In some European countries we have chip-pin and magnetic stripe on the same card (because not all European countries have already implemented the chip system. So we need both systems if we travel between countries)

Some months ago, I saw a person who failed twice putting his pin in the POS of the supermarket. In order to avoid the inactivation of the card (and obviously to pay the shopping) the “check out operator” finally used the magnetic stripe of the card and the customer signed the ticket.

The last system I´ve read about is the contactless cards. But, with this cards, IF you pay anything less than €20 (about $24) you only have to put the card close to the POS terminal ¡¡¡But you don´t need to put your pin!!!. Personally, I think this system is a backwards step.

Regards

The beautiful thing about Magneprint is it actually takes those weaknesses you list about the old technology and turn it into a strength using mathematical/geometric stoichiometry. It would be impossible to replay a swipe or copy a card with this technology.

Thanks for that post!

Part of the most effective solution is strong asymmetric encryption performed on the card that only the issuing bank can decrypt (public key crypto.) EMV is kind of close, but because it tried to be all things to all people, the protocol ended up with some flaws. But until the consumer’s cards start coming with their own built in PIN pads and displays, there will always be the risk of fraudulent card readers and skimmers.

That means that continuous monitoring and acting on triggers and alarms is the key to keep these frauds away. It is not some thing banks can fix it once, they need to have a highly active and capable security monitoring team and should not ignore vulnerability or exploit reports that comes out from ethical hackers.

A sure-fire way I use for lab testing of mag stripe card readers is to scratch off the mag stripe in an area big enough to cause a read fault. I normally scratch off only one track at a time in order to test that readers and software properly handle just the unscratched track, but for your purposes you want to render all the tracks unreadable.

Here’s how to do it: hold the card so you are facing the mag stripe, with the mag stripe nearest the top edge. Scratch off about 1/4″ (7mm) of the stripe, starting from about 1/8″ (3mm) from the right hand edge of the card to about 3/8″ (10mm) from the right hand edge. Scratch all the way through the magnetic media down to the base plastic of the card (you will see a color change), and clear the entire area from the top of the stripe to the bottom of the stripe.

No skimmer in the world will recover your account number from that. If you also want to ensure they can’t even recover partial data, scratch off a wider area. Removing a full inch (25mm) will prevent even a partial success.

More helpful would be information (statistics) on what ATM’s are mostly likely to be compromised, and general security best practices consumers can take to avoid the machines.

Again, showing photos of skimmers is interesting to a very small subset of readers, and useless info to the rest.

Now you will have the same deal as Europe with mag strips and EVM chips for many years while there is a slow integration of card readers that can read both. The current plan is by 2015 if a merchant has not upgraded to an EVM capable reader that if there is a fraudulent transaction that originated from their terminal the will have to refund the transaction. So your are probably looking at some time in the next decade before there are no more mag strip cards. By that time EVM will most likely have the same problems as current debit cards.