By Carey Wedler
Americans have spent much of 2016 lamenting the addition of chips into their credit and debit cards. In exchange for the extra few moments consumers spend checking out, however, they are promised enhanced security to protect their accounts.
But a new discovery unveiled Wednesday by professional hackers at the Black Hat USA summit in Las Vegas called into question the supposed ironclad security of the new chips, which are referred to as EMV technology.
Retailers and banks began replacing regular magnetic stripe card readers with EMV last October after credit card companies like Visa and Mastercard threatened to hold them responsible for false charges made on cards during magnetic strip transactions. The mandate came amid high-profile breaches of retailers like Home Depot and Target.
In spite of industry assurances that EMV guarantees more security, computer security experts at the payment technology company, NCR, unveiled a basic, albeit glaring, security flaw.
According to CNNMoney, which first reported the discovery, when a consumer swipes the magnetic stripe of a card with a chip in it, the magnetic reader is programmed to alert the payment machine. The machine then prompts the consumer to insert their card into the chip reader, instead. But according to NCR, hackers can rewrite the code of the magnetic stripe so the card appears to be chipless.
The reason for this security hole, according to the experts, is that retailers are not encrypting their transactions. “There’s a common misperception EMV solves everything. It doesn’t,” said Patrick Watson, one of NCR’s researchers.
Indeed, retailers grumbled at the roughly $25 billion they were forced to spend upgrading their machines to comply with Visa and Mastercard’s demands for chip readers. In fact, according to MarketWatch, in March retailers in California filed a federal lawsuit claiming the banking industry was attempting to shift the costs of identity theft onto retailers. Identity theft is a pervasive problem in America, where in 2016, as much as $15 billion has already been stolen from consumers, according to the Insurance Information Institute.
Part of the problem with the new EMV readers is that retailers aren’t encrypting transactions conducted on their new machines. But much of the blame belongs to the companies that make the EMV readers.
The two main manufacturers, Ingenico and Verifone, said their products come with point-to-point encryption options but noted retailers must turn them on.
But as CNNMoney pointed out:
[P]ayment terminal makers keep producing machines that don’t have the encryption by default. And vendors who sell and install these machines at shops don’t simply flip the switch and turn on encryption. Retailers have to pay extra for basic security.
Currently, retailers focus their attention on protecting their computer systems. “But that leaves the actual conversation between your credit card and the machine in plain text, readable to any hacker who breaks into the system,” CNNMoney explained.
Randy Vanderhoof, director of the U.S. Payments Forum, admitted, “If the data on the magnetic stripe is altered it might fool the terminal.” But he added that the system would “reject the transaction” on the backend.
Vanderhoof’s reassurances are questionable considering the new finding is only the latest to question the efficacy of chip technology. Security experts have continually poked holes in it, and even the European version of the technology, referred to as Chip-n-Pin and regarded as superior to its American counterpart, has deeply-rooted flaws.
In March, prior to the NCR researchers’ discovery of the latest security shortcoming, “two small Florida stores filed a lawsuit seeking class action status, saying their bill for fraudulent transactions has increased perhaps 20-fold since the October deadline and the EMV delay — playing out in smaller stores across the country — is costing them big money,” MarketWatch reported.
In fact, as of March, the majority of retailers who had purchased the new card readers were yet to actually employ the technology, opting to stay with the magnetic stripe reader, instead. Though five million EMV readers had been purchased, only one million were in use.
As credit card security efforts continue to fall short, CNNMoney reported the experts from NRC “advised shops to ‘encrypt everything’ in a transaction. They also said consumers should pay with special apps on their phones and watches whenever the high tech option is available.”
This article (You Know Those New Chips in Your Credit Card? They’re Failing You Miserably) is free and open source. You have permission to republish this article under a Creative Commons license with attribution to Carey Wedler and theAntiMedia.org. Anti-Media Radio airs weeknights at 11 pm Eastern/8 pm Pacific. If you spot a typo, please email the error and name of the article to [email protected].
Can’t wait for the RFID, it will be a lot simpler when the hackers can just hack them out of your body with a knife instead.
Olde Soul,
That is a VERY chilling thought…
Yes, I know. I’m here to wake people up. There are people lining up to be part of the Singularity. They’re going to drag the rest of us with souls into the abyss with them, one techno-blitzkrieg at a time.
