An article relating to this blog post on Finextra:
Millions of German bank cards hit by Y2K timebomb
Millions of German bank cardholders have been hit by a Y2K-hangover bug which prevents card chips supplied by French technology company Gemalto from recognising the year 2010 change.
On the 1st of January 2010, many German bank customers found that their banking smart cards had stopped working. Details of why are
still unclear, but indications are that the cards believed that the date was 2016, rather than 2010, and so refused to process a transaction supposedly after their expiry dates. This problem could
turn out to be quite expensive for the cards’ manufacturer, Gemalto: their shares
dropped almost 4%, and they have booked a
€10 m charge to handle the consequences.
These cards implement the EMV protocol (the same one used for Chip and PIN in the UK). Here, the card is sent the current date in 3-byte YYMMDD
binary-coded decimal (BCD) format, i.e. “100101″ on 1 January 2010. If however this was interpreted as
hexadecimal, then the card will think the year is 2016 (in hexadecimal, 1 January 2010 should have actually been “0a0101″). Since the numbers 0–9 are the same in both BCD and hexadecimal, we can see why
this problem only occurred in 2010*.
In one sense, this looks like a foolish error, and should have been caught in testing. However, before criticizing too harshly, one should remember that EMV is almost impossible to implement perfectly.
Read more at Light Blue Touchpaper...