Payments tech firm NCR discovers security flaw in chip cards (MA, V)

Small Business EMVBII

This story was delivered to BI Intelligence “Payments Briefing” subscribers. To learn more and subscribe, please click here.

Chip-enabled credit cards are supposed to be more secure than magnetic stripe cards, because the chip’s ability to create dynamic, single-use data is nearly impossible for fraudsters to counterfeit.

But at the Black Hat computer security conference, researchers from payments technology firm NCR announced that they’ve uncovered a way that can be bypassed, according to CNN.

Chip cards still include a magnetic stripe so they can be used at merchants that have not yet upgraded to EMV-enabled terminals. But when a user attempts to pay via swipe at a chip-enabled terminal, they are generally instructed to “dip” the card into the chip reader.

NCR believes that there’s a way that hackers will be able to rewrite the magnetic stripe coding on a card to make it appear “chipless” when swiped, therefore allowing them to continue to replicate and counterfeit essentially fake chip cards, according to CNN.

The flaw could keep retailers hesitant to upgrade to EMV-enabled terminals. Merchants could potentially prevent this type of counterfeit fraud by enabling point-to-point encryption (P2PE) on their terminals, a feature that most manufacturers include, but require merchants to manually enable.

That means that if merchants aren’t aware of the need for encryption, they might believe that the expenses associated with upgrading to EMV — new terminals cost up to $600 each, plus other costs associated with activation — isn’t worthwhile, and will continue using their old terminal. And that could exacerbate an ongoing problem, because 41% of smaller merchants have not upgraded to EMV terminals — and 20% of that group, which would be most likely to be unaware of the need for encryption, don’t plan to do so.

Fraud cost U.S. retailers approximately $32 billion in 2014, up from $23 billion just one year earlier. To solve the card fraud problem across in-store, online, and mobile payments, payment companies and merchants are implementing new payment protocols that could finally help mitigate fraud.

John Heggestuen, senior research analyst for BI Intelligence, Business Insider’s premium research service, has compiled a detailed report on payment security that looks at how the dynamics of fraud are shifting across in-store and online channels and explains the top new types of security that are gaining traction across each of these channels, including on Apple Pay.

Here are some of the key takeaways from the report:

  • EMV cards are being rolled out with an embedded microchip for added security. The microchip carries out real-time risk assessments on a person’s card purchase activity based on the card user’s profile. The chip also generates dynamic cryptograms when the card is inserted into a payment terminal. Because these cryptograms change with every purchase, it makes it difficult for fraudsters to make counterfeit cards that can be used for in-store transactions.
  • To bolster security throughout the payments chain encryption of payments data is being widely implemented. Encryption degrades valuable data by using an algorithm to translate card numbers into new values. This makes it difficult for fraudsters to harvest the payments data for use in future transactions.
  • Point-to-point encryption is the most tightly defined form of payments encryption. In this scheme, sensitive payment data is encrypted from the point of capture at the payments terminal all the way through to the gateway or acquirer. This makes it much more difficult for fraudsters to harvest usable data from transactions in stores and online.
  • Tokenization increases the security of transactions made online and in stores. Tokenization schemes assign a random value to payment data, making it effectively impossible for hackers to access the sensitive data from the token itself. Tokens are often “multiuse,” meaning merchants don’t have to force consumers to re-enter their payment details. Apple Pay uses an emerging form of tokenization.
  • 3D Secure is an imperfect answer to user authentication online. One difficulty in fighting online fraud is that it is hard to tell whether the person using card data is actually the cardholder. 3D Secure adds a level of user authentication by requiring the customer to enter a passcode or biometric data in addition to payment data to complete a transaction online. Merchants who implement 3D Secure risk higher shopping-cart abandonment.

