So I’m sitting here in San Diego, which we all know is German for… never mind. As I pay for my lunch, I present my chip card and there is some kind of error. I know I entered my PIN correctly, but it immediately came back as failed. The bartender taught me a neat trick that I am sure we all need to be aware of as people capture magstripes and write them to new cards.
“Oh, no problem on bypassing that. Just turn the card around and insert it, it will fail, and you can swipe!”
The Verifone VX-675 terminal this place used detected that a card was inserted without a valid chip read, and immediately told me to swipe. Problem solved, no signature, I’M OUT YO!
This is not a new vulnerability or a new bypass. It’s always been present, but we must understand the low-tech methods that fraudsters will use to bypass the tens of billions of dollars spent to roll Chip cards out globally.
Stay Classy, San Diego!
This is a Security Bloggers Network syndicated blog post authored by Branden Williams. Read the original post at: Branden R. Williams, Business Security Specialist