EUnomad

Both of your points are damaging to the consumer. It was already discussed in detail why EMV is damaging to account holders (as CNP gets the bank off the hook for adequately proving legitimacy of transactions).

Then to say that the money is the card holders property as it sits in the bank puts more risk on the consumer. If I put $500 into the bank, I want the bank to take possession, and simultaneously owe me $500. If the bank is robbed or goes bankrupt, I don't want to be the one at loss -- I expect to be able to go back to the bank and say "where is that $500 you owe me?" And I don't want an answer like "someone else took YOUR money".

It's very foolish for consumers to demand something that will work against them for the sake of technology (simply because it makes use of technological advances). And from a technical standpoint, CNP actually prevents further advancement.

EMVs can only hold one account. Which means those with 20+ bank/credit cards are stuck with 20+ plastic cards, each of which are 20 times the size they need to be.

Magstripe has advanced further. There are magstripe cards that cannot be read at all without first entering a pin on the card itself. There are also magstripe cards that can hold multiple accounts.

I don't want the extra risk of having to prove I was not the one to enter my pin number on a fraudulent transaction, so I will be asking my bank quite the opposite - to please avoid EMV cards, and instead implement dynamic magstripes.

jbcarioca

Taking these points in order:
1) EMV can hold many accounts and already does. In several parts of the world medical records, public records access benefits records are on EMV. EMV is a system of standards, but the storage medium is a computer chip. You are actually stating one of the limitations of most magnetic stripes.

2) No magstripe has security equal to that of an EMV card. There are many pin's used with magstripes but the pins do not have EMV security. There are multiple accounts accessible through magstripe but no magstripe "holds" account information, even the newest, recently patented multiple stripes or the products sold by Dynamic, if you know them.

3) You have made several incorrect statements about risk, moving the burden of proof to the consumer. That is untrue. Consumers retain the same rights they had before there was EMV, just the risk of fraudulent transactions has dropped in EMV.

There have been a few posts about security in a magstripe environment discussing signature verification which is nonexistent in most situations, and largely ineffective when it is done.

There is a wealth of evidence about the real world benefits of EMV and the reduction in risk for all parties including consumers. The only knowledgable opponents of EMV that I know of are either executives who do not want to pay for the upgrades involved or card fraudsters who will have a far harder time committing fraud.

EUnomad

We're talking about EMV in banking standards, not the storage medium nuts and bolts as far as how the standards could be changed to fully utilize the hardware. Given the current banking standard, you cannot have multiple accounts on a bank card, period. You can have multiple GSM accounts on a sim, or another standard for medical data -- this does nothing for a banking consumer. It doesn't do a bit of good to have multiple bank accounts on a health card chip if the ATM doesn't know what to do with it. If you're convinced otherwise, prove it to the rest of us by showing us a bank card with multiple accounts, and a means to make a selection.

Nonsense. Marketing has worked wonders on you and Claudia. Chips have been cloned. Pins can be (and have been) intercepted. Pins have also been circumvented. An attacker doesn't need the pin number at all.. they can simply flip the bit that maintains whether the pin was correctly entered (and yes, it has been done). And there's no signature being checked. Blindly presuming that later technology is more secure is obviously a misperception. In any case, your attempt to measure risk to the consumer is misfocused.

Nonsense. You're not paying attention; Mia has already nailed the point solid, posted proof, and no one countered it. The bank presumes that if the pin entry is accepted, the pin was an identical match to the original pin, as if it were an original signature from the card holder. The court accepts that claim, even if the pin entry was circumvented. It is effectively the consumers burden to prove that they did not enter that pin number.

Ineffective in what sense? From the standpoint of the consumer, if it protects the consumer, it's effective. And indeed, the consumer is protected by the mere need for the bank and merchant to prove that the written sig matches, which is a substantial advantage to the consumer. CNP consumers do not have this advantage, and it is paramount. When the bank knows it cannot prove a signature match, case closed -- the case doesn't generally even go to court, in which case the consumer is obviously off the hook.

Show us. We've only seen blather from you so far, not a single shred of evidence from this "wealth of evidence". First, try to counter the proof that's been posted (e.g. counter Mia's post). Then show us some proof to the contrary, if you want to say anything compelling.

