To Swipe or Not to Swipe
So I was out with my mom shopping at a big box discount store. My mother is very scared of credit card theft, someone gaining her pin, access to her accounts, etc. Which I think isn’t unreasonable during this day and age.
Now I know they put in chip readers and chips in your credit and debit cards which was rolled out this last year or so. This is supposed to help again fraud. And I am sure that it has alleviated some. However, has did really worked to the level of expectation? Well mom definitely doesn’t think so, she continues to get cash out to pay for things like gas. And really, I don’t blame her. I think her card was compromised a few times. I know mine has been too.
The Good News
Here’s the deal with the new chip, it's great for one reason, it contains what’s called a cryptographic encryption. It authenticates the card as a legitimate bank card and with that issues a one-time code (key) with each transaction. I know what did I just say, right? OK. They key is a type of control for this encryption that is send out and verifies the legitimacy of the card as a real card...not made in someone’s garage. AND this process is why it is meant to help card users avoid fraud or theft.
Image Retrieved from: http://www.politicalcartoons.com/cartoon/e1e56a2c-5198-495b-9d97-c2d7b31e80a6.html
The Bad
Here’s the problem. Do you remember when there were tons of bad people doing bad things? Oh-wait, they still are. Surprise! Workarounds cometh. So now there are types of hardware that these bad guys can place on machines with card readers. Remember they did this with card swipes? Yeah, same idea.
In fact the lady that was checking us out, mentioned they have a team that only monitors store equipment for this type of hardware. She said they the card read should be tight against where the user inserts the card. If it’s loose don’t use it. This is interesting to me, as I would think that outside at a gas station, OK, you could sneak up on a machine and place a device, but inside a store with people around and cameras watching? You betcha! Kinda gutsy huh? She said that they found a device, as someone was trying to come back and collect it from the machine they placed on.
Now this could be what she heard, I can’t verify the legitimacy of this but really, I am not surprised either way. I thought it was only a matter of time anyways for criminals to find their work around. Looks like it was quicker than expected. Actually Wired.com talks about it before the switch over even completed. Plus look how many retailers are still not using the chip. Oh and another article from CNN.
So I am not trying to scare you or raise your blood pressure. I promise. My goal on this one is to inform and share. And some food for thought. When you are going to get gas, I would pay cash or use the card as a credit card, not a debit. It’s easier for the bank is way too. Also, check the hardware if something is loose or doesn’t look right don’t do it. AND go with your gut instincts on this. If it doesn’t feel right, it probably isn’t. Always guard your pin, just like you would with your passwords.
I don’t think we are gonna see any of this go away or get better, so all we can do is adjust.
Until next time, stay safe out there!
Week 9 Blog - CYBR 650
No comments:
Post a Comment