0

Is it possible for a skimmer to copy the magnetic strip of a smart card (smart card contains microchip and magnetic strip) and clone the card only using the magnetic strip and use that at an ATM to withdraw money?

schroeder
  • 123,438
  • 55
  • 284
  • 319
wayne
  • 11
  • 2

2 Answers2

1

It is possible, and it's also possible to change the service code value on the clone card to trick terminals into believing this card never had a chip to begin with (otherwise EMV capable terminals would ask for the chip), however I would expect the banks (who know whether the card truly has a chip or not) to reject magstripe transactions submitted by an EMV-capable terminal.

As pointed out in the comments, tampering with the service code may get detected and declined by the banks but I wouldn't count on it. The best solution would be to either be careful or have a card that rejects non-EMV transactions - I am currently trying out Monzo and they reject such transactions by default, with an option to temporarily allow them on a case-by-case basis, so you may consider trying their card out.

André Borie
  • 12,706
  • 3
  • 39
  • 76
  • On EMV terminals magstripe is available as a fallback option so is not generally rejected. If someone has placed a skimmer, they could also tamper the card insert slot to make it difficult to enter a card for a successful chip read and cause revert to swipe. – AndyMac Nov 28 '16 at 20:13
  • 1
    @andréborie, tampering with the Service Code will result in a difference in the track data; most* banks will catch the difference during authorization and reject the transaction. (*Most but not all.) – John Deters Nov 28 '16 at 20:21
0

Yes, it's possible, but it depends on which ATM the attacker uses to withdraw the money. If the ATM does not have a chip reader, the ATM will simply read the mag stripe and be fooled by the clone.

Your bank is likely obligated to protect your account, so if this happens to you and you notify them of the theft, they should return your money. The bank would then go after the ATM operator to recover their costs, because the ATM was the weakest link for not using a chip reader.

John Deters
  • 33,650
  • 3
  • 57
  • 110