Credit Union Risk Council
Top Safe
Articles
User Name:

Password:

Credit Card
Articles
Home
Articles
Press Releases
Law Enforcement
About Us
Contact Us
Links
The following sections are secure.
Please log in to view them.

What's Hot?
Resources

Article Archive - Smart Cards

Card Fraud Gang Sentenced to 15 Years
July 2010
The UK Cards Association reports four criminals were sentenced for a total of 15 years at Southwark Crown Court for their involvement in a series of card frauds that took place in the south of England during 2009. Their scam involved tampering with chip and PIN devices in various petrol stations in order to copy the electronic data from customers’ credit and debit cards. The criminals then used this data to make fake magnetic stripe cards that could be used fraudulently overseas in countries yet to introduce chip and PIN.

Chip and PIN is Broken, Say Researchers
July 2010
Tom Espinser at ZDNet UK reports that Researchers at Cambridge University have found a fundamental flaw in the EMV — Europay, MasterCard, Visa — protocol that underlies chip-and-PIN validation for debit and credit cards. As a consequence, a device can be created to modify and intercept communications between a card and a point-of-sale terminal, and fool the terminal into accepting that a PIN verification has succeeded.

Chip-and-PIN Fraud Gang Jailed
June 2010
Tom Espinser at ZDNet UK blogs that a gang of four Londoners has been jailed for a Chip-and-PIN fraud operation which netted £725,000. The gang had modified Chip-and-PIN devices to allow them to capture card information and personal identification numbers. They burnt a hole in the back of the readers, and installed memory devices and Bluetooth, to steal the data.

EMV Won't Affect Most U.S. Banks
June 2010
In an interview with Bank Info Security, Don Rhodes, director of risk management for the American Bankers Association, discusses why chip and PIN doesn't make sense for many U.S. banks. Rhodes says migrating to the EMV standard in the United States:

  • Would at this time be too expensive for U.S. card issuers, retailers, banks and credit unions;
  • Is not yet warranted by current card fraud levels;
  • Only makes sense for niche financial players such as New York-based United Nations Federal Credit Union, which has a large percentage of its membership living and working overseas.

Cryptography Research, Inc. Signs DPA Countermeasures Agreement with MasterCard
June 2010
Cryptography Research, Inc. and MasterCard Worldwide announced that they have signed an agreement relating to Cryptography Research's patent portfolio covering countermeasures to Differential Power Analysis (DPA). Under the agreement, MasterCard will require that vendors of smart cards and other cryptographic products that utilize DPA countermeasures be licensed from Cryptography Research in order to be used on MasterCard’s payment networks.

Is U.S. Ready for Chip & PIN?
June 2010
Tracy Kitten at Bank Info Security reports EMV chip cards are here, but notes the debate is about security vs. cost. She asks, “Is the U.S. ready for chip and PIN payment card authentication? Or are American financial institutions and merchants too invested in current technologies to even consider such a move?” She contends the chip and PIN debate has been re-ignited by two recent announcements:
  • United Nations Federal Credit Union (UNFCU), a $3.1 billion New York-based institution, is going to start issuing chip and PIN Visa-branded credit cards to its globe-trotting Platinum portfolio members who currently have trouble using U.S.-issued cards overseas.
  • Wal-Mart, the big box retailer, essentially drew a line in the sand at a recent industry event, where a spokesperson challenged the U.S. to migrate from its current magnetic-stripe cards, saying "It's time for Chip-and-PIN in the U.S."

Chip and PIN Security Busted
May 2010
Bank Info Security interviews Kim Peretti, former federal prosecutor regarding the TJX/Heartland data breaches. With the recent sentencing of the last of Albert Gonzalez' co-conspirators in the data breaches, a long, hard criminal investigation comes to a close. Kim Peretti, former senior counsel with the Department of Justice, offers an inside look at these investigations.

Smart Cards
February 2010
John Leyden at The Register reports that security researchers have demonstrated a gaping security hole in Chip and PIN credit card authorizations, which undermines trust in the technology as a means to verify retail purchases. Cambridge University security researchers have demonstrated how it might be possible to trick the card into thinking it’s doing a chip-and-signature transaction while the terminal thinks it’s authorized by chip-and-PIN. The flaw creates a means to make transactions that are "Verified by PIN" using a stolen (uncancelled) card without knowing the PIN number. Fraudsters would insert a "wedge" between the stolen card and terminal, tricking the terminal into believing that the PIN was correctly verified.

Use of Contactless Chip Cards Cab Reduce U.S. Payments Fraud
October 2009
The Smart Card Alliance contends in a white paper that the current weakest link for card fraud is the magnetic stripe payments infrastructure, which, as other countries implement EMV-compliant chip cards and infrastructure, is increasingly being attacked in the U.S. Moreover, contactless payments, as currently implemented in the U.S., help reduce card-based fraud.

Online Banking Scams Overshadow Plastic Fraud Slide
October 2009
John Leyden at The Register reports that UK online banking fraud losses rose 55 per cent to hit £39m for the first half of 2009. However, overall card fraud losses fell 23 per cent from £304.2m in 1H2008 to £232.8m in the first half of 2009. Moreover, CNP fraud in the UK shrank for first time. Fraud Action UK credits the decline in plastic fraud to the introduction of Chip and PIN making life more difficult for fraudsters to counterfeit cards and enforcement efforts by the banking industry-funded Dedicated Cheque and Plastic Crime Unit (DCPCU). Increasing use of "sophisticated fraud screening detection tools by retailers and banks, as well as the continuing growth in the use of MasterCard SecureCode and Verified by Visa" are credited with reducing customer not present fraud.

Researcher Hacks into Credit Card Magnetic Strips
February 2008
Ryan Naraine at eWeek.com reports that an RFID security guru releases a test program that can read chip and PIN credit cards using the EMV standard. Personally identifiable information baked into the magnetic strip on your credit card can be easily hijacked by hackers using lightweight tools, according to a warning from RFID security guru Adam Laurie.

Paper Clip Attack Skewers Chip and PIN
February 2008
The Register reports that UK researchers have uncovered a serious flaw in the Chip and PIN machines that authenticate debit and credit card transactions. Two of the most popular PIN entry devices (PED) in the UK — the Ingenico i3300 and Dione Xtreme — are vulnerable to a "tapping attack", using nothing more sophisticated than a paper clip, a needle and a small recording device. This basic kit enabled University of Cambridge Computer Labs researchers to record data exchanged between a card and the device's processor without triggering tamper-proofing mechanisms. The devices analyzed by the team were borrowed from merchants, but they can also be purchased online for as little as $20.

Back to Top

Article archive by topic

Card Data Breaches

Card Fraud

Identity theft

Skimming

Smart Card