chip credit cards

Non-investing personal finance issues including insurance, credit, real estate, taxes, employment and legal issues such as trusts and wills
Post Reply
boater07
Posts: 452
Joined: Sun Apr 15, 2007 7:44 pm
Location: Northwest

chip credit cards

Post by boater07 » Wed Sep 03, 2014 9:22 pm

Visa and MC seem to be issuing new chip cards. I understand the value of the new cards but am curious how my prior info with the issuer is erased.
The hacking seems to be within co info [Target etc] and how does a new card delete my info?
Am I making any sense?

The Wizard
Posts: 11102
Joined: Tue Mar 23, 2010 1:45 pm
Location: Reading, MA

Re: chip credit cards

Post by The Wizard » Wed Sep 03, 2014 9:29 pm

No, you're not making any sense.
Sorry...
Attempted new signature...

User avatar
The529guy
Posts: 493
Joined: Fri May 23, 2014 1:08 am

Re: chip credit cards

Post by The529guy » Wed Sep 03, 2014 9:47 pm

boater07 wrote:Visa and MC seem to be issuing new chip cards. I understand the value of the new cards but am curious how my prior info with the issuer is erased.

After your credit card is compromised, the credit card company invalidates it and sends you a replacement card with a new number.

boater07 wrote:The hacking seems to be within co info [Target etc] and how does a new card delete my info?

I'm not smart on data breach disclosure law, but I think it's safe to say that the merchant reports the theft to the credit card company, which then acts accordingly (see above).

I'm not sure whether this answers what you're trying to ask.

MSchleicher
Posts: 81
Joined: Sun Apr 20, 2014 11:16 am

Re: chip credit cards

Post by MSchleicher » Wed Sep 03, 2014 10:03 pm

The chip cards will deter thieves from copying information contained within the magnetic strip. This level of protection will not be the end all be all solution to data breaches and hacking.

Saving$
Posts: 1526
Joined: Sat Nov 05, 2011 8:33 pm

Re: chip credit cards

Post by Saving$ » Wed Sep 03, 2014 10:12 pm

boater07 wrote:Visa and MC seem to be issuing new chip cards. I understand the value of the new cards but am curious how my prior info with the issuer is erased.
The hacking seems to be within co info [Target etc] and how does a new card delete my info?
Am I making any sense?


The hacking at, for example, Target, compromised your name, physical address, phone number, email and debit or credit card number. The hackers still have the first four pieces of info, but Visa/MC change the one thing they can change, which is your card number.

boater07
Posts: 452
Joined: Sun Apr 15, 2007 7:44 pm
Location: Northwest

Re: chip credit cards

Post by boater07 » Wed Sep 03, 2014 10:33 pm

MSchleicher wrote:The chip cards will deter thieves from copying information contained within the magnetic strip. This level of protection will not be the end all be all solution to data breaches and hacking.


Thank you. I think I get it. The magnetic strip had all the info. I was afraid that a new card alone with chip would still leave all my info somewhere.
ie a card application with personal info .

User avatar
6miths
Posts: 640
Joined: Fri Jan 01, 2010 1:55 pm
Location: Toronto, Canada

Re: chip credit cards

Post by 6miths » Wed Sep 03, 2014 10:37 pm

You also have a PIN number linked to the card which needs to be entered into the terminal.
'It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so!' Mark Twain

Mudpuppy
Posts: 5469
Joined: Sat Aug 27, 2011 2:26 am
Location: Sunny California

Re: chip credit cards

Post by Mudpuppy » Wed Sep 03, 2014 11:57 pm

boater07 wrote:
MSchleicher wrote:The chip cards will deter thieves from copying information contained within the magnetic strip. This level of protection will not be the end all be all solution to data breaches and hacking.


Thank you. I think I get it. The magnetic strip had all the info. I was afraid that a new card alone with chip would still leave all my info somewhere.
ie a card application with personal info .

Your information is in more places than the magnetic strip. Whatever you entered on an application is stored at the credit card issuer for however long their retention policy states. Certain information will be retained as long as you keep the account, as part of the account management information. Changing the card number does not delete the account, just how merchants can charge the account.

