20 October 2017
Lachlan Gunn

ATM Security

Lachlan Gunn - BenAlpin Ltd

12Posts 74,425Views 23Comments

EMV Smart Card security - what's the way forward?

19 January 2010  |  3179 views  |  1

My post on 'should we have chip only payment cards?' gave rise to some discussion and debate, and many thanks to all those concerned for their views and comments.  The related website poll conducted by the European ATM Security Team (EAST) indicated that 60% of respondents felt that European EMV cards should not hold sensitive cardholder data as standard in a magnetic stripe, although feedback was received highlighting issues with removing the stripe. 

As long as magnetic stripes remain on EMV cards, there is a risk that these can be copied and duplicated for fraudulent use outside of Europe.  EAST has put up a new website poll (https://www.european-atm-security.eu/Research/) which highlights two possible solutions to address this:

1. Magnetic stripes on future cards would not be activated unless the card holder planned to travel outside Europe (as only the Chip would be required to use the card in Europe). To activate the stripe, the Cardholder would have to call their bank (or use another platform such as SMS or internet if available).

2. Chip only cards would be issued to cardholders for use in Europe. Any cardholder wishing to travel outside Europe would need to request a second card, with a stripe, for this purpose. 

It is noted that the second option would give rise to a requirement for most ATM motorized card readers to be reconfigured to not require a magnetic stripe to open the shutter and allow the card to be inserted.

The national representative members of EAST are meeting next month and will be discussing this topic and how to take it forward.  The group is interested in any other views or comments on this.


Comments: (1)

A Finextra member
A Finextra member | 21 January, 2010, 10:04

Just a thought but couldn't option 1 be activated at the European ATM, rather than on the phone? When the customer returned to Europe, first use of an ATM could then prompt the customer to deactivate the mag stripe. There could also be separate transaction limits for the stripe

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Latest posts from Lachlan

Heat from your fingers could disclose your PIN at an ATM

30 August 2011  |  5113 views  |  1 comments | recomends Recommends 0 TagsCardsSecurityGroupInformation Security

Do you get SMS alerts for debit card transactions?

18 August 2011  |  9756 views  |  3 comments | recomends Recommends 0 TagsCardsSecurityGroupInformation Security

Europol busts international cross border skimming operation

18 July 2011  |  5661 views  |  0 comments | recomends Recommends 0 TagsCardsSecurity

Fraud migrates away as European EMV rollout nears completion

22 June 2011  |  5837 views  |  1 comments | recomends Recommends 0 TagsCardsSecurity

Is the rise of global card fraud being taken seriously?

11 February 2011  |  4941 views  |  1 comments | recomends Recommends 0 TagsCardsSecurity

Lachlan's profile

job title Director
location Perth
member since 2009
Summary profile See full profile »
Lachlan is Director of BenAlpin Ltd, a security consultancy, and is also founder and a Director of European ATM Security Team Ltd, an independent, non-profit, international ATM user group. EAST has a...

Lachlan's expertise

Member since 2007
12 posts23 comments
Lachlan's blog archive
2011 (5)2010 (4)2009 (3)

Who's commenting on Lachlan's posts