For Finextra's free daily newsletter, breaking news and flashes and weekly job board.
Surely the best way to eliminate skimming is to remove the mag stripe. You can't clone what isn't there.
With 1.5 billion cards in circulation worldwide, removing the magstripe is no simple task. That means every reader and every machine has to be refitted. I doubt we will ever see the magstipe go away. There are to many technologies relying on it and many
technologies coming to secure it, or at least make its insecurity a non issue.
Why does the industry continue to expend effort on trying to secure the magstripe when it is just money down the drain (watermark magnetic et al.)? I agree that the magstripe may stay but purely as a means for unattended devices to ensure you have the card
the right way round. The answer is to use IC Cards where you have a secure environment to store the data. EMV expands throughout the world and in every country it is introduced fraud goes down; the issue is that as everyone closes the front door the back door
is left wide open in the US.
I'm not saying that chip cards are the answer to everything (I'll leave that to some of the purveyors of solutions who have 'the answer') there is no single solution to combating fraud it always has been a layered approach. But putting an active component
in the cardholders' hands gives you the ability to develop solution for Card Not Present that would further limit the opportunity for fraud.
To plagiarise 'The Borg' "EMV - you will comply - resistance is futile".
I agree it's not an easy task. The question is how concerned are people/goverments/banks about the level of fraud? Its fine saying it's expensive and difficult, I agree it is, but EMV does exist and works quite nicely without a Mag stripe.
There are other solutions - someone will no doubt try and sell one on here in the next few hours - but none in the 'real world' yet other than EMV.
At what point does the cost get outweighed by the benefit? If we can prevent terrorists obtaining funding through fraud and prevent hundreds/thousands of death is that worth the pain of replacing cards and upgrading devices?
I agree strongly with Nick and Joe. Yes there are alternatives to chip cards to address card skimming, and there is a host of non-chip solutions to other fraud modalities too, but they're all ad hoc, or short term.
It's important I think to focus on the underlying vulnerability that enables most identity related frauds, namely the replayability of ordinary digital data. To properly tackle most payment fraud, we must prevent the replay of ID data (most feasibly through
asymmetric cryptography i.e. digital signatures). And we should protect users against real time fraudsters (phishers, pharmers) through intelligent personal security devices.
In plain English, the unique and powerful thing about smartcards is they can tell what's going on around them. Smartcards (and their intelligent cousins SIMs, smartphones, USB keys etc.) can act as proxies for their owners. They can test the digital
bona fides of web sites and of terminal equipment, detect Man-in-the-Middle attacks, detect spam, and self-monitor to tell if they're being used inappropriately.
So ... we can keep tinkering with magnetic stripes, end-to-end encryption, tokenization and two factor authentication, to erect short term barriers to specific attack vectors, but with significant total cost and at teh expense of user confusion and divergence.
Or, we can transition to a single, fundamentally robust, extensible, long term approach to all digital ID protection, using chip cards to address skimming, counterfeiting,
CNP fraud, and ID theft all at the same time.
04 Feb 2009
24 Mar 2020
12 Mar 2020
05 Mar 2020
27 Feb 2020