cancel
Showing results for 
Search instead for 
Did you mean: 

EMV Chip Security

tag
Anonymous
Not applicable

EMV Chip Security

Here's Proof That the EMV Chip in Your Credit Card Is Working

Written by Matthew Cochrane on Dec 29, 2017.

https://www.fool.com/credit-cards/2017/12/29/heres-proof-that-the-emv-chip-in-your-credit-card.aspx

 

I never knew what the chip in your credit card did. Also interesting how the added security of chips were forced into place by changing the liability from bank to vendor.

Message 1 of 10
9 REPLIES 9
Anonymous
Not applicable

Re: EMV Chip Security

But here's the thing: when my BofA card had a bad chip, after trying it three times the POS allows me to slide the card. Transaction completed no problem.

 

It would be no problem for an attacker to take an old card, fry the chip, encode the stripe, and go on their merry way stealing money.

Message 2 of 10
Anonymous
Not applicable

Re: EMV Chip Security

I wonder who would be liable for the fraud purchase in your situation. The issuer or vendor?

Message 3 of 10
Anonymous
Not applicable

Re: EMV Chip Security


@Anonymous wrote:

I wonder who would be liable for the fraud purchase in your situation. The issuer or vendor?


My understanding would be the vendor since they allowed the transaction to be processed with a swipe. Just like places like my local Dunkin Donuts where the EMV reader isn't active and there's a paper sticking out to tell you to swipe it. Granted, the liability may shift to their payment processor who is insuring transactions. One person I spoke with is a manager at retail and they were told by their boss that the transaction fee paid by the merchant is higher if it's swiped instead of chipped, and still higher if they type the card manually.

Message 4 of 10
Anonymous
Not applicable

Re: EMV Chip Security


@Anonymous wrote:

Here's Proof That the EMV Chip in Your Credit Card Is Working

Written by Matthew Cochrane on Dec 29, 2017.

https://www.fool.com/credit-cards/2017/12/29/heres-proof-that-the-emv-chip-in-your-credit-card.aspx

 

I never knew what the chip in your credit card did. Also interesting how the added security of chips were forced into place by changing the liability from bank to vendor.


All of this information has been known for 2 1/2 years. 

Message 5 of 10
Anonymous
Not applicable

Re: EMV Chip Security


@Anonymous wrote:

But here's the thing: when my BofA card had a bad chip, after trying it three times the POS allows me to slide the card. Transaction completed no problem.

 

It would be no problem for an attacker to take an old card, fry the chip, encode the stripe, and go on their merry way stealing money.


Fry the chip and encode the stripe? 

You could physically destroy it and it won't matter... The stripe will still tell the reader there's a chip present. 

 

Cashiers should be trained to refuse swipes when the card is chip enabled. In addition to that, an issuing bank is always free to decline the transaction. 

Message 6 of 10
Anonymous
Not applicable

Re: EMV Chip Security


@Anonymous wrote:

@Anonymous wrote:

But here's the thing: when my BofA card had a bad chip, after trying it three times the POS allows me to slide the card. Transaction completed no problem.

 

It would be no problem for an attacker to take an old card, fry the chip, encode the stripe, and go on their merry way stealing money.


Fry the chip and encode the stripe? 

You could physically destroy it and it won't matter... The stripe will still tell the reader there's a chip present. 

 

Cashiers should be trained to refuse swipes when the card is chip enabled. In addition to that, an issuing bank is always free to decline the transaction. 


The stripe has the bit flipped that there is a chip, yes, but after 3 chip malfunctions POS software generally accepts a swipe. I did this several times while waiting for a replacement BofA card after my frist had a bad chip. Retailers would have to make a decision to remove this fallback from POS terminals altogether if they saw enough fraud. I suspect somebody has run the numbers to see that lost sales would outweigh the occasional fraud. None of us on the forums would imagine living like this, but I know people who only have one card in their wallet: their primary bank's debit card. Lastly, the bank has no reason to decline it since they're off the hook for any fraud liability at that point.

Message 7 of 10
Anonymous
Not applicable

Re: EMV Chip Security

The issuing bank is liable for fraud at EMV enabled terminals if the card is approved when swiped. 

Message 8 of 10
Anonymous
Not applicable

Re: EMV Chip Security


@Anonymous wrote:

The issuing bank is liable for fraud at EMV enabled terminals if the card is approved when swiped. 


Source?

Message 9 of 10
Anonymous
Not applicable

Re: EMV Chip Security


@Anonymous wrote:

@Anonymous wrote:

The issuing bank is liable for fraud at EMV enabled terminals if the card is approved when swiped. 


Source?


The issuers require that merchants accept a swipe if the EMV chip isn't working. I've discussed this on Flyertalk with others, and used to have the same thoughts you do. 

Message 10 of 10
Advertiser Disclosure: The offers that appear on this site are from third party advertisers from whom FICO receives compensation.