Credit Card Magnetic Strips Hacked!

Test program warns about hacking possibility

By on February 21st, 2008 14:57 GMT
Every credit card has personally identifiable information inserted into the magnetic strip on the back, but hacking it so far proved a task too difficult for most malevolent figures to even attempt. RFID security guru Adam Laurie has come up with a test program named CHaP.py, specifically designed to read the chip and PIN credit cards that comply with the EMV standard.

The EMV is a standard for interoperation of IC cards ("Chip cards") and IC capable POS terminals and ATM's, for authenticating credit and debit card payments. The name EMV comes from the initial letters of Europay, MasterCard and VISA, the three companies which originally cooperated to develop the standard. It defines the interaction at the physical, electrical, data and application levels between IC cards and IC card processing devices for financial transactions, according to Wikipedia.

The Black Hat DC briefings saw the first demo of the program in action in its early stages. It only works with PC / SC readers at the moment, but it includes support of the physical chip and RFID interfaces. Crazy talk apart, it means that AmEx Expresspay and MasterCard PayPass can also be hacked.

According to eWeek, Laurie also said that all of the information available on the credit card's magnetic strip can be stripped away (the owner's name, the primary credit card account number included) and afterwards be used by a crafty hacker to create a clone of the original credit card.

Adam intends to integrate CHaP.py into the RFIDIOt open source library for exploring RFID devices. Lucky that the discovery and the program were made by somebody on the good side of the law, because, if it were to happen the other way and a malicious attacker were to have come up with it, none of our bank accounts would be safe, should something bad happen.

Comments