GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View flipbook of this issue

Care to Share?

Table of Contents

Lead Story

2014: A promising year in payments - Part 1


Industry Update

Wal-Mart alleges Visa monopoly in suit

Will Durbin ruling spur EMV transition?

Spurning of secure element, end of XP support present opportunities


Windows Phone gets first mobile POS


PayPal, Starbucks, Apple, Square: Which is the one to watch, and why?

Ken Musante
Eureka Payments LLC


Street SmartsSM:
A day in the life

Tom Waters and Ben Abel
Bank Associates Merchant Services

Going social: Where to start

Michael Gavin
Merchant Warehouse

Hiring employees - Part 3

Vicki M. Daughdrill
Small Business Resources LLC

A strong work ethic in today's payments sphere

Jeff Fortney
Clearent LLC

Company Profile

Open The BIG Doors


New Products

A better route to sales

BlueSnap intelligent payment routing
BlueSnap Inc.

Inventory movers go mobile

PayOS Inventory Management
SecureNet Payment Systems LLC


Healthy people, healthy business


Readers Speak

Resource Guide


A Bigger Thing

The Green Sheet Online Edition

April 14, 2014  •  Issue 14:04:01

previous next

Readers Speak

Is chip and PIN bullet proof?

I recently read about a Canadian man who is suing his bank. He claims a criminal used his account data without his knowledge to make an $80,000 purchase, and the bank won't reimburse the funds, even though the bank removed a subsequent charge of about $4,000 made by the same party. The bank won't reimburse the first charge partly because the fine print of its consumer agreement states it will credit charges made after a fraud is reported, but it says nothing about charges made before the fraud is reported.

The bank also claims it is impossible to make fraudulent charges when EMV chip and PIN are both used to make purchases. The man suing his bank insists he never wrote down his PIN, nor did he divulge it to anyone else. And he says the card never left his possession.

Is it true that when both chip and PIN are used fraud is impossible? And will the upcoming U.S. EMV liability shift make it easier for merchants and banks to shift liability to consumers?

Brian Manchester Merchant Level Salesperson


We cannot speak to the particulars of this case, but research appears to indicate Europay/MasterCard/Visa (EMV) chip and PIN transactions are susceptible to fraud. In the paper "Chip and PIN is Broken" researchers in the Security Group at Cambridge University in Britain described a "protocol flaw which allows criminals to use a genuine card to make a payment without knowing the card's PIN, and to remain undetected even when the merchant has an online connection to the banking network. The fraudster performs a man-in-the-middle attack to trick the terminal into believing the PIN verified correctly, while telling the card that no PIN was entered at all."

We also cannot speculate regarding banks' and merchants' intentions. However, it would likely be a public relations nightmare for card issuing banks if they changed their consumer fraud protections after EMV is implemented in the United States.


Sound off

Do you have thoughts on U.S. EMV implementation? Do you have other concerns of interest to payment pros? Please let us know at

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | Simpay | USAePay | Impact Paysystems | Board Studios