- Transaction technology company NCR announced at a security conference that it has uncovered a way for the magnetic stripe code on an EMV chip card to be rewritten to bypass the security capabilities of the chip and enable incidents of counterfeit fraud to occur.
- The U.S Payments Forum questioned the significance of the finding, saying that that backend systems would catch and reject the fraudelent transaction, even if the payments terminal in the store was fooled.
- CNN Money reports that the security flaw can lead to fraudulent transactions mainly because many retailers don't use encryption capabilities in their payment terminals.
A new controversy is pretty much the last thing supporters of the EMV chip transition need right now, though this complaint actually connects back to the long-standing general complaint by retailers—that they are being forced to spend a lot of money on security measures that aren't completely secure.
It should be noted that EMV chip cards and terminals do make it much harder than it was before for thieves to compromise transactions and steal important data. Yet, by not requiring PIN-based authorization rather than signature authorization of purchases, the payment companies themselves have compromised their own efforts to soothe retailer and consumer concerns.
Still, NCR's finding shows that the card companies and retailers arguing about card security and transaction authorization methods may be missing an important point. These physical items and manual process eventually can and will be compromised one way or another. It's better to focus on the aspect that most needs to be protected—the transaction itself. And encrypting transaction data may be the best way to do that.
EMV cards and terminals may have left a door open for thieves, and this may not be the last open door that gets discovered. They also have left the door open for alternative payment methods that do employ advanced encryption methods. Thieves may benefit from this discovery, but Apple Pay may benefit, too.