topic Re: Chip Cards in Credit Cards

Chip Cards

LS2982 — Fri, 20 Feb 2015 00:02:54 GMT

I'm trying to understand how these cards are supposed to be more "secure".

Can you make a PIN for them? Most of my prime cards are chip cards and I'm a little perplexed about how they are supposed to be more secure.

Re: Chip Cards

kdm31091 — Fri, 20 Feb 2015 00:04:12 GMT

I think in the US, at least for now, the new chip cards will be/are primarily chip + signature, not chip + pin which is the most secure you can have.

I believe a chip is able to encrypt the information differently, and it isn't stored the same way it is on a stripe, so it's not like someone can steal the info the same way.

Re: Chip Cards

yfan — Fri, 20 Feb 2015 00:14:29 GMT

To understand why chip cards are more secure, you first need to understand why magnetic stripes are less so. The magnetic stripe holds static information. Simply put, it holds your card information in unchanging form. Because static info is passed to payment terminals, once copied, it can be easily used for fraud.

The chips in chip cards hold information more dynamically. What? It means that when a terminal reads a chip, the chip gives the terminal a one-time code to send to the bank, which the bank then authenticates and authorizes the payment. The next time you use the chip, it issues a different code. The codes are like encryption codes, only the bank knows how to decrypt it and know whether it's the genuine article.

So if one even were to copy a chip, because the thief does not know the bank's encryption keys, the chip will only issue the same one time code over and over. And since the code is already used from the first transaction (which was legit, since it had to be copied after), it becomes useless. Hence card-present fraud declines.

It's important to note that up to this point, there is no distinction between Chip and PIN and Chip and Signature cards. PIN and Signature are simply different methods of user verification, and which is safer is a different debate.

Re: Chip Cards

kdm31091 — Fri, 20 Feb 2015 00:16:16 GMT

Thanks for making it much more clear than I did, yfan. I wasn't really aware that chip+pin was not more secure; I just assumed it was, but you're right, it's certainly debateable.

Re: Chip Cards

yfan — Fri, 20 Feb 2015 00:20:16 GMT

@kdm31091 wrote:
Thanks for making it much more clear than I did, yfan. I wasn't really aware that chip+pin was not more secure; I just assumed it was, but you're right, it's certainly debateable.

Right, for now I'm just saying that the security element for the card itself lies in the chip, not in the user verification method.

Re: Chip Cards

jsucool76 — Fri, 20 Feb 2015 00:28:38 GMT

@yfan wrote:
@kdm31091 wrote:
Thanks for making it much more clear than I did, yfan. I wasn't really aware that chip+pin was not more secure; I just assumed it was, but you're right, it's certainly debateable.
Right, for now I'm just saying that the security element for the card itself lies in the chip, not in the user verification method.

Unfortunately, the chip seems fairly useless until the magnetic strip is removed from the card. As long as it's still there, the info can still be taken.

Re: Chip Cards

yfan — Fri, 20 Feb 2015 00:30:41 GMT

@jsucool76 wrote:
Unfortunately, the chip seems fairly useless until the magnetic strip is removed from the card. As long as it's still there, the info can still be taken.

Right, either the strip or machines that only read magnetic strips. If a machine can read EMV and a card has EMV, it won't read the strip even if it is swiped.

Re: Chip Cards

Anonymous — Fri, 20 Feb 2015 00:44:59 GMT

@kdm31091 wrote:
Thanks for making it much more clear than I did, yfan. I wasn't really aware that chip+pin was not more secure; I just assumed it was, but you're right, it's certainly debateable.

It's debateable, but really depends on real-world context, which of course can change. Imagine doing an EMV transaction in the US today with a card tthat you have just stolen. If the card is chip&pin, and you don't know the pin, your transaction will not proceed. With chip&sig, you will be "asked" for your signature. This might well mean scrawling something on a terminal screen, or on a signature slip, and hoping that it won't be carefully checked. In the US today, you are exteremely likely to be lucky, the sig won't be compared with anything, or if you have done a tenth way decent job, it will pass the check.

So in that context, chip&pin is probably safer. In Europe, with the scarcity of chip&sig, you may well find your signature being scrutinized a lot more carefully, although whether you would be caught is a different thing.

Re: Chip Cards

yfan — Fri, 20 Feb 2015 00:58:52 GMT

@Anonymous wrote:
It's debateable, but really depends on real-world context, which of course can change. Imagine doing an EMV transaction in the US today with a card tthat you have just stolen. If the card is chip&pin, and you don't know the pin, your transaction will not proceed. With chip&sig, you will be "asked" for your signature. This might well mean scrawling something on a terminal screen, or on a signature slip, and hoping that it won't be carefully checked. In the US today, you are exteremely likely to be lucky, the sig won't be compared with anything, or if you have done a tenth way decent job, it will pass the check.

This can absolutely happen with PIN, and when it does, it may leave the owner with little recourse.

