[splonk]

I used to work in this field. The goal is not to create something unbeatable. The goal is to make something difficult enough that it becomes more cost effective for a fraudster to attack someone else instead. Acquiring thousands of credit card numbers and credentials (and even CVCs) is trivial. Actually converting those to real cash using real hardware is an incredible pain compared to just finding the least well defended e-commerce site out there that will sell you a gift card or bitcoin or whatever.

We used to say that our job wasn't to stop fraud, it was to move the attacks to Paypal instead. I don't have strong product opinions on this either way (personally I find all the card scanning apps to be incredibly annoying, but I think I'm a minority), but I do think it'll be a long time before I'd be worried about self-embossed cards being a meaningful attack vector.