Also, if someone has a copy of your magnetic stripe, such as what has happened with the numerous breaches (not just Target), they'll still have that copy. They'll still know everything that was on the magnetic stripe of the old card. Reissuing the card does not destroy the copies. They just won't be able to make new charges against the account because the card number has been changed.

bberris
Posts: 768
Joined: Sun Feb 20, 2011 9:44 am

Re: chip credit cards

Post by bberris » Thu Sep 04, 2014 5:27 am

The chip-and-sig cards still have a magnetic stripe, so they are still clonable and hackable. The chip might make it easier to use outside the US. Chip and pin may be more secure in person. Does nothing for internet fraud. I am not understanding all the gnashing of teeth here over fraud. It doesn't cost the consumer anything. The banks have decided that the solution to fraud is pattern detection and the fraud losses are less than the cost of a hardware switch with limited benefits.

User avatar
southerndoc
Posts: 625
Joined: Wed Apr 22, 2009 7:07 pm
Location: Atlanta

Re: chip credit cards

Post by southerndoc » Thu Sep 04, 2014 5:45 am

It'll take a few years to eliminate the magnetic strips. This is just a step in the process. The chip cards are scanned differently.

User avatar
runner9
Posts: 1971
Joined: Tue Aug 02, 2011 8:49 pm
Location: Ohio

Re: chip credit cards

Post by runner9 » Thu Sep 04, 2014 5:52 am

Every time (Home Depot issues) I think oh, I wish my bank would send a Chip card instead of one with a magnetic strip I remember that I have yet to visit a store that has a reader for chip cards:( Hopefully soon...

Bill M
Posts: 437
Joined: Sun Dec 30, 2012 10:10 pm

Re: chip credit cards

Post by Bill M » Thu Sep 04, 2014 7:31 am

Chip cards (also known as EMV cards) contain a secret cryptographic key used in the data exchange with the terminal. The technology is the same as used in cellphone SIM cards. Where a simple magnetic strip card can be duplicated by simply reading and reproducing the magnetic stripe information, duplicating a chip card means getting the secret key out of the card. That is hard.

boffalora
Posts: 188
Joined: Mon Mar 05, 2007 1:31 pm

Re: chip credit cards

Post by boffalora » Thu Sep 04, 2014 7:38 am

In our area Walmart has new card terminals that read the chips instead of the mag strips. My new Amex card has both, so if I swipe the strip in the conventional way at Walmart, the terminal will halt the transaction and direct me to insert the card into the chip reader. Once it's inserted, the reader instructs me to not remove the card until the transaction is complete.

The Wizard
Posts: 11102
Joined: Tue Mar 23, 2010 1:45 pm
Location: Reading, MA

Re: chip credit cards

Post by The Wizard » Thu Sep 04, 2014 8:49 am

runner9 wrote:Every time (Home Depot issues) I think oh, I wish my bank would send a Chip card instead of one with a magnetic strip I remember that I have yet to visit a store that has a reader for chip cards:( Hopefully soon...

I'm just back from a road trip to Atlantic Canada (NB and PEI). With the exception of a few gasoline pump CC terminals, all of the credit card terminals I encountered at restaurants and stores were chip-card functional: insert the chip-card in the slot at the bottom or slide the magstripe card in the groove at the right.
It should be only a matter of years before the US catches up with Canada, I'm guessing...
Attempted new signature...

User avatar
Steelersfan
Posts: 3342
Joined: Thu Jun 19, 2008 8:47 pm

Re: chip credit cards

Post by Steelersfan » Thu Sep 04, 2014 9:46 am

If the maliciousness software is inserted into the POS terminal (as at Target) then it can read the pin as you're entering it. It gets the account number as it gets sent to the central system for processing by the credit card issuer for validation and processing.

Chip and pin is an improvement but doesn't cover all bases.

dpc
Posts: 379
Joined: Sat Aug 27, 2011 1:41 pm

Re: chip credit cards

Post by dpc » Thu Sep 04, 2014 10:42 am

I have yet to visit a store that has a reader for chip cards


Ironically, our local Home Depot has brand new card readers that appear to accept pin and chip cards as well as standard magnetic strip cards.
"Worrying is like paying interest on a debt that you might never owe" -- Will Rogers

Exterous
Posts: 180
Joined: Mon Feb 20, 2012 1:34 pm

Re: chip credit cards

Post by Exterous » Thu Sep 04, 2014 10:49 am

Steelersfan wrote:If the maliciousness software is inserted into the POS terminal (as at Target) then it can read the pin as you're entering it. It gets the account number as it gets sent to the central system for processing by the credit card issuer for validation and processing.

