Muh likes are back! I love the Face of Boe!
It is. Guess I wasnât sure what audience I was writing for.
Maybe for some of card reader vendors we occasionally read about, who just send all the sensitive info in plaintext over the internet.
Iâm just completely baffled that this seems like a problem thatâs not just solvable but actually solved - and yet the actual implementation of the solution is rare, despite the cost of fraud. WTF?
Comes down to who pays for the fraud. EMV was all about shifting liability away from the card issuers (banks) and processors and onto the merchants who donât deploy new point of sale devices with chip readers.
All the issuing bank has to do is prove that the merchant is the point of least security (non-chip reader or card swipe fallback) and theyâre off the hook. Therefore they donât need or want to require the most secure methods available even though this is standard practice elsewhere. Chip transactions also take much longer to complete and the theory is requiring pins would lead to much higher customer service volume (PIN resets, etc.) and customers using other forms of payment.
The consumer is protected either way so it comes down to a pissing contest between merchants not wanting to upgrade their POS and banks shifting fraud liability to someone else.
Yeah, thatâs why my initial comment was written for first-graders.
I think it may just be because the âmanagementâ class is now almost entirely made up of sociopathic PHB types who just donât care. Note the recent stupid flap between Apple and the FBI. ⌠Everything is always âsomeone elseâs problemâ
A skimmer for the chip data is actually easier to build than one for the magstripe. Parts are available. I donât know if one has been found âin the wildâ yet, perhaps bc it is even easier to hack into the POS and ATM software⌠In order to have any security at all, chip-and-pin must use the MITM-resistant features of the chip.
This topic was automatically closed after 5 days. New replies are no longer allowed.