Chip-enabled credit cards, introduced to consumers in the US in 2015, were intended as added security against fraud, but have failed to live up to the promise, according to a new study.
Rampant credit card fraud in the US prompted a rollout of chip-enabled credit cards in 2015, intended to stop, or at least limit the widespread hijacking of America’s plastic money.
In a new report, however, over 60 million credit card theft cases have been recorded in the past 12 months alone, and an astonishing 93 percent of those stolen cards were chip enabled, according to new data gathered by UK research firm Gemini Advisory.
The alarming new report is a major setback for proponents of the chip-enabled credit card technology, which is known in financial and security circles as the ‘EMV’ standard, named after Europay, Mastercard and Visa, the companies that developed the system and pushed for its adoption.
“45.8 million […] records [were] likely compromised through card-sniffing and point-of-sale breaches of businesses such as Saks, Lord & Taylor, Jason’s Deli, Cheddar’s Scratch Kitchen, Forever 21, and Whole Foods.,” noted the report, cited by Fortune magazine.
“To break it down even further, 90 percent, or 41.6 million of those records, were EMV chip-enabled.”
To hear the big three credit card companies promote the technology, it was guaranteed to sharply reduce the chance of fraud by using a proprietary encrypted handshake between the card and merchant terminal. EMV was intended to replace conventional ‘swipe’ magnetic-strip cards that used easily-intercepted data, according to Fortune.com.
The EMV standard, while promised to prevent the capture of card data, cannot, however, make up for retailers’ improperly configured point-of-sale networks, according to the Gemini study, as hackers and other criminals have been able to easily dip into transaction data streams, most notably by clandestinely installing skimmer devices in card terminals to access information.
Stolen credit card data is then aggregated and sold on the dark web in massive bundles, as noted by the Gemini Advisory study, according to Fortune.com.
Using the stolen credit card data is a simple matter of embedding code onto a counterfeit plastic credit card’s magnetic strip. Fake cards containing real consumer data are easily used to make purchases in the US, as the current fallback mechanism for a chip or terminal malfunction is the all-too-common old-fashioned swipe.
While large retailers are only now implementing tighter security procedures for purchases, mid-level and smaller merchants are projected to become popular targets for card scammers.
“We predict that financially motivated [criminals] will be more likely to turn their resources onto small to medium sized businesses with 10-50 locations,” the report noted.
“Since such businesses are less likely to have fully implemented the EMV transition, criminals would be able to rely on current methods for card data exfiltration.”