At Infosys Cards and Payments, we help our clients harness the power of technology-led innovation across the entire payments ecosystem encompassing payment networks, merchant services, stored value, FI payment services, and payment aggregators. Our thought leadership and a design thinking approach helps us co-create solutions with our clients to address their business problems.

« Internet of Things (IOT) - Beginning of an Connected World | Main | Thiel's Zero to One - reflections on potential payments game-changers »

Chip and Pin cards are safe, are they?

 

Card payments are, now-a-days, very common mode of payment. Cards have changed their forms from magnetic stripe cards to chip and pin cards, in many countries. Major driver for this transformation of cards was transaction safety. There were many occasions where magnetic stripe cards failed to ensure authentication of cardholder, during transaction authorization process. These frauds were result of either leaked information or stolen identities of magnetic stripe cards. To control these issues, EMV came up with chip and pin cards. This innovation has given card issuers ability to execute processing logic at the card reader itself, thereby reducing online verification traffic and providing better authentication of cardholder at point of sale. It transmits encrypted information that is hardly of any reuse for purpose of making fraudulent transaction, even if it is intercepted. Issuers are mostly under impression that once they implement chip and pin cards, they are safe. However did it serve purpose of eliminating frauds? Probably not. Frauds are still reported by cardholders on their chip and pin cards. At several incidences banks have even declined claims of frauds on chip and pin cards, leaving card holders in a fix.

Success of transaction security in this case, lies in how encryption algorithm is implemented at card readers. The weaker and predictable the algorithm implemented at card reader to generate session key for transaction, the more vulnerable is the card. Unfortunately, neither issuer nor card holder is at fault, if encryption algorithm gives predictable session keys. But consequences of such weak encryption, leaves cardholder at mercy of his/her luck. It potentially makes entire investment in modern card processing infrastructure look like unworthy. Hence it is very important to have strong and unpredictable encryption algorithm for card reader to actually, justify the huge investment that went in.

Comments

Nice to see this info. However I would have ideally liked to read about the entire processing cycle basics. Would be glad if you guys come up with it.
Thanks!

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Please key in the two words you see in the box to validate your identity as an authentic user and reduce spam.