That’s the sad truth, Olde Soul. And as MK Ultra operative Aldous Huxley quipped, they will love their enslavement.
I’m sure you caught the last “punchline”, problem, reaction, solution style: “THEY also said consumers should pay with special apps on their phones and watches whenever the high tech option is available.” Then there’s the dude in Sweden showing off how he uses the RFID implant in his hand… => Zombie world Yeah, tell me again, when is the mother ship coming? Good grief, get us outta here. 😉
Hahaha… I so love you, blue. You are so nuanced.
Heh, psst…. I’ve been to the mother ship. They are here, don’t tell the robots! LOL
Ya know, in the winter I’ve seen some pretty darn good lenticular cloud formations that could have passed for mother ships…I always send up an S.O.S…just in case. No worries about the robots, they only notice you if you’re into texting.
Me, too. I live in a valley surrounded by high mountains and the lenticulars are always so distinctive and unusual. They FEEL like cloud ships and I get a very comforting feeling from them.
Same for me, Olde Soul, but then I’ve always loved watching the sky and observing the clouds: cumulus, rainbow (thin ice crystal layer), wave (resembling gigantic series of Ocean Spray logos), mammatus, and much more. All the more reason I’m amazed the average person isn’t shocked over what geoengineering is doing to our skies. I don’t feel right either on heavy spray days and notice how important the sun is for my well being, spiritual, energetic – more than vit D, endorphins.
Do you know about orgonite and sylphs? These are two things you can do personally to help to mitigate the spraying and its effects. Go the Empowerment page for more info.
http://www.orgoneartis(DOT)tcom/
This is a friend of mine. I wear one of his pendants and I also work with sylphs. I’ve had good luck with both.
I heard about orgonite but not sylphs. Thanks, I’ll look at the website. Nice to get your testimonial. I’m seeing occasional dark gray trails, wonder what that is…maybe the German dude is right – Kafka-esque.
This is an interesting sync…. yesterday I saw some mammatus clouds. I am also a big cloud watcher but I can count the times I’ve seen mammatus clouds on one hand. I immediately thought of you! I am a surfer (or used to be before I moved to the Rockies) and mammatus clouds look exactly like when a huge ocean wave passes over your head. When you “wipe out” on a really big wave, the force of the wave drags you to the bottom. If you look up as the wave passes over, it looks exactly like a big gray mammatus! Interesting…. hm.
Thanks, I love visualizations! If I’m forced to come back I’ll see if I can be a surfer next time. Looks right up my alley. I was smitten with Laird Hamilton’s grace watching Riding Giants. Oh my!
About as chilling as organ “harvesting” in Israel from Palestinians.
Yes, and the other bit of good news is that at the rate things are going, Americans won’t have any equity or assets for hackers to strip in the future.
I had 3 different cards compromised in 3 weeks when the chips first came out. The only thing they all had in common was they were all used at the same gas station at Kroger’s. Turns out those pumps all use the same key which is available online & crooks go to the outside lane [attendant can’t watch a dozen pumps] in the am ,insert the reader and come back before closing & remove it. These cards had never left my possession and there was 6K worth of mail order automatic weapons & ammo on there! Since I immediately notified the cards & merchants I was not liable but who knows what “lists” I am on now!
Those readers are expensive too for merchants. A friend’s hairdresser told her she would now only take cash and checks because the new mandatory chip card readers would cost her $3,000 and she refused to buy in.
There’s a reason why the US was the last nation in the developed world to get the RFID credit cards. TPTB thought some Americans might rebel given how fierce the resistance was in the farming and ranching communities in the 90s to the roll of the National Animal Identification System (NAIS) requiring the chipping of ALL farm animals along with a continuously updated inventory of their every movement, transfers, etc. The ruling elite lost that battle in the US and are doing an end run to eventually chip people via desensitization and smart phones.
“They also said consumers should pay with special apps on their phones and watches whenever the high tech option is available.”
Explains why top International Bankster henchman Larry Summers joined the board of 21 Inc, a Bitcoin startup that develops software to use Bitcoin for purchases. Summers is also the leader of the electronic gulag working to eliminate cash. Also explains why some welfare programs subsidize smart phones for low income people and why the new GMO DARK act with its “Smart” coded labels require a smart phone reader.
You have been busy as usual, Blue. Thanks, friend!
😉
nochipforme