Time to breakup with Magnetic Strip, and move on to EMV

We ease to enter in the era of Smart Technologies, smart phone, smart home, smart car, and of course now smart cards, is this the reason that everything including the the word ‘Smart’ so we need to add this in our cards also or we really need our card to be smart.

Closeup of a credit card with a gold chip

Magnetic Strip can cloned or skimmed but not chip

There are 2 tracks (called Track 1 and Track 2) which are used for processing electronic payments.

Components of Track 1

FIELD DATA
PAN 4300 1234 4321 3232
Expriation Date 08/19
Cardholder’s First name Abhishek
Cardholder’s last name Agrawal
Service Code 101
CVV 123

Components of Track 2

FIELD DATA
PAN 4300 1234 4321 3232
Expriation Date 08/19
Service Code 101
CVV 123

How Cloning Is Achieved

The biggest  problem with Magnetic card is that the data is static, making it easier for fraudsters to lift your information and clone it onto a new card. In fact, there’s something called a skimmer — which they can get or make for as little as $20 — that can do this pretty easily.

Cards can be cloned using a system called skimming, in which the cloning device is perhaps concealed in the pocket of the person you’re paying – or in extreme situations, attached to the payment machine.

The information from the magnetic strip on your card is then copied and the PIN observed or recorded as it is entered for payment. With your card details captured, they can be entered online or programmed into a brand new card which the thieves will then use, charging their purchases to your account.

You’re probably thinking that the nice girl in your local supermarket or takeaway wouldn’t dream of cloning your card, and you would probably be right… in most cases, but there are also many other ways to copy or hack you sensitive data from POS terminal or merchant  systems,  even just knowing the Track 2 data is enough to make the fraud.

So how EMV protect us.

A chip also holds a secret number. However, it is securely embedded in the chip. When you use the card, the chip performs a public key operation that proves it knows this secret number. However, it never reveals that secret number. If you put a chipped card in a bad guys machine, they can impersonate you for that one transaction, but they cannot impersonate you in the future.

The data on chip cards is constantly changing, making it extremely hard to isolate and extract. To rip it off, someone would have to get into the physical chip circuit and manipulate things to get your bank information. Not only is this level of data surgery really difficult, but it also requires a set of high-tech equipment that can cost north of $1 million. That’s probably not the kind of cash your average fraudster has handy.

The chip carries out a cryptographic operation on data passed to it that requires knowledge of the key that is strongly protected within the chip – so an attacker cannot easily copy the card.

The magnetic strip contains the exact information used to identify the card. The chip holds a piece of information that it doesn’t share, but that it can use to prove it has that information.

Thus, a magnetic stripe is dumb and can be copied, but since the chip doesn’t give out its secret, a vendor can’t simply copy it when you use it.

A magnetic stripe says ” I’m credit card XYZ. ” when the point of sale asks the number. With a chip the point of sale says “what is your response to this random value?” and the chip gives a response that the point of sale can validate, but since the next point of sale will use a different random value, the response is useless to a thief.

So, I think we have now many good reasons to break-up with Magnetic Strip, and move on to EMV.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s