Brother
Professional
- Messages
- 2,590
- Reaction score
- 506
- Points
- 83
Generally speaking, the chip card is protected very well. If you use maximum protection, it will be simply unprofitable to hack it. But there are loopholes. More precisely, not loopholes, but special operating modes.
We say "chip card", we mean "hybrid card". Those. most modern chip cards have a magnetic stripe in addition. In principle, purely chip cards are found, but not too often. I have a card of a small Ural bank lying in my nightstand. I started it in order to catch an error in Internet banking, which I was developing then. The error appeared only on the production server, it was not reproduced on the test server. So, this card is purely chip, and it has no magnetic stripe, but in this place there is just a stripe of a different color (blue). With this card, the mode I want to talk about will not work. The loophole only works for hybrid cards that have both a chip and a magnetic stripe.
Here's the thing. Since the card is hybrid, it can be serviced both by the magnetic stripe and by the chip. This is necessary for compatibility, because in some places sometimes there are terminals with only a magnetic stripe reader, without a chip reader.
It is much more difficult to verify a transaction on a card with a magnetic stripe, neither you have an electronic signature, nor a risk assessment with a card ... Just a piece of magnetic tape with static information on it. Therefore, most fraud with the use of plastic cards occurs either through magnetic stripe or through social engineering, the EMV technology itself (chip card technology) is very reliable. There is also fraud without the presence of the card itself, CNP, Card Not Present, but there will be separate posts for this. Now we are only talking about the card that is present.
However, it is rather difficult to find a POS terminal without a chip reader. That's why...
Chips in cards are actually quite reliable. Cases where they break are very rare. But theoretically possible. Therefore, payment systems provide for a kind of fallback.
When you walk with a hybrid card to a payment terminal (POS terminal, Point Of Sale), and in it there is a chip reader and a magnetic stripe reader. If the cashier first swipes the card over the magnetic reader, the terminal will see one important meaning. Service code starting with a 2 or 6. Service code, Let me remind you, it consists of three numbers, and the first shows the way the card is processed. If there is 1 or 5, then the card is purely magnetic. 1 - you can pay all over the world, 5 - only within the country. Similarly, if the first digit is 2 or 6, then the card is chip (2 - worldwide, 6 - by country). In our case, the terminal will ask you to insert the card into the chip reader and then try to carry out an operation with the chip.
And then the time comes for the promised loophole. If the operation on the chip is not possible, the terminal (if allowed) may agree to perform the operation on the magnetic stripe. This is the so-called. Fallback mode.
When is it possible?
1. The chip cannot be read (damaged)
2. There are no applications on the chip that the terminal can work with
3. The chip has the required application, but the terminal does not support this version of the application.
The carders use the first case. They make it impossible to read the chip (forgive me, I won't even hint how). Because for other cases, you need to have the private key of the issuing bank.
Well, then - the operation with the magnetic stripe ... And the magnetic stripe is not necessarily original. Sorry, there are no details here.
I must say that two large payment networks - Visa and MasterCard, according to my information, follow slightly different approaches. Visa tends to give more opportunities to pay, MasterCard is more concerned with security. In general, both networks have an economic impact on the fact that banks are less likely to agree to Fallback. The risks are great. And in case of claims, the bank that accepted the card through Fallback knowingly lost. But this regime is not being removed. Who knows, suddenly you find yourself out of cash in the middle of someone else's city with a card in which the chip is damaged.