Chip and pin is an improvement but doesn't cover all bases.


There have been a couple of articles out about how the FLIR cases for the iPhone and Android can allow people to find out your PIN

http://www.geek.com/science/flir-one-iphone-camera-makes-stealing-pin-codes-really-easy-1603205/

Mudpuppy
Posts: 5469
Joined: Sat Aug 27, 2011 2:26 am
Location: Sunny California

Re: chip credit cards

Post by Mudpuppy » Thu Sep 04, 2014 11:38 am

runner9 wrote:Every time (Home Depot issues) I think oh, I wish my bank would send a Chip card instead of one with a magnetic strip I remember that I have yet to visit a store that has a reader for chip cards:( Hopefully soon...

Walmart has them and they are enabled. It even forced me to use the chip the last two visits. Target, Lowes, and several other big box stores also has chip-capable readers (you can see the slot at the bottom of the point-of-sale device), but they are not enabled yet.

cubedbee
Posts: 312
Joined: Tue Aug 04, 2009 11:13 am

Re: chip credit cards

Post by cubedbee » Thu Sep 04, 2014 11:49 am

Mudpuppy wrote:
runner9 wrote:Every time (Home Depot issues) I think oh, I wish my bank would send a Chip card instead of one with a magnetic strip I remember that I have yet to visit a store that has a reader for chip cards:( Hopefully soon...

Walmart has them and they are enabled. It even forced me to use the chip the last two visits. Target, Lowes, and several other big box stores also has chip-capable readers (you can see the slot at the bottom of the point-of-sale device), but they are not enabled yet.


They should become much more widespread over the next year. October 1, 2015 is the date of the "liablity shift" for all major US credit card issuers.

It seems now like there is agreement on the switch. So when will the changeover happen?

For Mastercard, now is the time, and we’ve been very consistent on that message for years. We introduced our roadmap for migration in 2012, and that roadmap says that for face-to-face transactions, where a consumer uses their card at a merchant’s location, the liability shift will happen in October, 2015.

The “liability shift” is a big moment in the changeover. Can you explain what it means?

Part of the October 2015 deadline in our roadmap is what’s known as the ‘liability shift.’ Whenever card fraud happens, we need to determine who is liable for the costs. When the liability shift happens, what will change is that if there is an incidence of card fraud, whichever party has the lesser technology will bear the liability.

So if a merchant is still using the old system, they can still run a transaction with a swipe and a signature. But they will be liable for any fraudulent transactions if the customer has a chip card. And the same goes the other way – if the merchant has a new terminal, but the bank hasn’t issued a chip and PIN card to the customer, the bank would be liable.

The key point of a liability shift is not actually to shift liability around the market. It’s to create co-ordination in the market, so you have issuers and merchants investing in the migration at the same time. This way, we’re not shifting fraud around within the system; we’re driving fraud out of the system.


http://blogs.wsj.com/corporate-intellig ... edit-card/

placeholder
Posts: 3954
Joined: Tue Aug 06, 2013 12:43 pm

Re: chip credit cards

Post by placeholder » Thu Sep 04, 2014 11:59 am

boater07 wrote:Visa and MC seem to be issuing new chip cards. I understand the value of the new cards but am curious how my prior info with the issuer is erased.

Chase sent me a replacement card that was chip and signature and it has a completely different card number (and switched from MC to Visa) although all the account stuff history and such stays the same.

placeholder
Posts: 3954
Joined: Tue Aug 06, 2013 12:43 pm

Re: chip credit cards

Post by placeholder » Thu Sep 04, 2014 12:00 pm

6miths wrote:You also have a PIN number linked to the card which needs to be entered into the terminal.

Maybe not because the one I got does not have a PIN.

