Is Your Chip Card Secure? Much Depends on Where You Bank

upstart writes in with an IRC submission:

Is Your Chip Card Secure? Much Depends on Where You Bank:

Traditional payment cards encode cardholder account data in plain text on a magnetic stripe, which can be read and recorded by skimming devices or malicious software surreptitiously installed in payment terminals. That data can then be encoded onto anything else with a magnetic stripe and used to place fraudulent transactions.

Newer, chip-based cards employ a technology known as EMV that encrypts the account data stored in the chip.

[...] Virtually all chip-based cards still have much of the same data that's stored in the chip encoded on a magnetic stripe on the back of the card.

[...] But there are important differences between the cardholder data stored on EMV chips versus magnetic stripes. One of those is a component in the chip known as an integrated circuit card verification value or iCVV" for short - also known as a dynamic CVV."

The iCVV differs from the card verification value (CVV) stored on the physical magnetic stripe, and protects against the copying of magnetic-stripe data from the chip and the use of that data to create counterfeit magnetic stripe cards.

[...] However, for EMV's security protections to work, the back-end systems deployed by card-issuing financial institutions are supposed to check that when a chip card is dipped into a chip reader, only the iCVV is presented; and conversely, that only the CVV is presented when the card is swiped. If somehow these do not align for a given transaction type, the financial institution is supposed to decline the transaction.

Read more of this story at SoylentNews.