MADISON, Wis.—Visa said that reports of a new chip card threat—stealing the chip card data and then copying it over to mag stripe—can be thwarted by issuers.
As CUToday.info reported, computer security researchers at NCR say they have found another way criminals can exploit chip cards.
EMV cards currently have a magnetic stripe that is used as a default payment option where chip cards are not accepted. When a chip card is inserted into an EMV-ready POS terminal, the mag stripe tells the machine to use the chip.
But NCR researchers say crooks can easily change that command. Presenting their findings at the Black Hat computer security conference last week, the security researchers demonstrated how credit card thieves can rewrite the magnetic stripe code (from the chip card onto a counterfeit mag-stripe card) to make it appear like a chip-less card again.
“This allows them to keep counterfeiting – just like they did before the nationwide switch to chip cards,” CNNMoney reported.
But Visa said that in doing so the crooks still can be foiled by the issuer.
“As long as you validate the CVV, the transaction will fail,” said Visa’s Andy Sun during CUNA Mutual Groups payments webinar Wednesday. “You can copy over all the mag stripe data you want, but if the issuer is validating the CVV information, the transaction will not pass. So issuer due-diligence is needed here.”