User avatar
Higman
Posts: 213
Joined: Wed Aug 20, 2008 7:51 pm

Re: chip credit cards

Post by Higman » Thu Sep 04, 2014 12:03 pm

I have a Citi card with chip and mag stripe. All stores that I shop in accept a swipe of the card. All except Sam’s Club (owned by Walmart). Their terminal rejects my card if I swipe it. It forces me to insert the card at the base of the reader. It then takes about 20 seconds to complete the transaction, at which time it say to remove card. The chip technology is a step in the right direction, but it is adding too much time to each purchase.

mech_tower
Posts: 67
Joined: Thu Sep 04, 2014 2:30 pm

Re: chip credit cards

Post by mech_tower » Thu Sep 04, 2014 2:46 pm

The Chip-and-pin is part of the EMV migration that banks and retailers are arguing over. In the USA, the norm is that all card readers will have both the chip and mag-stripe, giving the consumers time to get used to the chip-based transactions. You need a PIN to use the chip, or a signature (chip and signature). The issue is the cost of the new point of sale devices which retailers have to spend on to upgrade to read the new chip-based cards.

WRT security, chip based cards are more secure as each transaction comes with a different code, which cannot be replicated by card skimmers. Mag strip still carries that risk, as they lack the secure chip to generate new codes. Although information on the cards themselves are "safe", the same cannot be said of the transmission lines and networks that carry this information to the processors and acquirers. To address the gap here, companies are implementing new tokenization methods to bolster security of transmitted information.

Hope this helps - please let me know if you need more information as I do this everyday as part of my job :happy

User avatar
ogd
Posts: 4809
Joined: Thu Jun 14, 2012 11:43 pm

Re: chip credit cards

Post by ogd » Thu Sep 04, 2014 3:56 pm

Steelersfan wrote:If the maliciousness software is inserted into the POS terminal (as at Target) then it can read the pin as you're entering it. It gets the account number as it gets sent to the central system for processing by the credit card issuer for validation and processing.

Chip and pin is an improvement but doesn't cover all bases.

Yes, but this infomation can't be used at other chip and pin terminals. Simply put, the chip can't be duplicated except (we hope) by truly sophisticated parties with a laboratory and lots of time.

The information can be used online, but it's protected by that little verification code that machines don't read. Which is not much, but together with fraud detection it should work reasonably well. It can also be used in magstripe terminals while they still exist, so part of the process is getting rid of those.

User avatar
BrandonBogle
Posts: 1907
Joined: Mon Jan 28, 2013 11:19 pm

Re: chip credit cards

Post by BrandonBogle » Thu Sep 04, 2014 4:21 pm

Essentially, a simple way to think of this (it is not how it technically works, but close enough to grasp what's happening) is that the chip provides the equivalent to the three digit code on the back of the card (or four on the front for AmEx). The clincher is that the "code" changes every single time. There is no reasonable method to replicate this data and simply "recording" and "replaying" the answer does NOT work, so a compromised terminal copying the code gains nothing.

Now, this does nothing for online transactions or other "card not present" (CNP) transactions. Thus, if a chip and PIN terminal gets compromised, the card # is available to be run elsewhere as a CNP. Another negative is us humans tend to reuse PINs. So if the compromised terminal stores your PIN, it can be reused in a different attack. This one is actually less of an issue b/c it is relevant in a targetted attack (I want to get you specifically instead of "all cards" at the terminal), or when a chip and PIN debit card is used at the compromised terminal. Since that PIN is only useful if I reused it for like my ATM card or something, the criminal would have to get that card cloned too. To counteract this, some banks do NOT let you use the same PIN for the chip on an EMV card as your "cash withdrawal" PIN, in case you use a debit card with a chip in a compromised terminal.

But anyways, it is simple to think of this as a "one-time use" 3-digit code like the reusable 3-digit code on the back of your card.

User avatar
Steelersfan
Posts: 3342
Joined: Thu Jun 19, 2008 8:47 pm

Re: chip credit cards

Post by Steelersfan » Thu Sep 04, 2014 4:24 pm

ogd wrote:
Steelersfan wrote:If the maliciousness software is inserted into the POS terminal (as at Target) then it can read the pin as you're entering it. It gets the account number as it gets sent to the central system for processing by the credit card issuer for validation and processing.

Chip and pin is an improvement but doesn't cover all bases.

Yes, but this infomation can't be used at other chip and pin terminals. Simply put, the chip can't be duplicated except (we hope) by truly sophisticated parties with a laboratory and lots of time.

The information can be used online, but it's protected by that little verification code that machines don't read. Which is not much, but together with fraud detection it should work reasonably well. It can also be used in magstripe terminals while they still exist, so part of the process is getting rid of those.


Agree with all that.

I do a fair amount of online shopping and I'm surprised how many sites do not require that three digit code when "checking out".

Most do but too many don't.

Post Reply