Good you mentioned that. There is confusion here. There is a difference between the RFID and chip cards. It is the RFID cars that have the potential to give up some information, but the chip cards do not. They are adding security to the transaction.
Actually, my face book page has been showing me ads for business cards printed online and shipped. Since I looked online a couple days ago. Not sure how FB found out.
- . Christopher A. Young learn more about Jesus .
The letter I got said some thing about the chip making a single use identifiable code for each transaction. Doesn't sound like the text you quoted.
- . Christopher A. Young learn more about Jesus .
I'd be more okay with a card that had contacts. Much like pushing in a flash drive into USB port?
- . Christopher A. Young learn more about Jesus .
| > Do you happen to have any links to info | > about this? I don't understand the technical | > details of how it works, and without knowing | > that it's hard to assess the risks, or lack of | > them. | > | > | Google "credit card safety tip".
I've done some searching and found some info, but I haven't come across a full, authoritative explanation of the whole thing. Mr. Conan Doyle claims to know all about it, so I figured perhaps he can share his source. If you find the full story by Googling I'd be glad to follow your links. What I'm wondering about is the full story on how the chips actually work.
RFID comes is several different flavors. There's a lot of incorrect information floating around. this is one of the more reputable sources about the technology:
When you run across passive vs. active, understand that passive RFID does not require a battery and is the type of RFID used in some credit cards.
| > I've done some searching and found some info, | >but I haven't come across a full, authoritative | >explanation of the whole thing | | RFID comes is several different flavors. There's a lot of incorrect information | floating around. this is one of the more reputable sources about the technology: | |
I think I understand RFID. A very small chip holds a single, large ID number, which can be read from varying distances depending on the reader and the chip. That's the kind of thing I was thinking of in the scenario of CVS reading the contents of your car. In particular, I was highlighting that any limits in read distance shouldn't be assumed to be permanent limitations.
What I don't understand is EMV, particularly how it's being used in credit cards. You seem to know all about how that works and how it's being implemented, while all I've been able to find is general tips about "getting ready for chip cards".
What little I've found seems to imply there's some kind of token number passed, not exposing any pertinent information, but I don't understand how that can work securely. And you said the chip contains the credit card number and name, which would imply a chip is not secure in any way. In fact, it would seem to me to be less secure. If the chip holds a unique ID sent to MC/Visa to be matched up with your account, and US merchants don't require a PIN number, then it would seem fairly easy to just tape a programmed chip to any old card and pass it over checkout readers.
I also don't understand why/how EMV is different from RFID. Is EMV just the name used for RFID chips being used in cards?
I think someone said that EMV uses metal connectors like a flash drive into USB socket. Anyone can confirm this? I'd be a lot more comfortable with a pin and socket setup.
- . Christopher A. Young learn more about Jesus .
From the Visa website: "For contact chip cards, your customers must insert the chip card into the payment terminal reader instead of swiping the card as they do with a magnetic stripe card. Also, your customers must leave the chip card in the payment terminal reader until the total transaction amount is known. " Thus it has to be inserted AND kept in the reader for the entire interaction. Appears to be no radio signals.
| I think someone said that EMV uses metal connectors | like a flash drive into USB socket. Anyone can confirm | this? I'd be a lot more comfortable with a pin and | socket setup. |
?? Maybe you should drink some of your morning coffee beofre posting? :)
More or less correct. Depending on how the RFID chip is programmed, it could be a single serial number or several smaller numbers/characters.
There's basic physics involved. Since a passive RFID chip has no battery, it get's it's power from the radio waves of the signal it receives. That means it's never going to be able to send out a stronger signal.
EMV stands for for Europay, Mastercard, Visa, the consortium that developed the technology. The chip is nothing more than a small cpu, secure memory and I/O all in one.
Communication between the reader and the card is initially clear text, but transitions very quickly into an encrypted exchange. The details of how and why that exchange is secure is too complicated for a Usenet post. Neither the card nor the terminal will proceed with a transaction unless they are convinced the other is legit.
