The past few days have seen several reports of a supposedly “critical” new security flaw being discovered in EMV chip cards, and we know many of you are concerned about what this really means for you and your business. We’re eager to demystify the situation and separate fact from fiction. The crucial takeaway is this: reports of a “critical flaw” are greatly overblown, and these reports are simply bringing up old flaws of magstripe technology—the exact issues which EMV chips have in fact fixed.

The Supposed “Flaw”
The claim put forth is that credit card hackers can take a fraudulent or stolen EMV card and rewrite the data on the magnetic stripe to fool a terminal into thinking that this “chip card” is, in fact, an old-fashioned, chip-less card. While terminals normally turn down EMV cards when swiped, in these hypothetical cases the terminal will believe the card should indeed be swiped, bypassing the added-security features of EMV. In doing so, the terminal would unknowingly be allowing fraudulent cards to be used.

The Truth: EMV Cards Are Secure
The truth of the matter is that this method should be caught well before a transaction is completed. The hack would only fool the terminal itself, which is merely the first step when a card is swiped. Moments later, the credit card issuer will be able to determine that the stripe has been altered, and send a decline message to the terminal.

The Many Benefits of Growing EMV Use
This sort of credit card fraud is in fact the reason why EMV is so crucial in the first place. Magstripe’s security shortcomings allow hackers to leverage flaws like this to manipulate cards—in a world where cards are exclusively EMV, such fraud would not be possible.

The Importance of Encryption
These efforts at card manipulation only further underscore the importance of encryption on all platforms. Hackers can only manipulate cards in this way if they are able to access and understand card data. With E2E encryption, card data does not even exist in a decipherable form, providing yet another barrier to credit card theft. A platform that encrypts card data, combined with consistent EMV usage, is a formidable security setup to prevent breaches.

​​Mythbusting: Why the New “EMV Flaw” Is All Hype