Very Important: Chip based card security flaw y...

Very Important: Chip based card security flaw you might not know

112°
Missing
Deal Cadet
73
114
6
Very Important: Chip based card security flaw you might not know

I was always under the impression that chip based card can not be cloned because of chip so no concern when using at any PoS in shops. However today I came to know that it is not so.
https://arstechnica.com/information-technology/...

A chip based cared security only comes into play when the card reader is “insert card” style but there are still the old “swipe style” card reader machines being used(just confirmed it from a friend who paid using the same swipe style machine at a petrol pump a few weeks back). If you use a chip based card in a swipe style card reader machine then your card chip’s security won’t play any role & your chip based card is completely susceptible to card cloning just like older non-chip cards.

So make sure that any PoS where you use your chip based card is insert style & not swipe style.If you cannot avoid swipe style card reader then use some card with not so much balance/card limit.

23 Comments  |  
10 Dimers
Download
Shopping Friend
107
28814
470

Everything has a remedy wink
And every remedy has a disease

Missing
Deal Cadet
73
114
6

Yes,but this is very surprising.RBI should ban the usage of swipe style card reader immediately because what’s the point of using chip based card if it can also be cloned like older cards when using such swipe style card readers. Before knowing this I was using my card at any shop without a worry believing that chip based card cannot be cloned but now I will not use my card at swipe style PoS.

Missing
Deal Cadet
50
168
0
guest_999 wrote:

Yes,but this is very surprising.RBI should ban the usage of swipe style card reader immediately because what’s the point of using chip based card if it can also be cloned like older cards when using such swipe style card readers. Before knowing this I was using my card at any shop without a worry believing that chip based card cannot be cloned but now I will not use my card at swipe style PoS.

Wrong info. Cards issued nowdays come with magnetic strip and are also Chip based. Not all cards are completely chip based but in the process. So even the chip based cards are being issued with the old magnetic strip tech. Sometimes due to whatever reason if chip is not getting detected then they swipe and go forward with the payment. So the issue is that cloning here happens due to the magnetic strip and the chip has no role in this.

Missing
Deal Cadet
138
747
30

The cashier at the supermarket chains always swipe my card first at their billing machine before using the actual POS. How safe is that?

Img 20190728 110145
Deal Subedar
84
2728
32

Can we pay at pos using Virtual Card ? If yes, How?

@abhishek012

Ngbbs4cfc5ca39efee
Deal Cadet
141
908
80

Chip based card can also easily cloned.

Suchna janhit me jari.

Remedy : use a dedicaded card for pos maching with low balance e.g 10k

Dont swipe ur card at local shop, intead use qr based transaction preferebly upi

Never use atm which is not in brach building, otheriwse some skimming can be possible

Rupay logo2
Deal Lieutenant
1,332
6109
85
guest_999 wrote:

Yes,but this is very surprising.RBI should ban the usage of swipe style card reader immediately because what’s the point of using chip based card if it can also be cloned like older cards when using such swipe style card readers. Before knowing this I was using my card at any shop without a worry believing that chip based card cannot be cloned but now I will not use my card at swipe style PoS.

old news, everyone know dnt swipe your card, always dipping & Pay.

RBI cant ban swipe style card reader because only few countries currently issue EMV chip cards. All small countries in Asia, African countries etc still issue magnetic stripe cards.

you need magnetic stripe cards for POS transaction in some foreign countries & also need swipe style card readers in India for foreigners who visit in India and they dnt have EMV chip card.

also Indian ATMs still use magnetic stripe, only few banks use EMV chip on ATMs.

https://cdn0.desidime.com/attachments/photos/596991/medium/62974358VY8vhw.jpg?1575192720

@schumacher

@watever

@androgame

@titamazon

Rupay logo2
Deal Lieutenant
1,332
6109
85
_One_Miller_ wrote:

Can we pay at pos using Virtual Card ? If yes, How?

@abhishek012

Tokenized virtual cards worked on NFC POS machine.

like SamsungPay & upcoming GooglePay Tokenized payment.

Img 20190728 110145
Deal Subedar
84
2728
32
Expand
abhishek012 wrote:

Tokenized virtual cards worked on NFC POS machine.

like SamsungPay & upcoming GooglePay Tokenized payment.

BharatQR do not work?

Rupay logo2
Deal Lieutenant
1,332
6109
85
Expand
_One_Miller_ wrote:

BharatQR do not work?

worked, if you enabled Bharat QR payment system on your POS machine.

Missing
Deal Cadet
73
114
6
Expand
abhishek012 wrote:

old news, everyone know dnt swipe your card, always dipping & Pay.

RBI cant ban swipe style card reader because only few countries currently issue EMV chip cards. All small countries in Asia, African countries etc still issue magnetic stripe cards.

you need magnetic stripe cards for POS transaction in some foreign countries & also need swipe style card readers in India for foreigners who visit in India and they dnt have EMV chip card.

also Indian ATMs still use magnetic stripe, only few banks use EMV chip on ATMs.

https://cdn0.desidime.com/attachments/photos/596991/medium/62974358VY8vhw.jpg?1575192720

@schumacher

@watever

@androgame

@titamazon

Well this was new news for me & all of my friends.

