The new credit card with a chip in it in your wallet ‒ touted as being less vulnerable than the old magnetic swipe version ‒ isn’t as safe as you think. Hackers at Black Hat proved once again the chip-and-PIN cards are not as impenetrable as they seem.
It only takes small modifications to equipment to bypass the chip-and-PIN protections and enable unauthorized payments, multiple researchers at the Black Hat convention in Las Vegas, Nevada demonstrated on Wednesday.
The new cards, which began rolling out in the US in October 2015, use technology ‒ called Europay, MasterCard and Visa (EMV) ‒ that has long been standard in Europe. It’s designed to prevent the duplication of cards and crack down on cards that have been stolen. The tech works by inserting the chip into a card reader, then entering a personal identification number, or PIN. However, in the US, the financial industry only requires a signature after the chip is read, which is less secure. Some retailers have ignored the new technology altogether, and just ask customers to swipe their chip cards, the same as a traditional credit or debit card. At Black Hat 2016, as in past conferences, hackers focused on the more secure chip-and-PIN requirements.
https://www.rt.com/usa/354657-chip-pin-cards-blackhat/