1

In a few cases, the chip in my chip card (or maybe the chip reader) has malfunctioned. After inserting the card and failing 3 times, it said to swipe the card instead. What's preventing me from cloning the magstripe to a card with a broken chip and then bypassing the chip security entirely?

Daffy
  • 261
  • 1
  • 5
  • 4
    Ultimately, nothing? People disable their chips all the time (small drill) – schroeder Dec 30 '17 at 23:53
  • @schroeder I was hoping to be wrong about that. Sigh – Daffy Dec 31 '17 at 00:39
  • 1
    @schroeder Just curious, why do people deliberately disable their chips? – pri Dec 31 '17 at 03:11
  • @PriyankGupta: I had never heard of deliberately breaking a chip, but I know NFC elements were often broken with a drill when the bank did not want (or could not) disable NFC payment, because there is little security on NFC and the NFC *talks too much*. It could broadcast the card holder identity and the last operations. – Serge Ballesta Dec 31 '17 at 09:26
  • @SergeBallesta Well, that makes sense, because NFC isn't trusted, and hence they were disabled. But chips on cards are thought to be more secure than magstripe. Which makes me wonder why would someone kill the chips on the card. – pri Dec 31 '17 at 09:31

2 Answers2

6

As others have said: nothing. The idea is that the magstripe is a fallback that will be phased out completely as chip cards become more widespread.

Change takes time.

Stephen Touset
  • 5,736
  • 1
  • 23
  • 38
6

There's nothing that prevents you from breaking the chip, or even just deliberately misusing it (i.e. putting it in upside down) to make the terminal think it's broken. However, every time a chip card is swiped at an EMV-capable terminal, the POS needs to tell the card networks why it allowed that card to be swiped - otherwise, the merchant will get hit by some pretty hefty fees from Visa and MasterCard.

There are two legitimate reasons for a fallback - either the terminal and card can't agree on a payment brand, or there could be something physically wrong with the chip. If your bank starts receiving lots of indications that your chip isn't working, they may simply just send you a new card. After all, you're clearly more vulnerable to fraud now, and they don't like that.

Bobson
  • 1,456
  • 10
  • 12
  • Ah, so someone doing this would get the bank to alert the original owner faster. That's good at least. – Daffy Jan 03 '18 at 00:57
  • @Daffy - Well, no guarantees, but the bank will be *alerted*, at least. Whether they'd typically decide to follow up on it, I have no clue. In Europe, I'd assume so, but with EMV so new to the US, a bank may not actually act on it. – Bobson Jan 03 '18 at 05:37