Magstripe Credit/Debit Cards & Magstripe-only POS: A Security Nightmare
The United States is just one of a few remaining countries in the world that are persistently using magnetic stripe-based cards, used for payments with POS and other retail stores. The move to a chip & pin system is slowly being implemented by US-based banks, but it is not happening as fast as other countries in Europe and other highly industrialized nations.
Chip&Pin cards, also well known as the Europay, Mastercard and Visa card has been the norm for many retail outlets outside the United States, as it is a more secure system with each transaction entry encrypted and unique. It is a huge departure to magnetic stripe cards that have been in popular use since the last two decades, as a magstripe contains static, hence unchanging information presented to the POS every time it is swiped. This is the very reason why copying magstripe cards are very easy, run-of-the-mill card skimming devices are available for sale on eBay and online stores for quite a while.
Magstripe card’s dependence on an unchanging information is its huge setback. The information contained in that thin stripe of magnetic material is very easy to delete with a weak magnetic field, while very trivial to copy. When a magstripe card gets stolen or lost, it can be used by the 3rd party to complete a purchase transaction as there is no PIN that protects it from unauthorized debits.
The other side of the coin is the persistence of US-based retailers of using their old POS systems that only accept magstripe cards. Many brick and mortar stores have not yet made a transition of accepting EMV cards for purchase transactions, hence maintaining the insecure status quo. In the past 52 weeks alone an estimated 60 million card numbers were lost in the US, a huge portion of it was magstripe cards, hence the thief can easily use those cards for their personal purchases.
The huge advantage of EMV cards is the shifting of the responsibility when a fraud happens to the issuing banks instead of the retailer. However, due to the expense, the old POS terminals are continually being used at the expense of not able to support payments through EMV cards.
This does not mean that EMV card is the silver bullet that will end fraudulent transactions, the weakness of the terminals are also blamed for the poor security. “In fact, over a 12-month period from November 2017 to October 2018, Gemini found 6 in 10 card numbers for sale globally were acquired from in-person chip card transactions, and of those, 91 percent were American chip cards. In total, almost 46 million chip card numbers were found on the dark web. If virtually all U.S. cards are now chip-enabled, why are card-present transactions still so vulnerable? The answer lies not in the cards themselves, but the other half of the transaction equation: the terminals where these cards are used,” explained by Sabrina Karl of Credicards.com.
It is unfortunate for American card holders to be subjected to transaction fraud, but it requires actual change of behavior and outlook with the use of newer technology to mitigate security issues. “One thing is obvious: the U.S. market is the No. 1 target for credit card thieves, accounting for 79 percent of the stolen numbers. That’s 60 million American card numbers out of the 75.9 million that were for sale globally during the 12-month period. And though thieves’ shift to card-not-present transactions is underway, the chip card transition – and the protections it can provide – is still a work in progress,” concluded Karl.
Julia Sowells960 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.