There’s a way to completely undo the security offered by a chip-enabled card.
By rewriting the card’s magnetic stripe code, payment terminals could be tricked into identifying it as a chip-less card.
That’s according to tech company NCR, which pointed out the flaw in a presentation on Wednesday, CNN Money reported. The hack is only possible because many retailers are not encrypting their transactions, leaving the information in plain sight for a hacker in the retailer’s system.
Last year, credit card companies made merchants responsible for any false charges on a customer’s credit card if they used the magnetic strip rather than a chip in a bid to bulk up on credit card security. Since then, merchants have slowly working toward completely accepting the chip cards, though the roll out has been bumpy.
Some merchants have complained about the cost of the new payment terminals needed to process chip-enabled credit cards, while consumers have railed about the time it takes to use the card. Critics have also noted that the chip-enabled card does nothing to guard against fraud online.
But bypassing the card’s chip, as NCR describes, might not be that simple.
According to U.S. Payments Forum director, Randy Vanderhoof, tricking a terminal into thinking its a chip-less card might be simple, but the back end of the system would recognize that data had been altered and reject the transaction.
And if hackers do begin rewriting the magnetic stripes code, fixing the problem may be as simple as urging retailers to turn on the encryption for their payment terminals.