The best protection a consumer can have is legal protection, not technological protection. It would be wholly foolish to rely on technology without the legal tools. It would be like having a choice between a house that has high tech locks, but no insurance, and a fully insured house. Locks or no locks, the insured house is less risk to the consumer, because all the risk is transfered. It would be obscenely naive to rely on a professional thief who wants in to fail in that mission. The technological protection is clearly trumped. Insurance is more secure.

jbcarioca

It is too bad you confuse assertion with fact. Rather than continue arguing the points it would be well for you to actually check on the facts. The EMV standards cover both technology, application of the technology and security of the process. As fro consumer rights, you might actually want to check on those yourself because you assert that "the courts" have established the basis for increased consumer risk, something that has been demonstrated in no jurisdiction I can find. Maybe you have one.

This is a white paper written by VeriFone, a major POS equipment supplier who make money either way. It is easy to understand by people who do not have a technical background:
http://www.it.iitb.ac.in/~satish/phd...hite_paper.pdf

CreditCall, a UK EMV specialist provider has made a convenient glossary of terms that can make a discussion stay on even keel. One need not agree with their preference for EMV to find a glossary handy. The site has a fair amount of other data also:
http://www.emvx.co.uk/glossary.aspx

EMV Co published all the standards for EMV, and has specific data for most of your questions. They are jointly owned by American Express, JCB, MasterCard and Visa:
http://www.emvco.com/specifications.aspx?id=155

As for multiple accounts, you are confusing EMV vs ATM and other channel management issues. Multiple accounts have been stored in EMV since the beginning, but most financial institutions do not offer them. In some places, France for example, it is common for cards to have access to a checking account as a debit card and also at POS as a credit card. These features use EMV functionality but are largely transparent to the consumer, who sees only that the ATM withdrawals are debited immediately and POS oens are debited to a credit card account.

I hope this helps. There are hundreds of other documents, but most of it is highly technical. Generally I do not delve deeply in the technical aspects unless consulting with industry participants. Even there people tend to stick to their speciality, as in Fraud, or POS transaction movement, etc.

Anybody confused about the ostensible loss of consumer protection claimed by some of you needs to do some basic research, because "it just ain't true". Consumers are better protected in EMC than in the old world because of the dramatic reduction in systemic fraud under EMV. Fraud always happens, but the goal is to reduce it as much as possible.

If you want to see good before and after fraud stories consult Italy and Malaysia, two instructive cases. I suspect a quick internet search will suffice for those. I do not have non-proprietary data for either case.

francophiliac

Eunomad, you seem unusually well-versed in banking standards.

Please don't be insulting. I have a bachelor's degree in Electrical Engineering.

Mag stripes are notoriously easy to clone, and just as easy to read -- where your personal and financial information is stored without encryption, for every reader-equipped fraudster to skim and use as they wish. Current mag stripe technology leaves the consumer appallingly vulnerable to fraud and identity theft, and I for one will be happy to leave it behind and move ahead to chip-equipped cards, especially for ease of use while traveling in Europe... which is, I believe, the topic of this thread? And not, as you would have us believe, a debate on the merits of chip cards versus old-technology magnetic stripes?

Speaking of the topic of this thread... I am still moving forward on the application for a French bank account at LCL. To that end, I was copying documents at FedEx yesterday, but first I had to eject someone else's prepaid card from the Xerox machine's reader. It was a FedEx prepaid card... and lo and behold, there was a chip!

FedEx doesn't charge for those cards, they just load up the dollar amount you give them onto the cards and you're set to copy, scan, or log into one of their computers. So apparently the cards are cheap enough that they can afford to give them away "free" as tools for you to spend your money at FedEx.

Hmm... and the world moves forward while the American banking industry chokes on the dust.

-- Claudia

jbcarioca

[Moderator edit]

As a side note, slightly OT, I was once employed by Stanford Research Institute which invented the magstripe before more of us were born. At that time it was a huge advance in security because the previous cards just had names and little else, sometimes not even account numbers. We are no longer using very much 1940's technology, are we?

Vasco

I'm not sure what you're talking about here. My Canadian bank (TD) has issued me with both anEMV debit card and en EMV credit card. On my debit crd, I have access to three (3) accounts: chequing, savings and line of credit; and on my credit card, I have access to two (2) accounts: the credit card and my chequing account. All of them are accessible at POS and ATMs both in Canada and overseas, with the exception of the chequing account on the credit card which cannot be used for POS debit transactions.

francophiliac

I'm going to date myself when I reveal that my first computer had a wide slot for a 6-inch floppy -- is anyone here old enough to remember those? They actually did "flop" a bit, unlike the later plastic-encased 3-1/2 inch floppies.

