[kbolino]

Which is why modern card technologies like chip cards and tap-to-pay don't expose the sensitive numbers at all. The card reader can't steal a number that doesn't exist. Only magnetic stripe cards are so insecure, but the card reader exploited here doesn't even have a magnetic stripe reader.

That having been said, this isn't perfect security. While a chip/tap card is in contact with the reader, it can still be used for fraudulent purposes. And physical access can open the door to other exploits, like trying to break the card's own security or installing a camera to capture images of the card.

[Tijdreiziger]

> […] the card reader exploited here doesn't even have a magnetic stripe reader.

It does, it’s on the right side of the terminal.

https://worldline.com/content/dam/worldline/local/sl-si/docu...

[kbolino]

Good catch, I didn't see it (nor the usual symbol that accompanies it) when I looked at the pictures in the article.

Ideally, the use of these stripes should be completely eliminated, as they can't possibly be secured.

[ianburrell]

Magstripes will start going away in 2027 and should be gone by 2029.

I got impression that the chips used to contain the magstripe info, but I hope they removed that when rollout got going.

Already, merchants take on liability for magstripe transactions.

[kbolino]

It does look like the EMV contact standard allows for falling back to SDA operation, which involves the card just handing over the static application data, which doesn't ever change and can be cloned fairly easily onto a fake card. I don't know if it's the same data as is encoded in the magnetic stripe, but it's not much better. A hacked card reader might be able to exploit this by pretending to only support SDA. On the other hand, cards can mitigate this by not supporting SDA.

[tgsovlerkhgsel]

Banks can mitigate most of the effect of this by putting all risk on the merchant if they accept SDA transactions, and then letting the merchant make the choice.

Someone gets their static data skimmed and the card misused? The issuer profits from the chargeback fees...

[_joel]

It was 2006 in the UK when chip and pin came in. Amazing these things are still in the wild.

[Symbiote]

It was introduced in 2004, and made mandatory in 2006.

France was using chip cards since 1992, although with the previous standard.

[ChocolateGod]

I've seen stores still have a magnetic readers on their machines, but it's used for vouchers, loyalty cards etc or to scan card numbers to issue refunds. But not for payments.

[Tijdreiziger]

I've never seen vouchers or loyalty cards handled on payment terminals here in the Netherlands, they always just have a regular bar code that the cashier scans (or that you scan yourself, at a self-checkout).

Refunds work with chip insertion or contactless.

[zahlman]

> Which is why modern card technologies like chip cards and tap-to-pay don't expose the sensitive numbers at all.

How can they verify the transaction details without those numbers?

[ElectricalUnion]

Your bank holds the public key of the "a certain credit card".

Your thing in the shape of a credit card is a HSM that holds the private key of the "a certain credit card".

A public key (your bank) can verify if a given digital signature generated by a private key (yor card) is valid or not.

The "CC Terminal" is a device that given the inputs (timestamp+value_of_transaction+password), asks the "CC HSM" to generate the signature of said values. "CC HSM" is smart and will ON PURPOSE refuse to generate valid signatures if you're being funny and inputing wrong passwords. Bank can further check if the signature makes sense or not.

Merchant doesn't need to know the public key, the private key, or your password.

[runeks]

> The "CC Terminal" is a device that given the inputs (timestamp+value_of_transaction+password), asks the "CC HSM" to generate the signature of said values.

Which makes a hacked terminal problematic since it can display $1.00 as the amount and actually request the CC HSM to sign a $500 transaction.

[ElectricalUnion]

In a more safe world, the CC HSM would have it's own display and pin entry, to avoid this exact issue. You really can't validate if the terminal is honest.

Because as you rightly pointed out, who said the evil merchant or MitM thief are either MitM'ing the display system, or even have total control of the display system?

[kbolino]

Importantly, though, the credit card system is based around more than just the cryptography involved. By removing the ability to obtain portable payment credentials, the scammer is forced to perform the transaction right then and there. This allows the network to pinpoint the source of the compromise.

A scummy merchant can be banned, a hacked terminal can be removed and examined, etc. And, unlike say a blockchain, a fraudulent transaction can be reversed.