Bringing additional security to the payment sector is a tough battle as there are so many hurdles to overcome, especially when it comes to plastic cards. The introduction of EMV chips to plastic cards seemed to be a major step in the right direction, but as it turns out, EMV transactions can be disabled, forcing merchants to swipe the card.
EMV Transactions Can Be Bypassed
The introduction of EMV chips in plastic cards served multiple purposes. First of all, this would remove the need for merchants to swipe plastic cards when conducting payments, as all of the necessary information would be stored on the chip itself. Payment terminals are vulnerable to security exploits and swiping a card should only be done as a last resort.
Secondly, EMV chips offer increased security against the potential skimming of cards. When a card is skimmed, all of the information is being read from the black magnetic stripe on the back of the card. Retrieving this information from an EMV chip should be close to impossible in its current form.
Additionally, EMV chips enable consumers to make contactless payments wherever payment terminals support NFC capability. Keeping in mind how consumers seem to like the idea of contactless payments for smaller amounts, EMV chips address three pressing concerns in the payment industry. On paper, this seemed to be the perfect solution at the most opportune time.
Unfortunately, the story of EMV chips is not all positive news, as a security flaw has been discovered which would make the entire concept of not swiping cards moot. Part of this weakness can be attributed to how long it takes for these new technologies to be recognized by cashiers and retailers, as it is hard to tell which payment method somebody is using.
Next to cash and plastic cards, there are EMV transactions, mobile payments, and soon wearables that can be used as well. Plus, with so many electronics devices that can be used for making payments, it becomes increasingly difficult to distinguish between a legitimate product and something that uses someone elses’ payment information.
Additionally, for cashiers, it is all but impossible to keep up with all of these trends, and swiping cards the old fashioned way is something anyone can do. However, with a lot of sensitive card information embossed on the magnetic stripe itself, it becomes increasingly easy for assailants to misuse a user’s plastic card.
Magspoof – A Real Threat To Plastic Cards
As demonstrated in the Youtube video below this article, there is a project called Magspoof, which can spoof any magnetic stripe or credit card in existence today. Some of its key features include storing different cards and magstripes on one device, as well as working on traditional payment terminals through a wireless connection. The strange thing is how Magspoof does not require NFC or RFID capabilities to execute its transactions.
But the capabilities of Magspoof go well beyond that as this tiny gadget can disable chip-and-pin verification for any card or magstripe stored on the device itself. If someone were to use a Magspoof and obtain somebody’s credit card details, they would – theoretically – be able to make payments without entering a pin code. This is a major security flaw that needs to be addressed by card issuers as soon as possible.
If that wasn’t worrying enough, Magspoof can correctly predict American Express card numbers and expiration dates based on information retrieved from a previous card. If someone’s card were stolen and replaced, an assailant would be able to use this new card without having to retrieve the information from the new magnetic stripe. All of this information is based on an algorithm, which has (allegedly) been cracked.
Unlike most other “hacker gizmos,” anyone in the world can build their own Magspoof by using inexpensive hardware. All it takes is an Arduino developer board, combined with some other smaller parts to put this device together. The software, however, is not publicly available, although the creator of Magspoof has posted part of the code on GitHub.
Bitcoin Addresses These Security Issues and More
Addressing all of these problems MagSpoof points out will be quite the challenge for the card payment industry. Consumers will not be waiting around to see these flaws being fixed, and could very well turn to alternative payment methods. Bitcoin seems to be the only logical choice, as it operates outside of the traditional payment sector altogether.
Unlike plastic cards, Bitcoin puts the end user in full control of their finances at any given time without relying on banks to process payments. Additionally, all of the transactions are protected from harm, as the end user needs to sign off on every Bitcoin payment with their private key. That private key can not be cloned, nor is it stored in a physical form other than on the end user’s device itself. Plus, users can encrypt their private key if they wish to do so, for additional security.
The bottom line is this: consumers deserve to be able to use the most secure payment options available in the world today. Plastic card transactions are far from secure by any means of the definition, whereas Bitcoin seems to have all of its ducks in a row. The time has come for both retailers and consumers to enhance their security and Bitcoin seems to be the obvious choice to do so.
What are your thoughts on Magspoof and its capabilities? Will it impact plastic card and payment terminal security? Let us know in the comments below!
Images courtesy of Shutterstock, Midland NB, Magspoof,