Skip to main content

New Chip Cards May Not Be As Secure As Expected

By August 29, 2016May 25th, 2021Blog, Cybersecurity

NewXChipXCardsXMayXNotXBeXAsXSecureXAsXExpectedRemember not long ago, when the big credit card issuers went on at some length touting their latest advances in smart chip technology? The new tech was supposed to vastly improve the security of credit cards, rendering them virtually immune to hacking. Well, it turns out that might have been a bit of an overstatement.

At a recent Black Hat security conference in Las Vegas, a pair of presentations were made, giving the attendees a taste of what’s to come. Both presentations revealed flaws in the security as currently designed. While these flaws present a significant challenge for even a skilled hacker, the fact that they were found and revealed at all is disturbing, and no doubt, it means that toolkits will be developed and made accessible to less talented hackers, which will broaden the scope of the threat.

In the first presentation, a technique was demonstrated whereby the card reader was fooled into thinking that the credit card in question had no smart chip, thus circumventing the added security protocols entirely.

The second, and more ambitious of the two demonstrations, involved stealing the temporary, dynamic number generated by a smart chip. There’s only a very brief window of time to pull this off, but the attempt was successfully made and demonstrated on stage.

These two hacking methods are added to the technique demonstrated by a security researcher last year, in which he reverse-engineered the algorithm to determine the number of a replacement card on American Express cards. Simply get enough information to report the card stolen, have the company issue a replacement, and a hacker can use the new card number to make purchases.

We’ve seen all this before.

In the 1990s, Sony spent billions in an attempt to create DVDs that could not be copied, only to see their significant investment undone in about a week’s time, and with something as simple as a permanent marker, no less. Suffice it to say that there has yet to be a security measure devised that some hacker, somewhere has not been able to figure a way around.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.