Page 8 - GS170902
P. 8
ReadersSpeak
Potential impact of detached chips
arc Castrechini, Vice President Product
Management at Cayan LLC, sent the fol-
lowing response to our Aug. 11, 2017 news
M story titled "Detached smart card chips
trigger privacy concerns" and posted under Breaking
Industry News at www.greensheet.com/breakingnews.
php?flag=breaking_news&id=1884:
"As a payment acceptance solution provider, we don't
work with issuing banks or chip manufacturers. We are
on the merchant side of the business, not the consumer
side. That being said, there is one thing to note: If
someone can physically compromise the chip on a card,
the cryptographic capabilities still prevent that card
from being duplicated multiple times. So *if* someone
can create a second card using the physical chip, that is
basically like using a stolen card.
Recall that the primary issue with stolen magnetic
stripe data is that it can be replicated to a limitless
number of reproduced cards So, if physical compromise
of a single chip is possible, the fraud is still limited to a
single instance of the card."
In addition, Dale S. Laszig, Senior Staff Writer at The
Green Sheet, received a number of comments when she
posted this article on LinkedIn. Among them were:
"If they would have adopted chip-and-PIN instead of
chip-and-sign in the U.S., the transfer of the chip to
another card wouldn't work in the use case described."
– Alexandre Marinkovic, payment product and solution
management professional
"In my 15-plus years experience with chip cards, I
never heard of chips falling off just so. This … must be
addressed and fixed by card manufacturer. Mag-stripe
transaction with hybrid cards should be presented as
'fallback,' i.e., quite risky. It shouldn't go unnoticed.
Sooner or later, chip can be removed or replaced. It
may require some skill, but not that much if you don't
need contactless interface working. This type of fraud
is not such a threat in Europe where PIN is widely
used." – Martin Kurdel, EMV Specialist, Regional Card
Processing Centre, S.R.O
Feedback welcome
What are your thoughts on chip card security and other
topics we've covered lately? Would you like us to delve
into a particular issue in more depth? Let us know at
greensheet@greensheet.com.
8
