip Security


gpops wrote:

I wonder who would be liable for the fraud purchase in your situation. The issuer or vendor?


My understanding would be the vendor since they allowed the transaction to be processed with a swipe. Just like places like my local Dunkin Donuts where the EMV reader isn't active and there's a paper sticking out to tell you to swipe it. Granted, the liability may shift to their payment processor who is insuring transactions. One person I spoke with is a manager at retail and they were told by their boss that the transaction fee paid by the merchant is higher if it's swiped instead of chipped, and still higher if they type the card manually.


TU FICO 8: 734 (12/17) — Ex FICO 8: 738 (1/18)
Message 4 of 10
Valued Contributor

Re: EMV Chip Security


gpops wrote:

Here's Proof That the EMV Chip in Your Credit Card Is Working

Written by Matthew Cochrane on Dec 29, 2017.

https://www.fool.com/credit-cards/2017/12/29/heres-proof-that-the-emv-chip-in-your-credit-card.aspx

 

I never knew what the chip in your credit card did. Also interesting how the added security of chips were forced into place by changing the liability from bank to vendor.


All of this information has been known for 2 1/2 years. 

Amazon Store Card - 3.7k / AMEX Blue Cash Preferred - 1k / AMEX Delta - 3.4k / AMEX Hilton Honors - 1.2K / Capital One Quicksilver - 15k / Citi ThankYou Premier - 5.6k / Citi AT&T 4.6k / Citi AAdvantage Platinum - 6.5k / Citi Simplicity - 4.6k / Empower MasterCard - 1k / Navy Federal Flagship - 10k / USAA Limitless - 5k / USAA Rate Advantage - 2k (previously 5k)
Message 5 of 10
Valued Contributor

Re: EMV Chip Security


GrasshopperStudent wrote:

But here's the thing: when my BofA card had a bad chip, after trying it three times the POS allows me to slide the card. Transaction completed no problem.

 

It would be no problem for an attacker to take an old card, fry the chip, encode the stripe, and go on their merry way stealing money.


Fry the chip and encode the stripe? 

You could physically destroy it and it won't matter... The stripe will still tell the reader there's a chip present. 

 

Cashiers should be trained to refuse swipes when the card is chip enabled. In addition to that, an issuing bank is always free to decline the transaction. 

Amazon Store Card - 3.7k / AMEX Blue Cash Preferred - 1k / AMEX Delta - 3.4k / AMEX Hilton Honors - 1.2K / Capital One Quicksilver - 15k / Citi ThankYou Premier - 5.6k / Citi AT&T 4.6k / Citi AAdvantage Platinum - 6.5k / Citi Simplicity - 4.6k / Empower MasterCard - 1k / Navy Federal Flagship - 10k / USAA Limitless - 5k / USAA Rate Advantage - 2k (previously 5k)
Message 6 of 10
Established Contributor

Re: EMV Chip Security


mountaindewvoltage wrote:

GrasshopperStudent wrote:

But here's the thing: when my BofA card had a bad chip, after trying it three times the POS allows me to slide the card. Transaction completed no problem.

 

It would be no problem for an attacker to take an old card, fry the chip, encode the stripe, and go on their merry way stealing money.


Fry the chip and encode the stripe? 

You could physically destroy it and it won't matter... The stripe will still tell the reader there's a chip present. 

 

Cashiers should be trained to refuse swipes when the card is chip enabled. In addition to that, an issuing bank is always free to decline the transaction. 


The stripe has the bit flipped that there is a chip, yes, but after 3 chip malfunctions POS software generally accepts a swipe. I did this several times while waiting for a replacement BofA card after my frist had a bad chip. Retailers would have to make a decision to remove this fallback from POS terminals altogether if they saw enough fraud. I suspect somebody has run the numbers to see that lost sales would outweigh the occasional fraud. None of us on the forums would imagine living like this, but I know people who only have one card in their wallet: their primary bank's debit card. Lastly, the bank has no reason to decline it since they're off the hook for any fraud liability at that point.


TU FICO 8: 734 (12/17) — Ex FICO 8: 738 (1/18)
Message 7 of 10
Valued Contributor

Re: EMV Chip Security

The issuing bank is liable for fraud at EMV enabled terminals if the card is approved when swiped. 

Amazon Store Card - 3.7k / AMEX Blue Cash Preferred - 1k / AMEX Delta - 3.4k / AMEX Hilton Honors - 1.2K / Capital One Quicksilver - 15k / Citi ThankYou Premier - 5.6k / Citi AT&T 4.6k / Citi AAdvantage Platinum - 6.5k / Citi Simplicity - 4.6k / Empower MasterCard - 1k / Navy Federal Flagship - 10k / USAA Limitless - 5k / USAA Rate Advantage - 2k (previously 5k)
Message 8 of 10
Established Contributor

Re: EMV Chip Security


mountaindewvoltage wrote:

The issuing bank is liable for fraud at EMV enabled terminals if the card is approved when swiped. 


Source?


TU FICO 8: 734 (12/17) — Ex FICO 8: 738 (1/18)
Message 9 of 10
Valued Contributor

Re: EMV Chip Security


GrasshopperStudent wrote:

mountaindewvoltage wrote:

The issuing bank is liable for fraud at EMV enabled terminals if the card is approved when swiped. 


Source?


The issuers require that merchants accept a swipe if the EMV chip isn't working. I've discussed this on Flyertalk with others, and used to have the same thoughts you do. 

Amazon Store Card - 3.7k / AMEX Blue Cash Preferred - 1k / AMEX Delta - 3.4k / AMEX Hilton Honors - 1.2K / Capital One Quicksilver - 15k / Citi ThankYou Premier - 5.6k / Citi AT&T 4.6k / Citi AAdvantage Platinum - 6.5k / Citi Simplicity - 4.6k / Empower MasterCard - 1k / Navy Federal Flagship - 10k / USAA Limitless - 5k / USAA Rate Advantage - 2k (previously 5k)
Message 10 of 10