Originally Posted by
garyschmitt
Nonsense. The hybrid cards still have a magstripe, and they are still skimmed (even in chip-only terminals!). In fact, skimming still happens in europe because there are still terminals that mechanically slide the whole card just to get the chip to the reader (which means the magstripe can still move over a maliciously installed magnetic read head).
From there, the illicitly obtained data can be used anywhere in the world, not just Europe. I know a European who was recently questioned at a police station because her chip and pin card was "used in Nigeria".
You are correct, the magstrip can still be skimmed. However, at least here in the UK (& at least my bank), your card will be flagged for fraud if you use it outside the country without notifying the bank first.
Originally Posted by
garyschmitt
(because like you, many erroneously believe the addition of a chip makes the card infallible).
Please don't put words in my mouth. Unless I typed 'infallible' while day-dreaming, I said no such thing nor implied no such thing.
Originally Posted by
garyschmitt
Sure, but now you're talking a different card. After 20 years of EMV chips, Europeans are still today using hybrid cards. Europeans still want to be able to travel the third worlds and remote tropical islands without cash, so the magstripe still has utility for world travelers.
Correct. Only once the US and other big holdouts provide EMV-capable terminals will we be able to make the switch.
This would be a significantly easier task if people in the US did not perpetuate the stigma about EMV, and rather spent time complaining to their banks (who are quite happy with the status quo as it is cheaper than moving to something securer).
Originally Posted by
garyschmitt
You're not only more vulnerable technologically with a hybrid card, you're also less safe legally (because you give up the otherwise legal advantage of the banks difficulty in proving that a fraudulent sig matches the card holders in cases of PIN forgery).
This is incorrect. There are numerous situations where flaws in EMV can and are used to commit fraud, the banks know this, and if your bank thinks otherwise you need to call them out on this, or more likely ask to escalate to a higher level within their fraud department that knows a clue. There is no silver bullet when it comes to credit card fraud, but if we could wave a hand and instantly replace all magstrips with EMV we would have significantly improved security (albeit still some flaws).