How Secure Are Chip-Based Cards?
Written by Prashant Verma, AVP – Threat Management at Paladion
Chip-based cards having Wifi icon work on RFID or NFC technologies (but not on WiFi). It operates in the nearby local field. This is like our MiFi based access card, which is flashed against a reading device to record our attendance or grant us door access. The user of such a card walks near to the payment terminal (RFID or NFC reader) and flashes the card and a debit happens.
How can this be hacked?
A rouge reading device needs to carried by the hacker to sniff or record the authentication data from the card (CVV number, expiry date, and so on). If you anIme are doing a handshake, your wallet in your pocket has a NFC card and my pocket has a battery operated reader, your card emits and my reader sniffs. I can clone your card or use card auth data I recorded to transact fraudulently.
What can the user do to prevent this from happening?
NFC protected wallets, that contain the emanation within the wallet (plenty of them available in e-commerce websites. Home remedy or hacks like wrap your NFC card in aluminium foil does work sometimes.
What can card issuers and payment processors do?
They can secure the card data by adopting adequate protection of authentication and encryption data. Remember PCI DSS standards and apply them in the context of NFC and RFID. NFC technology specific secure configurations need to be applied.