At least RBI/bank should give customers the options to choose chip based card without magnetic stripe who are not going to use that card at any swipe style card reader in India/abroad.

I thought RBI banned non-chip based cards from atm cash withdrawal earlier this year.

Missing
Deal Cadet
73
114
6
schumacher wrote:

The cashier at the supermarket chains always swipe my card first at their billing machine before using the actual POS. How safe is that?

?? swiping/dipping card reader is the PoS.If you are saying that he swipes your card 2 times or he first swipes the card at one reader & then use a different reader then it is definitely a card cloning scam.

Missing
Deal Cadet
72
310
4

You can disable swiping for citi cards. Call CC.

Missing
Deal Cadet
70
341
4
Expand
guest_999 wrote:

?? swiping/dipping card reader is the PoS.If you are saying that he swipes your card 2 times or he first swipes the card at one reader & then use a different reader then it is definitely a card cloning scam.

What happens here is the cashier at the counter swipes the card in his computer to register the payment type is card. And in most cases, the billed amount will be directly connected to POS machine after inserting the same card in POS machine. The person in the counter doesn’t enter the amount, it is read from the billed computer.

PS: The above information is based on what I understood from the on-going activities, not meant to be the actual implementation.

Img 20190728 110145
Deal Subedar
84
2728
32
Expand
abhishek012 wrote:

worked, if you enabled Bharat QR payment system on your POS machine.

BharatQR code is generated on pos display?
Tumblr nfaqajuvfr1tgz4rco1 500
Deal Captain
0
8164
91

Many major banks are supporting instant locking/unlocking of credit cards on their mobile app. Use it to lock your cards and unlock them only when you are using them.

For ICICI bank they give an option to individually lock/unlock for ATM, online and international transactions.
For citibank they give an option to individually lock/unlock domestic/ and international transactions.

Ever since I read news about 100 million Indian credit card details being sold on DarkWeb (darknet) I started keeping all my credit cards locked using mobile apps of respective banks. I unlock the cards instant when I have to use the card and immediately lock it back again.

Missing
Deal Cadet
73
114
6
Expand
andromeda wrote:

What happens here is the cashier at the counter swipes the card in his computer to register the payment type is card. And in most cases, the billed amount will be directly connected to POS machine after inserting the same card in POS machine. The person in the counter doesn’t enter the amount, it is read from the billed computer.

PS: The above information is based on what I understood from the on-going activities, not meant to be the actual implementation.

Never seen such system in any nearby shops & supermarkets.Can you give an example of some supermarket chain using such a system?

Missing
Deal Cadet
73
114
6
raghupro wrote:

Many major banks are supporting instant locking/unlocking of credit cards on their mobile app. Use it to lock your cards and unlock them only when you are using them.

For ICICI bank they give an option to individually lock/unlock for ATM, online and international transactions.
For citibank they give an option to individually lock/unlock domestic/ and international transactions.

Ever since I read news about 100 million Indian credit card details being sold on DarkWeb (darknet) I started keeping all my credit cards locked using mobile apps of respective banks. I unlock the cards instant when I have to use the card and immediately lock it back again.

Good practice but similar option is also available for many banks’ debit cards & the recent/latest news was about 1.3 million Indian cards(both debit & credit) details available on dark web.

Missing
Deal Cadet
70
341
4
Expand
guest_999 wrote:

Never seen such system in any nearby shops & supermarkets.Can you give an example of some supermarket chain using such a system?

I remember Reliance Fresh

Missing
Deal Cadet
73
114
6
Expand
andromeda wrote:

I remember Reliance Fresh

You mentioned “cashier at the counter swipes card in his computer” so where exactly he swipes the card.I mean some device connected to computer or computer itself has some kind of integrated slot.

Missing
Deal Cadet
70
341
4
Expand
guest_999 wrote:

You mentioned “cashier at the counter swipes card in his computer” so where exactly he swipes the card.I mean some device connected to computer or computer itself has some kind of integrated slot.

If you had observed those systems carefully, the CPU, monitor etc are not really independent items. They are all integrated and the card swiping slot is also integrated in the same device. Modern equipment I’ve seen has the POS terminal enabled on the same computer, but may be the old one’s still have the swiping slot but connect to external POS terminal for the final payment.

This is only my inference.

Missing
Deal Cadet
73
114
6
Expand
andromeda wrote:

If you had observed those systems carefully, the CPU, monitor etc are not really independent items. They are all integrated and the card swiping slot is also integrated in the same device. Modern equipment I’ve seen has the POS terminal enabled on the same computer, but may be the old one’s still have the swiping slot but connect to external POS terminal for the final payment.

This is only my inference.

So what happens if the card is paywave/contactless. In my place,cashier just place the card above the pos to make payment & same pos is also dip style pos terminal.

Missing