There has been reports that banks are using PINs as an excuse to force users to pay fraudulent charges. A machine can be programmed to accept any PIN - which in effect redners it authentication-less. The bank end only asks "Was correct PIN entered?" It doesn't keep a record of what PIN is entered, so as long as the requesting party responds "Yes," the bank will process. This is worse than not verifying signatures, because this is a black box. If a machine claims the right PIN was entered, how are you going to prove it wasn't? If it's a signature, that is simple to prove. "Nope, it's not my signature. You can verify with a handwriting expert if you wish."

Re: Chip Cards

Anonymous — Fri, 20 Feb 2015 00:56:31 GMT

youtube should explain this very well.

Re: Chip Cards

Anonymous — Fri, 20 Feb 2015 01:15:59 GMT

@yfan wrote:
@Anonymous wrote:
It's debateable, but really depends on real-world context, which of course can change. Imagine doing an EMV transaction in the US today with a card tthat you have just stolen. If the card is chip&pin, and you don't know the pin, your transaction will not proceed. With chip&sig, you will be "asked" for your signature. This might well mean scrawling something on a terminal screen, or on a signature slip, and hoping that it won't be carefully checked. In the US today, you are exteremely likely to be lucky, the sig won't be compared with anything, or if you have done a tenth way decent job, it will pass the check.

This can absolutely happen with PIN, and when it does, it may leave the owner with little recourse.

There has been reports that banks are using PINs as an excuse to force users to pay fraudulent charges. A machine can be programmed to accept any PIN - which in effect redners it authentication-less. The bank end only asks "Was correct PIN entered?" It doesn't keep a record of what PIN is entered, so as long as the requesting party responds "Yes," the bank will process. This is worse than not verifying signatures, because this is a black box. If a machine claims the right PIN was entered, how are you going to prove it wasn't? If it's a signature, that is simple to prove. "Nope, it's not my signature. You can verify with a handwriting expert if you wish."

I'm lost. Why woul it be programmed that way?

Re: Chip Cards

bigblue7722 — Fri, 20 Feb 2015 01:26:55 GMT

I really hope cards dont have pins in the US, I have way too many cards to remember all those pins lol. Plus it would take longer at checkouts not a lot longer but it would add up.

Re: Chip Cards

Anonymous — Fri, 20 Feb 2015 01:43:02 GMT

@bigblue7722 wrote:
I really hope cards dont have pins in the US, I have way too many cards to remember all those pins lol. Plus it would take longer at checkouts not a lot longer but it would add up.

In many places, you can simply change your PIN in an ATM, so you could make them all the same if you wish, although security types won't like that.

Re: Chip Cards

yfan — Fri, 20 Feb 2015 01:46:49 GMT

@Anonymous wrote:
@yfan wrote:
@Anonymous wrote:
It's debateable, but really depends on real-world context, which of course can change. Imagine doing an EMV transaction in the US today with a card tthat you have just stolen. If the card is chip&pin, and you don't know the pin, your transaction will not proceed. With chip&sig, you will be "asked" for your signature. This might well mean scrawling something on a terminal screen, or on a signature slip, and hoping that it won't be carefully checked. In the US today, you are exteremely likely to be lucky, the sig won't be compared with anything, or if you have done a tenth way decent job, it will pass the check.

This can absolutely happen with PIN, and when it does, it may leave the owner with little recourse.

There has been reports that banks are using PINs as an excuse to force users to pay fraudulent charges. A machine can be programmed to accept any PIN - which in effect redners it authentication-less. The bank end only asks "Was correct PIN entered?" It doesn't keep a record of what PIN is entered, so as long as the requesting party responds "Yes," the bank will process. This is worse than not verifying signatures, because this is a black box. If a machine claims the right PIN was entered, how are you going to prove it wasn't? If it's a signature, that is simple to prove. "Nope, it's not my signature. You can verify with a handwriting expert if you wish."
I'm lost. Why woul it be programmed that way?

A legit machine probably wouldn't, but it could be hacked and reprogrammed to use stolen cards. Do you think current magnetic strip readers are programmed to hand over data to thieves? Of course not. People hack in and steal the data. A similar hack (or even a more simple one, since this will almost literally just be changing a very small part of the code) could alter it. And then there are point-of-payment sellers being careless or lazy.

Re: Chip Cards

Anonymous — Fri, 20 Feb 2015 01:48:06 GMT

@yfan wrote:
@Anonymous wrote:
It's debateable, but really depends on real-world context, which of course can change. Imagine doing an EMV transaction in the US today with a card tthat you have just stolen. If the card is chip&pin, and you don't know the pin, your transaction will not proceed. With chip&sig, you will be "asked" for your signature. This might well mean scrawling something on a terminal screen, or on a signature slip, and hoping that it won't be carefully checked. In the US today, you are exteremely likely to be lucky, the sig won't be compared with anything, or if you have done a tenth way decent job, it will pass the check.

This can absolutely happen with PIN, and when it does, it may leave the owner with little recourse.

There has been reports that banks are using PINs as an excuse to force users to pay fraudulent charges. A machine can be programmed to accept any PIN - which in effect redners it authentication-less. The bank end only asks "Was correct PIN entered?" It doesn't keep a record of what PIN is entered, so as long as the requesting party responds "Yes," the bank will process. This is worse than not verifying signatures, because this is a black box. If a machine claims the right PIN was entered, how are you going to prove it wasn't? If it's a signature, that is simple to prove. "Nope, it's not my signature. You can verify with a handwriting expert if you wish."

