New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research

Search

Chip Cards are Not as Secure as We May Think

As it’s known, the chip-and-pin method of payment has become the norm for all modern businesses today. Neglecting to comply by standards though has caused a good majority of cards to be compromised. Since 2015, all major credit bureaus moved to the chip method and shifted payment-card fraud liability to make the merchants responsible. Chip cards, which contain an inserted microchip that encodes the card information, are a more secure option in contrast to the magnetic stripe cards that came before them, in principle. Gas stations are the only exception to the switch, having until 2020 to change. Since events like the Home Depot and Target data breaches, consumers have started to question the validity of chip cards. Various dark web sources found that over the past 12 months, 60 million U.S. cards had been compromised, 93 percent being EMV chip-enabled. 45.8 million of those records had been accessed through in-person transactions. It’s safe to assume this was made possible through skimming malware and POS breaches. “There are numerous merchant locations that are still asking their customers to swipe rather than use the chip-insert method, thus completely neglecting the EMV security features,” explained Gemini, in its report. “In some cases, retailers are opposing migration to newer EMV technology because of the inherent high cost of the equipment. To fully upgrade the hardware and software of a POS terminal, the price tag could be upward of several thousand dollars, which is often a pricy burden for small to medium size businesses, leaving them exposed to card-present fraud,” according to an unnamed researcher.

Analyst Notes

Since gas station pumps have not mandated EMV functionality quite yet, it is always a safer bet for users to pay inside. Always check Bluetooth connections because that is what most skimmers use to broadcast over. Anytime a card is swiped, it is a safe move to check your account even days following the last use for any fraudulent transactions. If any fraudulent transactions have happened, contact the bank immediately so they can disable the card and issue a new one.