Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Credit card payments may not be as secure as you'd like

Image Description

Chip-based credit and debit cards are perceived as being very good at fending off skimming attempts and malware attacks. Being able to use your card by tapping it appears to be better than swiping it along the magnetic strip on a point of sale (POS) terminal. But rising numbers of malware attacks on merchants in the US suggest there are weaknesses whichever method you use.

Criminals are exploiting the built-in technology centered around the EMV, the technology originally developed by the three major card suppliers; Europay, Mastercard and Visa. Encryption methods used in EMVs has long been seen as a more secure way of keeping data safe, especially compared to cards armed with just a magnetic stripe.

However, because not all outlets in the US have chip card readers, or due to the possibility of malfunctioning hardware, cards also still carry the magnetic stripe that can be used during transactions. This dual-functionality could be leaving merchants open to ‘shimming’ attacks, which can occur when a series of system cross-checks are being made during a transaction. These include checking the three-digit security code printed on the back of a card.

While all chip-based cards carry much the same data as the magnetic stripe, there are key differences between them. Central to this is a component called an iCVV, or integrated circuit card verification vale. This so-called dynamic CVV found on an EMV chip is different from the regular CVV on a magnetic stripe and helps protect against the magnetic stripe data from being used to create fake magnetic stripe cards.

Magnetic stripe cards

Security issues can also arise if financial institutions haven’t set up their back-end systems as well as they could have. 

Researchers at Cyber R&D Labs recently published a report illustrating how they tested 11 chip card setups from 10 different European and US banks. The results showed that it was possible to harvest data from four, resulting in the ability to produce working magnetic stripe cards that could be used for transactions. 

Indications suggest that point of sale (POS) malware is being used by criminals to capture EMV transaction data. This is then being resold on the Dark Web allowing thieves to produce magnetic stripe variants of chip-based cards.

Visa also recently released a security alert highlighting the issue of compromised EMV chip-enabled POS terminals. Malware variants included Alina POS, Dexter POS and TinyLoader. The alert issued a series of recommendations for merchants to follow in order to reduce the risk of exposure.

Date

03 Aug 2020

Sources


Share


Other Blog

  • Dogecoin leapfrogs XRP to become fourth largest cryptocurrency in the world

    Yet another surge drives meme cryptocurrency Dogecoin to new heights.

    Read More
  • Your Nvidia GeForce RTX 3090 might secretly be an old RTX 3080 Ti

    An Ampere GA102-250 GPU intended for an unreleased RTX 3080 Ti has been spotted on GeForce RTX 3090 graphics card.

    Read More
  • 5 new films and series to watch this weekend on Indian OTT platforms

    These are the new releases on Amazon Prime Video, Netflix, Disney+ Hotstar and other OTT platforms in India.

    Read More
  • Massive GPU stock: buy the RTX 3070 Ti today from Best Buy, EVGA for MSRP

    The RTX 3080 Ti is going to be available to buy today. Here's when and where it'll be in stock, according to our reporting.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us