Oh, I agree that there have been some demonstrated hacks, and at least some belieft that they have occurred in the wild, but we are not talking absolutes. It is far more likely (today) that your sig will not be checked than the EMV terminal has been hacked. And as long as 0 liability is kept, we don't really care but the banks will.

And yes, in the UK in particular, proof that a PIN was entered has been used to deny relief from fraud (either it was you or you wrote the PIN on the card) but that is more a policy question. With simiilar rules, you would have to pay the handwriting expert, and they would have to be able to testify that you had not deliberately disguised your signature.

Re: Chip Cards

yfan — Fri, 20 Feb 2015 01:53:48 GMT

@Anonymous wrote:
Oh, I agree that there have been some demonstrated hacks, and at least some belieft that they have occurred in the wild, but we are not talking absolutes. It is far more likely (today) that your sig will not be checked than the EMV terminal has been hacked. And as long as 0 liability is kept, we don't really care but the banks will.

As you yourself pointed out, that's only the case in places where signature is common (and commonly not verified). In Europe, like you said, clerks are far more likely not only to check your signature but ask for your ID. They did for me.

@Anonymous wrote:

And yes, in the UK in particular, proof that a PIN was entered has been used to deny relief from fraud (either it was you or you wrote the PIN on the card) but that is more a policy question. With simiilar rules, you would have to pay the handwriting expert, and they would have to be able to testify that you had not deliberately disguised your signature.

Not if the onus to prove authentication remains with the issuing bank. They can easily get out of it by saying "Hey, the machine told us it was the right PIN, you were authenticated, done." There is nothing physical there for you to check and dispute. Not so for a signature. There IS something physical, and the onus would be on the bank to verify. So it depends on what set of rules, but the same rule that allows banks to get away with claiming PIN verification doesn't inevitably have to make the user pay for the handwriting expert.

Re: Chip Cards

nyancat — Fri, 20 Feb 2015 01:54:46 GMT

@bigblue7722 wrote:
I really hope cards dont have pins in the US, I have way too many cards to remember all those pins lol. Plus it would take longer at checkouts not a lot longer but it would add up.

Actually, it's a heck of a lot faster than the bizarre and pointless signing ritual. Four digits and done. America's love of signatures is bizarre.

There seems to be a lot of misinformation here.

1. The data on a chip card is NOT encrypted, it is plaintext. Encryption would be pointless since every payment terminal would need to know how to decrypt it anyway. Or it would need to be sent in the encrypted form, which would be just as insecure.

2. Chip cards are impossible to copy because of a secret handshake they do. The card is injected with a private key by the bank (note, this is simplified). The card NEVER, EVER reveals this key. When you go to make a payment, the terminal generates an unpredictable number (if this number can be guessed in advance, a pre-play attack is possible as a team at Cambridge pointed out) and gives this number to both the card and the issuer. The card then does a hash function with this number AND the private key it knows and generates a cryptogram for the transaction. This cryptogram is sent to the issuing bank (NOT the key itself), who compares it with their own result generating the cryptogram. The keys needed to run this function are never exchanged.

3. The chip, therefore, prevents copying of the card. The PIN prevents theft. In the US, copying is a much bigger problem than theft, though it seems silly not to prevent both...

4. Obviously, the magnetic stripe is a huge issue. Thus, merchants who do not read the chip are liable for counterfeit fraud come October. A properly chip-enabled terminal WILL NOT allow a swipe of a chip card. Instead it will prompt "card must be inserted", "use IC", "dip card" or similar. Walmart does NOT have their chip readers setup properly, they allow chip cards to be swiped breaking the entire premise of the thing. Unless they change this bad behaviour, Walmart WILL be liable come October.

Re: Chip Cards

yfan — Fri, 20 Feb 2015 02:00:56 GMT

@nyancat wrote:

1. The data on a chip card is NOT encrypted, it is plaintext. Encryption would be pointless since every payment terminal would need to know how to decrypt it anyway. Or it would need to be sent in the encrypted form, which would be just as insecure.

I said it was like an encryption because of the secret handshake. The one-time code the chip generates is sent to the bank to verify, and the bank does it through what you call a secret handshake, which I likened to a decryption. I am not saying that it is an encryption and decryption procedure in the programming sense.

The chip does not actually prevent copying, though, it just makes it a lot harder. There are no foolproof systems.

Re: Chip Cards

nyancat — Fri, 20 Feb 2015 02:37:09 GMT

No. It outright prevents it. Unless the bank put some backdoor in to reveal the key you cannot copy a chip card. Replay attacks sure. But not a clone.

Re: Chip Cards

Anonymous — Fri, 20 Feb 2015 02:41:33 GMT

@bigblue7722 wrote:
I really hope cards dont have pins in the US, I have way too many cards to remember all those pins lol. Plus it would take longer at checkouts not a lot longer but it would add up.

That might be the case if your transactions are mostly for less than $25 or $50 since depending on the store signature won't be asked for (but PIN always will). Otherwise I don't see how PIN would be slower.