NEW YORK (CBSNewYork) — The credit card with the chip in your wallet is supposed to be safer than the old magnetic swipe version.
As CBS2’s Dick Brennan reported, skimming devices are a gold mine for thieves. One swipe and they can access all of the private details stored on the magnetic strip of your credit or debit card.
That’s why the credit card companies introduced the new chip card with promises of greatly improved security.
No matter how smart the chip cards are supposed to be, experts said some even smarter thieves may already be outwitting them.
“I think the key thing to know is no technology is perfect,” consumer advocate, Abraham Scarr said.
Consumer Pat Heidkamp found out the hard way when she uncovered several mysterious transactions on her supposedly more secure chip card.
“There were five that we were suspicious,” she said, “It was for about $2,300.”
Cyber security professor Jeremy Hajek said it’s totally possible that her chip card was hacked.
It only takes small modifications to skimming devices to bypass the chip and enable unauthorized uses of these cards, just like with the magnetic cards.
“As my chip goes through, maybe 15 seconds, I can easily make another transaction with your information,” he explained.
Multiple researchers at a ‘Black Hat’ convention in Las Vegas recently demonstrated just how easy it is.
“Each one of these transactions, it’s passing off the card data, it’s receiving a pin number,” Hajek said.
Chip card holder Donna Pellegrino believes she too became a victim after noticing a $200 withdrawal from an ATM in another city that she never made.
“It scares you,” she said.
As Scarr explained, it’s up to the consumer to be vigilant.
“Once you recognize there’s a problem, report it right away,” he said.
That’s what Heidkamp did. She got $1,000 back from her bank, the rest — unfortunately — was gone.
But, Mastercard spokesperson Beth Kitchener disputes the ‘Black Hat’ chip card demonstration would succeed in the real world.
In a statement, she said, “The simulated attack would not work for an actual transaction at an EMV-enabled store because, if the data on a card’s magnetic stripe is altered, it may fool the terminal as demonstrated, but the transaction itself will fail. The spoofed data will be sent to the issuing bank where it will be rejected because the altered data would not align with other security elements written on the stripe of the chip-issued card.”
In addition, she told CBS 2 an ATM liability shift is currently underway upgrading all ATMs to chip technology and further protecting consumers such as Mrs. Heidkamp and Mrs. Pellegrino.