Estimated reading time: 3 minutes
As a result of the recent Credit Card breaches announced by Target and Nieman Marcus, there appears to be strong push by the credit companies, retailers and banks to institute a counterfeit protection measure in the United where fraud seems to be rampant when compared to Europe and Asia. Most of the world has instituted some sort EMV technology which is symmetric and asymmetric cryptology developed by Europay, MasterCard and VISA. EMV Co is a standards group made up of American Express, Discover, JCB, MasterCard, Visa and Unionpay who’s job is to develop technologies that allow credit cards and POS terminals to operate together worldwide. They have proposed the US adopt the EMV CHIP and PIN standard to defend against fraud and stay compatible with the rest of the world. Visa and Master Card have mandated that their POS customers in the US be EMV CHIP and PIN ready by October 2015 for retailers and two years later in 2017 for fuel dispensers.
The way things now stand in the US, the card issuers (banks) are responsible for credit card fraud while the onus will be on retailers who do not comply with the new mandates. Chip and Pin technology is actually requires a card to contain a chip which actually is contacted by the reader and requiring a pin to activate the contact. The contact chip is contacted with 6 pins from the reader and the chip is considered a micro processor or mini computer. This is commonly called a Contact card or Smart card and in reality is not an RFID nor is it an RF technology since nothing is transmitted through air.
There are a number of RFID cards in the market. They are often identified with a clear, window like spot in the card and often feature radio waves that appear to be emanating from the card. These chips , when visible in the card are much smaller than Contact chips and usually appear gray or silver as compared to the gold contact chips. These cards are often referred to as RFID cards, contactless cards or tap cards. These RFID are still considered to be very secure even though there has been a rash of negative stories about them in the press and on TV. Hence, all of these rather useless, metal jackets for your credit cards and wallets. While it is possible to hack someone’s RFID credit card info, the thief needs to have a rather elaborate reader, antenna, and computer configuration and they have a one in 5 shot of guessing the correct reader technology (Standard) in which to install on the reader. Then the hacker needs to get with 2-4 inches of the card. If they are successful with all of this then there is a good chance they could clone a counterfeit card. However, the hacker would have one shot at using that card and they would have to do it before the hackee used their card again. The RFID chips have a sort of rolling code that regenerates its encryption algorithm each time it is used. There is no way for the thief to clone the next number. The banks and retailers are more than happy to accept the odds of RFID credit card transactions, especially when they face a $10 cost per contact card versus $1.50 for a contactless RFID card. Plus there is an estimated $8 billion dollar infrastructure upgrade. It is the mag stripe credit cards causing vast majority of the cloning headaches.
For the moment it seems that Visa and MasterCard are moving forward with the Chip and PIN solutions mandate for 2015. Even though there is no proof that it would have necessarily protected against the Target and Nieman Marcus breaches. The US market seems to be very enamored with NFC technology. NFC is essentially the ability to make credit card payments via cell phone. Your cell phone has the ability to act as both a reader or tag using NFC tap technology. Asia and Europe and been using NFC in their cell phones for several years so the transition to the US market is just a matter of time. Widely accepted versions of EMV standards already exist for NFC. NFC technology is most likely not going to go away, so it would seem inevitable that our Credit Cards will soon feature dual technology. We already have RFID vendors prototyping a credit card inlay to support both “Chip and PIN” and NFC. I’ve been assured by our POS initiative manager that our POS vendors are already fully supportive of Chip and Pin Technology.