GRAND RAPIDS, Mich. (WOOD) — As long as there has been money, there has been the race between those trying to steal it and those trying to keep it secure.
A group of cyber security experts revealed that the newest method of protecting credit cards, the EMV security chip, is not as impenetrable as many hoped.
“The security is only as good as its weakest link,” said Paul Isely, associate dean at GVSU Seidman College of Business.
The so-called “glaring hole” in new chip technology was revealed at a Las Vegas security conference. The problem is in the failure of some of the information on the cards to be encrypted as retailers upgrade their systems. This means that criminals are able to continue to counterfeit credit cards still connected to real accounts — the main thing that chip-enabled cards were supposed to eliminate.
The discovery of a hole in the system is theoretical. It has not been reported even in the most notorious cases of credit card fraud. But it does show that even this system is not without its flaws.
“So this is something that can be fixed. I don’t know what the costs will be and some retailers might not be susceptible to it if their equipment is already up to that standard,” Isely said.
Retailers have complained about the cost of upgrading to chip-card readers — an estimated $30 billion nationwide — and the slow-down at registers. Transactions now take about 13 seconds as opposed to the six seconds they used to take, according to industry experts.
“There’s new software coming out, there’s new hardware coming out which will speed the process up and change that equation for those retailers in the near future,” Isely said.
Despite the revelation of the flaw in the chip system, the technology is still an improvement.
“It’s still more secure than the old system,” Isely said.
Visa says credit card fraud is down by 35 percent at stores with the chip readers enabled.
“The trick is to make it hard enough and costly enough that it doesn’t happen very often and we’re getting close with this new technology,” Isely said.
Stores that didn’t upgrade to the new system are now liable for any fraud, while those who did upgrade can assume the banks will be liable.