"Floppies" of both kinds used iron-oxide deposit technology, just like mag stripes on cards. Same thing. You store data in the form of electrical charges, on/off for ones and zeros. I still have some floppies that store 2Mb of data.

2Mb = 2,000,000 bytes

Contrast this with chip technology, which allows you to store 2Gb of data (or more) on a thumb drive.

2Gb = 2,000,000,000 bytes

That's 1,000 times more information held in less space.

Chip card technology has 1,000 times more potential for data storage, data encryption, account access, etc., you-name-it.

Further, chipped cards cannot simply be manufactured by fraudsters in the trunk of their car. Chip-equipped card blanks must be initially manufactured in clean-room environments, as are the chips that are incorporated into the cards. So before they can clone cards, fraudsters will first need to find a source of already-manufactured blank chip cards -- they cannot simply manufacture their own.

-- Claudia

mia

I have removed a few posts and edited a couple others because they contain personal attacks in violation of this Flyertalk rule:

http://www.flyertalk.com/help/rules.php#q87

mia

Yes, we use 5.25" floppy diskettes every day to backup data on a PC which has been in continuous service in our office since 1988 .

EUnomad

Why would you blanket recharacterize the facts Mia and myself have mentioned as all "assertions", as opposed to actually addressing them? If you don't accept what you're calling an assertion, then you need to state which statement you're not accepting -- otherwise it's just a weak, empty general comment that carries no weight. E.g. if you don't accept my claim that CNP can be hacked without intercepting the pin, then I could point you to this article so that you can verify that it is indeed fact, at least, to the extent that you accept the results of the study.

There are trivial facts, and then there are meaningful facts. To post a white paper with a general overview of EMV does not advance your claim that the technology is sufficiently secure. You prove security by publishing the design, having a substantial number of hackers attack it, and collecting the results. Ignoring the known exploits while talking about trivia and theory doesn't sell EMV too well.

In addition to the attacks I've mentioned, EMV is also vulnerable to man in the middle attacks. (see Bruce Schneier's blog on the topic)

The UK is one case. Consumers were falsely being considered negligent with their PINs. So in attempt to correct this, new law was introduced in 2009. I've heard in other cases under laws written for swipe/sign transactions, the bank had to appear in court and prove that the signatures match. The same law applied to CNP meant the bank only had to say that the pins match (the pins are in fact a match that is more identical than a legitimate written signature). There are also cases in Belgium where defrauded consumers were forced to prove to a court that they did not enter the pin on a fraudulent transaction.

If you're looking at this from the standpoint of the US, there is probably no case law considering Amex Blue only issued EMV cards for a very short time. But you can look at the existing legislation (since this guides the court). If you find the statutes on chip and pin, please post a link. AFAIK, the only statutes in place are written with swipe and sign in mind -- which means the bank will have no problem appearing in court and saying the pin was an exact match. Without a change to the law, Americans can expect the same outcome corresponding with cases in Europe, where the law had not been updated.

None of this data shows the results of a well-funded effort to attack the system, which makes it worthless for proving your claims on the security of EMV. In effect you're saying "this widget is secure, and here are some blueprints". This data does not counter the findings of Cambridge researcher Steven Murdoch, which were published in an IEEE security paper last year. Nor does it address the increasing number of instances of CNP fraud, or articles like Chip and Pin is fatally flawed and Chip and PIN system proven to be flawed.

Proves my point. You're trying to use impractical theory to pervert the real case. Compare this to the dynamic magstripe, where the card reader need not know that multiple accounts are stored. You don't need to replace tens of thousands of machines to have multiple accounts on a dynamic magstripe, and actually be able to use them.

If you want to believe that "it just ain't true", then be sure to avoid reading all the forum rants from CNP fraud victims who lost in court because their bank only had to state that the correct pin was entered. Also be sure to ignore the fact that in 2009, the UK had to change the laws in order to compensate for the effective loss in legal protection on CNP transactions. It would also be important to ignore the article on UK banks trying to suppress Ross Anderson's study.

My point exactly. The current system and past system has vulnerabilities, as will the next system. Only a foolish consumer would accept the next system at the cost of their effective legal protection. Vulnerabilities in the older systems are better understood, and most importantly, the current legal system better protects the consumer. Anyone interested in learning about one method of attacking chip and pin might want to read this article which actually points to the open source code, as well as the hardware needed.

Skimming has become so rampant that most Belgian banks have disabled chips on all their current accounts outside of Europe (this took affect ~5 weeks ago).

