The Green Sheet Online Edition
September 25, 2017 • Issue 17:09:02
Potential impact of detached chips
Marc Castrechini, Vice President Product Management at Cayan LLC, sent the following response to our Aug. 11, 2017 news story titled "Detached smart card chips trigger privacy concerns" and posted under Breaking Industry News at www.greensheet.com/breakingnews.php?flag=breaking_news&id=1884.
"As a payment acceptance solution provider, we don't work with issuing banks or chip manufacturers. We are on the merchant side of the business, not the consumer side. That being said, there is one thing to note: If someone can physically compromise the chip on a card, the cryptographic capabilities still prevent that card from being duplicated multiple times. So *if* someone can create a second card using the physical chip, that is basically like using a stolen card.
Recall that the primary issue with stolen magnetic stripe data is that it can be replicated to a limitless number of reproduced cards So, if physical compromise of a single chip is possible, the fraud is still limited to a single instance of the card."
In addition, Dale S. Laszig, Senior Staff Writer at The Green Sheet, received a number of comments when she posted this article on LinkedIn. Among them were:
"If they would have adopted chip-and-PIN instead of chip-and-sign in the U.S., the transfer of the chip to another card wouldn't work in the use case described." – Alexandre Marinkovic, payment product and solution management professional
"In my 15-plus years experience with chip cards, I never heard of chips falling off just so. This … must be addressed and fixed by card manufacturer. Mag-stripe transaction with hybrid cards should be presented as 'fallback,' i.e., quite risky. It shouldn't go unnoticed. Sooner or later, chip can be removed or replaced. It may require some skill, but not that much if you don't need contactless interface working. This type of fraud is not such a threat in Europe where PIN is widely used." – Martin Kurdel, EMV Specialist, Regional Card Processing Centre, S.R.O
What are your thoughts on chip card security and other topics we've covered lately? Would you like us to delve into a particular issue in more depth? Let us know at firstname.lastname@example.org.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.