El chip de la tarjeta en la cueva de Alibaba

The card chip in the Alibaba cave

Image: Ministry of the Interior

So far, we know that we should avoid using the magnetic stripe whenever possible. But what if we use the card's chip instead in contactless mode, that is, insert it into the card reader or ATM slot? If the cybercriminal has gotten ahead of us, they'll have installed another, more sophisticated device and will continue to read the transaction data, but not all of it.

Why? The card's EMV (Europay Mastercard Visa) chip is specifically designed for payments between bank cards and POS terminals, and implements a much more robust layer of anti-fraud security than the magnetic stripe thanks to its encryption algorithms. The most notable feature of this chip is that, for each transaction, it creates a single-use security code that identifies the transaction and, in addition, to approve the payment, it performs an internal validation with its own certificate that is not transferred and, therefore, cannot be copied during payment processing.

Using this method, the cybercriminal can steal some card data, such as the PAN, expiration date, and transaction history, but not the cardholder's CVV.

Even if the PIN were captured, collecting this data would only authorize payments at certain merchants that don't strictly validate the cardholder's identity, which is common in regions that are further behind in updating their terminals. Therefore, although this option usually requires entering the PIN to authorize the payment, it's not clear that we are always adequately protected.

CONCLUSION: Again, contactless payment using the card's chip isn't the safest option, but if for whatever reason this is the only option available, then it's important to take the same precautions as you would with magnetic stripe payments.

Back to blog

Leave a comment