Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Magstripes will start going away in 2027 and should be gone by 2029.

I got impression that the chips used to contain the magstripe info, but I hope they removed that when rollout got going.

Already, merchants take on liability for magstripe transactions.



It does look like the EMV contact standard allows for falling back to SDA operation, which involves the card just handing over the static application data, which doesn't ever change and can be cloned fairly easily onto a fake card. I don't know if it's the same data as is encoded in the magnetic stripe, but it's not much better. A hacked card reader might be able to exploit this by pretending to only support SDA. On the other hand, cards can mitigate this by not supporting SDA.


Banks can mitigate most of the effect of this by putting all risk on the merchant if they accept SDA transactions, and then letting the merchant make the choice.

Someone gets their static data skimmed and the card misused? The issuer profits from the chargeback fees...


It was 2006 in the UK when chip and pin came in. Amazing these things are still in the wild.


It was introduced in 2004, and made mandatory in 2006.

France was using chip cards since 1992, although with the previous standard.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: