I read a blog post today from the folks at Square talking about how the more secure smart card enabled bank cards are coming to the US soon. That reminded me of my initial reaction to Square when it was first being hyped: “oh great, another magnetic stripe reader; can’t the US please move to something better.”
I first encountered embedded chips in my bank cards back in the early 1990s, in France – that is over 20 years ago. While my UK cards today still have the magnetic stripe (so they work in the US!), they also have chips and contactless touch pay capabilities.
When companies like Square, and more recently Coin, create technologies that are dependent on magnetic stripe technology I am amazed. It sounds like Square will be in a position to get new readers to their existing business customers. I don’t see how Coin will even survive if the US really can make significant progress in switching to chip & PIN technology next year (although I do have two cards now from US banks with the technology in them).
As mentioned in that Square blog post, card skimming is something that can be done cheaply, and discretely. In the US it is still common for customers to give their cards to waiters in restaurants and have the card disappear somewhere to be swiped. It would be easy for that card to also be swiped through a skimmer and the data either sold or written to a new blank card. It could even happen at a register in a store right in front of your eyes without raising suspicions from most customers it can be done so fast.
There is also a certain irony here that Coin is only possible because card data is easily replicated on another card. If the cards were more secure, and could not be cloned, getting the data into a Coin card would simply not be possible (and it shouldn’t be possible).
Hacked Card Terminals
Another recent attack on credit cards has been via hacks to the terminals in large stores so that the swiped data can be collected and uploaded to an external site. Because the magnetic stripe information is static, this is easy to do. With a smart card enabled card, the data changes each time so recording it does the attacker no good.
Another technology that I hope will find its way into these new terminals is support for touch pay technology. Apple’s recent iPhone 6 Apple Pay, along with Google’s existing NFC based payment technology, should help the push in this direction. If the US is going to upgrade its payment terminals to handle more modern technology, it may as well get both chip and contactless in one hit.