Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Chip Cards Are Being Compromised In the Millions (threatpost.com)

Posted by BeauHD on from the that's-a-lot-of-zeros dept.

According to a study from Gemini Advisory, some 60 million U.S. cards were compromised in the past 12 months. "Of those, 93 percent were EMV chip-enabled," reports Threatpost. "Also, crucially, 75 percent, or 45.8 million, were records stolen from in-person transactions." From the report: These were likely compromised through card-skimming malware and point-of-sale (POS) breaches at establishments like retailers, hotels and restaurants, the likes of which continue to make headlines. Further results show that the U.S. leads the rest of the world in the total amount of compromised EMV payment cards by a massive 37.3 million records. In the past 12 months, about 15.9 million compromised non-U.S. payment cards were posted for sale on the underground, split between 11.3 million card-not-present (online transaction) records and 4.6 million card-present records, of which 4.3 million were EMV enabled. This means that the theft level of EMV-enabled card data in the U.S. is 868 percent higher than the rest of the world combined.

The reason for this state of affairs, according to Gemini, is the lack of U.S. merchant compliance -- too many of them still use the mag-stripe function at PoS terminals. Gemini also said that card-present data "is also collected via a more manual method by skimmer groups, who are utilizing custom made hardware known as 'shimmers' to record and exfiltrate data from ATMs and POS systems. The firm also found that while most large U.S. merchants have fully transitioned to EMV, gas pump terminals and small/medium size businesses are emerging as the main targets for cybercriminals going forward.

2 of 106 comments (clear)

  1. What by Anonymous Coward · · Score: 5, Interesting

    too many of them still use the mag-stripe function

    If this is mostly happening via the old magnetic strip than what does the chip even have to do with this story?

    1. Re:What by ShanghaiBill · · Score: 5, Interesting

      Just reiterating the fact that the chips were a half-measure

      Not even half, maybe a quarter measure. The chips can not only be bypassed, but because America doesn't use chip-and-PIN, the chip can be used directly by anyone stealing your card.

      It is like putting a titanium deadbolt on your front door, and having an aluminum screen door on the back of the house, and also putting the deadbolt cylinder in backwards so the thumbturn is on the outside.

      The rest of the world did this right. Only America screwed it up so badly, and mostly because the people with the ability to fix it (that banks) have no incentive to do so. They just push the losses off onto the customer or the merchant.