Thursday, November 8, 2012
ec card scams in Germany
Even the new debit cards are vulnerable to scams
With debit cards fraudsters had often been an easy game. A new chip will make "skimming attacks" on debit cards payments impossible. Experts doubt and see gaps in the system. Danny Dewitz
Data theft: EC terminals have serious security flaws
Payments: Electronic purse for self tinkering comes
NFC technology: privacy advocates warn of wireless payment "Girogo"
Data theft: Experts discover vulnerability in EC-payment
Fraudsters had with debit cards sooner easy game: As the main map data were stored unprotected on the magnetic strip, they were intercepted by a small manipulation of ATMs. This method was known as "skimming" ("skimming").
Remedy promised the EMC system. EMC is the abbreviation for the three companies that developed the standard: Europay Intenational, MasterCard and Visa. But recent studies by a research team at the University of Cambridge now awaken doubts about the safety of the procedure.
The copy-proof chip
Actually, the new standard to make the EC payments finally safe. This includes all the necessary payment data is stored encrypted on a chip in the card. The input of the card PIN opens the secure area of the chip, which contains the sensitive transaction data.
Only if this area is enabled, access to the data is possible. "Unlike a magnetic stripe, the chip can not be copied, what a scam is nearly impossible," says Ralf Palm, spokesman of Postbank. He draws a positive conclusion: "Since the introduction of EMV 2009 at Postbank there was no single case of skimming at the ATM."
Which banks are you like?
Other banks such as Comdirect Bank AG, the Targobank that Volksbanken Raiffeisen Banking Group and the savings banks have already joined the new system. Postbank is Germany's pioneer in the distribution of EMV cards. Already in mid-2011, the conversion to the process was completed.
The EMV cards Postbank are easy to identify: Because the bank is cooperating with Visa, is the logo of Visa-branded "V Pay" prominently displayed on the front. EMV cards from other banks, however, are not so easy to identify. If your card is already provided with the chip, you can clarify the doubts so safely only with a request to your bank.
Attacks are still possible
Karsten Nohl, a specialist in cryptography, is engaged for years with the issue of security in card payment systems. It is not surprising that the duplicates scam is declining: "With the EMC system, the banks have actually found a solution to the problem skimming the card itself is secure, but attacks are still possible..."
Since the map is only one component of a very complex payment system. Gaping security holes in other places, the better protection by EMC brings little.
Card terminals are vulnerable
Nohl said the whole point of the Cambridge examination: "payment terminals in shops are not sufficiently protected against attacks by malicious software." In this, the EC card terminals a key role in the cashless payment system.
To generate a numeric code that serves as the Bank Certificate. If this number with a criminal malware intercepts and transfers to another device, it can authorize a withdrawal.
According to Nohl this vulnerability would be closed unless the terminal, but the bank would create the code. Thus put the vulnerability terminal that you have to imagine in the current system as a kind of messenger with a blank check in luggage - the courier may well be trustworthy, but gangsters could attack him and let go with the blank check.
Computer screen, the two largest operators for EC card payments confronted with the vulnerability. Easy Cash and TeleCash take care of the routing of transactions between terminal and bank debit cards. The questions, however, remained unsuccessful. Easy Cash promised indeed, to answer the questions, an opinion was going to press, however, not before. TeleCash did not respond.
Insist on compensation
The findings from Cambridge show clear in any case that fraud is still possible with the new cards. Victims of scammers should stubbornly insist on compensation and can not get rid of.
And even then not if the bank for suspicious transactions to customers accused that he had taken care not good enough care of his card and PIN.