undefined | Better HN

0 pointsparfitt12y ago0 comments

>It's harder to "steal" a chip card since the information is not sitting on an easy-to-read mag-stripe.

Well, yes. But really it's mostly the POS device sending data to the chip which then performs operations and returns a result code or a data block to the POS device.

When you enter a PIN in the POS device it is sent to the chip and it verifies that the PIN is correct. A yes/no result code is returned to the POS device.

In a POS transaction your PIN is not sent to your card issuing bank for it to verify like it is for ATM.

Instead the POS device sends about a dozen data elements about the transaction to the card which runs them through an algorithm and encrypts (maybe not encrypts but that's the best term I can think of right now) it with a key it and the issuing bank knows. The resulting hash is returned to the POS device and is sent to the bank for authorisation. The bank then performs the same algorithm and verfies the hash is valid.

I am not sure if you could literally copy a chip, but it is doing more than just storing data like you have with a mag stripe only card.

"Chip&PIN" would have zero effect for an online transaction as neither the chip or the PIN are in play.

0 comments

Bentis2k12y ago

Since the chip verifies the PIN, is it protected against brute force cracking? I know some cards become "blocked" if a wrong PIN is presented three consecutive times. Is this a chip feature, and if so can the chips be "reset" by the bank?

j / k navigate · click thread line to collapse