EUnomad

That's a good point.. I wasn't thinking of that use case, where you have multiple different types of bank accounts. European cards don't appear to make use of that (other than if you use an ATM of the same bank that has access to all your accounts, where you can even topup your GSM account - in which case it's still one account, but associated in the banks database with other accounts). If another bank's ATM is used, the features are quite minimal in Europe, reduced only to the account given by the EMV chip.

Anyway, my comment was more credit card-centric. Suppose you have 10 credit cards. If you store all 10 cards on an EMV chip and go shopping, how would you select which card you're paying with? AFAIK, the PoS equipment would need an update to another standard, as it expects to find one account, or perhaps just one account of each type. Dynamic magstripes could certainly handle this without having to change the PoS equipment.

francophiliac

Let's be clear: there are TWO separate issues being debated here.

The first issue is chip vs. magnetic stripe.

Chip technology, as I explained in post #23, is inherently 1,000 times "better" -- that is, it is beyond reasonable argument both more versatile and secure than magnetic stripe technology.

The level of security of any card-based system is directly proportional to the level of data storage in that system. "Data", remember, is also programming and encryption, which can allow the actual "data" (information) to be scrambled and hidden so completely that no one who isn't YOU can use your card.

Given the vast increase in data storage provided by the chip, there is really no issue here besides "when will US banks start issuing chip-enhanced cards to their customers?"

The second issue is PIN-vs.-signature.

Using PINs to confirm transactions does put more of the onus on the customer to prove that a transaction was fraudulent, so always guard your PIN carefully, and cover the keypad even if no one is nearby (because there may be a micro-camera watching you).

Signature confirmation, if checked by the cashier against your card, is more secure and offers greater protection to the consumer. However, merchants don't prefer this method because the interchange fees are higher for signature confirmation than they are for PIN confirmation.

No matter whether you use PIN or signature confirmation, the chip card is still far more secure for both banks and consumers, not only because of the difficulty fraudsters have in replicating cards, but also because information on chip cards is encrypted.

Yes, some engineering students did demonstrate a flaw in the card programming by using a device that intercepted the data passed from card to ATM, and gave a false "all clear" signal that the proper PIN had been received. Our thanks to these students for finding and demonstrating that security flaw, which I believe has now been fixed with additional programming that requires each card to send a unique PIN confirmation signal.

(I haven't seen evidence that this flaw was exploited by fraudsters before the students demonstrated it.)

However, if we insist any system is 100% secure, we'll be proven wrong 100% of the time.


Yes, especially by fraudsters.

The biggest vulnerability of mag stripe cards is "skimming". I don't need to quote an article on that topic, as the web is littered with them.

Your mag stripe card can be easily read by a skimming device, and they are everywhere. They are virtually undetectable, and if coupled with a microcamera that films you using your PIN, your card can be quickly duplicated and your bank account emptied.

Chip cards can't be skimmed. They can still be stolen, and once stolen there is a possibility that their security can be breached if you haven't reported the theft to your bank -- but that's still true of any card.

Please, people, if we're going to go so far off topic, at least keep the issues separate: chip vs. stripe, OR signature vs. PIN (vs. biometrics?)...

-- Claudia

francophiliac

EUnomad, apparently you don't read French well?

http://www.febelfin.be/export/sites/...09112010fr.pdf

This article you linked (dated November 9, 2010) explains that only cards outside of Europe were deactivated because many of the banks' ATMs outside of Europe still operate on the magnetic stripe. They explain that within Europe, the banks have invested a lot of money to upgrade all of their ATMS to read "puces" -- chips -- so those cards are secure, and will still work just fine.

Thanks for your support! ;-D

-- Claudia

kebosabi

Here's an example of an EMV card that incorporates a wide variety of use into one single card:

ANA VISA Suica credit card (annual fee: 2100 JPY)
http://www.ana.co.jp/amc/reference/anacard/suica/

• VISA card that can be processed three ways: embossed card number for old carbon copy imprinters, mag-stripe on the back, and the Chip & PIN on the front
• It's also a frequent flyer card that allows you to convert your frequent flyer miles to Suica credits
• Said frequent flyer card can be used to print boarding passes at automated kiosks, or
• It's also a contactless Suica which allows you to tap 'n go on pretty much any train in Japan and a wide-variety of stores that accepts contactless Suica as payments
• It's also ETC capable which is tap 'n go payment system for toll roads in Japan