That Big Security Fix for Credit Cards Won’t Stop Fraud – KIM ZETTER 09.30.15. 8:00 AM


Tomorrow is the deadline that Visa and MasterCard have set for banks and retailers across the US to roll out a new system for more secure bank cards with microchips embedded in them.

Over the last few years, card issuers have spent between $200 million and $800 million to distribute new debit and credit cards to accountholders, while large retailers like Target, Home Depot and Walmart have spent more than $8 billion to install new card readers capable of reading the chips.

Despite this effort, retailers say the new system is highly flawed because instead of issuing the so-called chip ‘n’ PIN cards that offer two-factor authentication, banks and other card issuers are distributing chip ‘n’ signature cards, which thieves can easily undermine.

“Chip and PIN has been proven to combat fraud dramatically,” says Brian Dodge, executive vice president of the Retail Industry Leaders Association. “But that’s not what American consumers are getting, and thus far banks have gone to great lengths to blur the lines between the two distinctly different transactions.”

Even with PINs, however, the new technology will not eliminate fraud, but will simply shift the type of fraud that occurs.

The Hope of a More Secure System

The new technology—called EMV for Europay, MasterCard and Visa—consists of cards with a microchip that contains data traditionally stored in the card’s magnetic strip. These work with new point-of-sale readers that scan the chip and process payment transactions in a secure manner using encryption.

The chip reduces fraud because it contains a cryptographic key that authenticates the card as a legitimate bank card and also generates a one-time code with each transaction. This means thieves can’t simply take account numbers stolen in a breach and emboss them onto the magnetic strip of a random card, or program them onto the chip of a random chip card, to make fraudulent purchases at stores or unauthorized withdrawals at ATMs.

Article continues:

http://www.wired.com/2015/09/big-security-fix-credit-cards-wont-stop-fraud/