Paying with credit card has always been widespread and it’s quite understandable. Having just one card you can purchase any goods or services – quickly, easily and with no effort. Nevertheless the reliability of this payment method is questioned by many experts.
Despite the fact that many banks have switched to EMV-chipped credit cards to increase safety, it’s still far from perfect. The possibility of making a duplicate of EMV-chipped card is minimized. Fraudsters need special tools to create a copy of EMV chip.
Owen Wild, security marketing director at NCR, gives a promising statistics: “We have not seen a proven data breach of a chip card in an EMV market since it’s been in place”. Inspiring, isn’t it? The formula chip+PIN provides the highest level of security available so far.”
In light of recent events we are going to tell you about, the last expression sounds quite doubtful.
Several German security experts have unveiled a serious protocol level flaw in payment terminals. The flaw facilitates the task of hackers considerably. They only have to connect to the same wireless network as the POS terminal and as result they can drain the bank accounts connected to any compromised card.
This information puts billions of credit cards all over the world at risk. Karsten Nohl, German code-breaker from Security Research Labs, explains: “Previous attacks exploit software bugs, like you would have on your computer. Ones that can be fixed with a software update. Now, what we’re attacking is the protocol itself. The devices work exactly as intended and are still vulnerable. So this is a risk that cannot easily be fixed with a patch.”
Indeed correcting security flaws at the protocol level is unfortunately much more complicated than releasing software fix. The entire card payment protocol needs to be scrutinized. However the challenge of tricky efforts doesn’t mean that these efforts are not needed. This seems to be high time for the banks to react.
However, they stay indifferent. “The companies responsible for these security vulnerabilities, including the banks – they certainly acknowledged the issue, but they are reluctant to react to it. They’re saying – ‘fraud is not happening yet’, but it’s just a matter of time. So, by not reacting now that it’s known – they’re adding insult to injury”, says Nohl.
Certainly the Bitcoin network hasn’t been worked through so far. The cryptocurrency hasn’t won people’s trust, there are still many of those who consider it to be unreliable. But after hearing such news about flaws in the global system, the Bitcoin network seems to be more secure than the conventional payment protocols.