If the security risks faced by credit card users weren’t already enough, now the security information that is stored in a magnetic strip behind the card can be hacked and be used for malicious purposes. Hacking the data on the magnetic strip so far has been unsuccessful but RFID security guru Adam Laurie has come up with a test program named CHaP.py, specifically designed to read the chip and PIN credit cards that comply with the EMV standard.
Here’s what Wikipedia has to say about the EMV Standard :
The EMV is a standard for interoperation of IC cards (“Chip cards”) and IC capable POS terminals and ATM’s, for authenticating credit and debit card payments. The name EMV comes from the initial letters of Europay, MasterCard and VISA, the three companies which originally cooperated to develop the standard. It defines the interaction at the physical, electrical, data and application levels between IC cards and IC card processing devices for financial transactions
The first demo of this program is in its early stages. Currently it only works with PC/SC card readers at the moment, but it also includes support for the physical chip and RFID interfaces. Keeping all this geek talk aside, what all this means is that both Mastercard and Amex cards can be hacked using this program..
All the information available on the credit card’s magnetic strip can be stripped away (the owner’s name, the primary credit card account number included) and afterwards be used by a crafty hacker to create a clone of the original credit card. Imagine the great financial risk this could pose!
Adam intends to integrate CHaP.py into the RFIDIOt open source library for exploring RFID devices. The good news for us, is that this hack was discovered by the good guy and not the bad guy. So for the moment, all things are ok. But if the bad guys get hold onto this, then none of our bank accounts would be safe, and something really bad could happen.