In full, the report:

  • Assesses the fraud cost to US retailers and how that fraud is expected to shift in coming years
  • Provides 5 high-level explanations of the top payment security protocols
  • Includes 7 infographics illustrating what the transaction flow looks like when each type of security is implemented.
  • Analyzes the strengths and weakness of each payment security protocol and the reasons why particular protocols are being put in place at different types of merchants.

To get your copy of this invaluable guide, choose one of these options:

  1. Subscribe to an ALL-ACCESS Membership with BI Intelligence and gain immediate access to this report AND over 100 other expertly researched deep-dive reports, subscriptions to all of our daily newsletters, and much more. >> START A MEMBERSHIP
  2. Purchase the report and download it immediately from our research store. >> BUY THE REPORT

The choice is yours. But however you decide to acquire this report, you’ve given yourself a powerful advantage in your understanding of payments security.


Business Insider
Payments tech firm NCR discovers security flaw in chip cards (MA, V)
#waterdamage #_waterdamagepro #waterdamagerestoration #flooddamage #moldremediation #_waterdamagepro

The post Payments tech firm NCR discovers security flaw in chip cards (MA, V) appeared first on Residential and Commercial Water Damage Restoration.

Source: Water Damage

152 thoughts on “Payments tech firm NCR discovers security flaw in chip cards (MA, V)”

  1. Absolutely NEW update of SEO/SMM software “XRumer 16.0 + XEvil 3.0”:
    captchas breaking of Google, Facebook, Bing, Hotmail, SolveMedia, Yandex,
    and more than 8400 another categories of captchas,
    with highest precision (80..100%) and highest speed (100 img per second).
    You can connect XEvil 3.0 to all most popular SEO/SMM programms: XRumer, GSA SER, ZennoPoster, Srapebox, Senuke, and more than 100 of other programms.

    Interested? There are a lot of impessive videos about XEvil in YouTube.
    Good luck!

    XRumer201707

  2. Absolutely NEW update of SEO/SMM software “XRumer 16.0 + XEvil 3.0”:
    captchas solution of Google, Facebook, Bing, Hotmail, SolveMedia, Yandex,
    and more than 8400 another size-types of captcha,
    with highest precision (80..100%) and highest speed (100 img per second).
    You can connect XEvil 3.0 to all most popular SEO/SMM software: XRumer, GSA SER, ZennoPoster, Srapebox, Senuke, and more than 100 of other software.

    Interested? There are a lot of impessive videos about XEvil in YouTube.
    See you later!

    XRumer201707

  3. Hiya, I am really glad I’ve found this info. Today bloggers publish only about gossip and net stuff and this is really annoying. A good blog with exciting content, that’s what I need. Thanks for making this site, and I will be visiting again. Do you do newsletters? I Cant find it.

  4. pure cbd oil for dogs dosage cbd oil benefits and side effects [url=http://www.academia.edu/34500740/Hemp_Milk_Health_Benefits_Nutrition_and_Side_Effects]cbd oil for cancer treatment of liver disease[/url] benefits of cbd oil for colon cancer

    cbd oil side effects stomach pain cbd oil with zonisamide for seizures in dogs cbd oil for cancer sale colorado how much cbd oil for pain relief

  5. buy online viagra

    [url=http://wittwertrainingsystems.com/forum/discussion/460662/why-an-online-drug-store-saves-you-cash-as-well-as-time-on-all-your-prescription-medicines]cialis and pharmacy[/url]

    online viagra sales

    viagra buy

    taking viagra

  6. [url=http://shortswigs.com/]Short Wigs[/url]
    [url=http://shortswigs.com/]Wigs For Women[/url]
    [url=http://humanhair-wigs.com/]Human Hair Wigs[/url]
    [url=http://humanhair-wigs.com/]Wigs For Women[/url]
    [url=http://wigsforcancerspatients.com/]Wigs[/url]
    [url=http://wigsforcancerspatients.com/]Wigs For Cancer Patients[/url]
    [url=http://wigsforblackwomens.com/]Wigs For Women[/url]
    [url=http://wigsforblackwomens.com/]Wigs For Black Women[/url]
    [url=http://wigsforblackwomens.com/]African American Wigs[/url]
    [url=http://raquel-welchwigs.com/]Human Hair Wigs[/url]
    [url=http://raquel-welchwigs.com/]Raquel Welch Wigs[/url]
    [url=http://wigssforwomen.com/]Wigs For Women[/url]
    [url=http://wigssforwomen.com/]Human Hair Wigs[/url]
    [url=http://short-wigsforblackwomen.com/]Short Wigs For Black Women[/url]
    [url=http://short-wigsforblackwomen.com/]Wigs For Women[/url]
    [url=http://wigsfor-black-women.com/]Wigs For Black Women[/url]
    [url=http://wigsfor-black-women.com/]Wigs[/url]
    [url=http://wigsforblacknwomen.com/]Wigs For Black Women[/url]
    [url=http://wigsforblacknwomen.com/]Wigs For Women[/url]
    [url=http://womenwigsfor.com/]Wigs For Women[/url]
    [url=http://womenwigsfor.com/]Wigs For Women[/url]
    [url=http://humanhairwigsforblack-women.com/]Human Hair Wigs For Black Women[/url]
    [url=http://humanhairwigsforblack-women.com/]Wigs[/url]
    [url=http://wigs-forblack-women.com/]Wigs For Black Women[/url]
    [url=http://wigs-forblack-women.com/]Wigs[/url]
    [url=http://wigsfor-womens.com/]Wigs For Women[/url]
    [url=http://wigsfor-womens.com/]Wigs For Black Women[/url]

  7. [url=http://lace-wigs.net/]Wigs For Women[/url]
    [url=http://lace-wigs.net/]Lace Front Wigs[/url]
    [url=http://wigshumanhair.us.com/]Wigs[/url]
    [url=http://wigshumanhair.us.com/]Wigs For Women[/url]
    [url=http://wigsforblackwomen.org/]Wigs For Women[/url]
    [url=http://wigsforblackwomen.org/]Wigs For Black Women[/url]
    [url=http://wigforwomen.com/]Wigs For Women[/url]
    [url=http://wigforwomen.com/]Wig[/url]
    [url=http://wigshumanhair.org/]Wigs[/url]
    [url=http://wigshumanhair.org/]Real Hair Wigs[/url]
    [url=http://wigsforzwomen.com/]Wigs[/url]
    [url=http://wigsforzwomen.com/]Wigs For Women[/url]
    [url=http://wigsfortwomen.com/]Wigs For Women[/url]
    [url=http://wigsfortwomen.com//]Wigs[/url]
    [url=http://wigsforblackwomenbuy.com/]Wigs[/url]
    [url=http://wigsforblackwomenbuy.com/]Wigs For Black Women[/url]
    [url=http://humanhair-wigs.org/]Wigs For Women[/url]
    [url=http://humanhair-wigs.org/]Human Hair Wigs[/url]
    [url=http://lace-wigs.org/]Lace Wigs[/url]
    [url=http://lace-wigs.org/]Lace Front Wigs[/url]
    [url=http://fulllacefront-wigs.com/]Full Lace Front Wigs[/url]
    [url=http://fulllacefront-wigs.com/]Lace Front Wigs[/url]
    [url=http://lacefront-wigs.com/]Lace Front Wigs[/url]
    [url=http://lacefront-wigs.com/]Full Lace Wigs[/url]
    [url=http://humanhair-wigsus.com/]Human Hair Wigs[/url]
    [url=http://humanhair-wigsus.com/]Wigs For Women[/url]

  8. cbd in marijuana does not get you high [url=http://soscvs.org.mz/index.php?option=com_k2&view=itemlist&task=user&id=1648469]see it here[/url] health benefits of cbd hemp oil

    everx cbd infused sports water funny post cbd oil from colorado for cancer patients

Leave a Reply

Your email address will not be published. Required fields are marked *