You seem to be assuming that the EMV card works just like an RFID card, except that there is a physical connection for the EMV card and the RFID card works by radio. There is nothing in common between the two. RFID cards return a small number of bits, with no encryption. EMV cards are micro computers with memory.
There's more involved than just sending a unique ID number. And as I posted previously, the mag stripe on EMV cards contains a code that indicates it is an EMV card. After October, most EMV readers will reject swipes from cards coded as EMV capable. Cloning an EMV chip is also not possible for anyone other than the manufacturers of the EMV cards. There's a reason EMV cards cost 10X what a mag stripe card costs and a reason why banks are willing to incur that cost.
No. See above.
That's correct. There is a small retangular gold contact plate on an EMV card. When inserted into a reader, those contacts provide power and data to the card, similar to how a USB stick works.
They are different and the EMV card is more secure. It required contact, not just a "nearby" situation.
The problem with RFID cards is that, unless the card is inside a protective covering, they can be read from a few inches away by someone who has a portable RFID reader. Metal foil is said to be the best protective coating to prevent data theft. Some wallets are now sold with protective pockets for RFID credit cards, although the degree of protection provided is not uniform.
And in conclusion. . .
Thank you for a good explanation. The one thing to take away from this discussion is the RFID chip may not be so good, but the EMV ship is OK and far less prone to fraud.
Reading how it works and that eventually the swipe will be a thing of the past, it is foolish to destroy the chip in any manner. While I understand some initial fear, the fact is, it is a dumb thing to do to make the card less secure. A little research bears it out.
I also not tht in the future, liability for loss will be to the card issueer or the merchant, depending on who has the least security. It would be good for them to put the liability on those dumb enough to reduce the security of their cards intentionally.
Coffee? What's that? I've heard that name, but being Mormon, can't say as I recognize it.
- . Christopher A. Young learn more about Jesus .
| That's correct. There is a small retangular gold | contact plate on an EMV card.
If that's the case then I haven't seen an EMV card. The new card I got recently has no such rectangle, but it has a chip ands is labeled PayPass. So I guess that's a simple RFID with the card number on it? When I read it via an Android app I think it came up with a number of
2 character combinations, like a MAC address or hexidecimal byte notation.I'd still be curious to learn about EMV functionality, if you come across a suitable link. I'd like to understand exactly how that transaction works.
| > ?? Maybe you should drink some of your morning coffee | > beofre posting? :) | > | > | Coffee? What's that? I've heard that name, but | being Mormon, can't say as I recognize it. |
Sorry. I misunderstood your post. You knew more about it than I did. This is the first I've heard of EMV contacts. All I've seen or read about up until now is embedded chips that are read at a distance. I'd thought that was what this whole conversation was about and didn't know there was a type that had to be inserted into a reader. I received a new PayPass MasterCard just last month and that, too, has only an embedded chip. (Which now has a tiny hole through it. :)
Thank you. That helps to clarify things. It also seems to indicate that EMV is coming to the US no time soon. My brand new Mastercard is PayPass, with RFID. My 3 other cards have no chip at all. Before this discussion started I had just assumed EMV was a marketing term for RFID in credit cards.
I'm still confused on one point, though. From your first link:
"RFID proponents say that if the cards use security codes that automatically change after every use, information stolen from a card could only be used for one fraudulent transaction."
I don't see how an RFID chip holding a unique number could use changing "security codes". That kind of language is where it all gets murky. Is the author mixing up RFID with EMV? If there are changing security codes, what does that
*really* mean? It's not convincing for them to say it's secure if they don't detail how, exactly, it's secured.
I'd agree about EMV chips with the USB like connecton. RFID chips, well, major problems in my opinion.
- . Christopher A. Young learn more about Jesus .
All I know about EMV chips is what I've read on this list. So, now we're even.
Any RFID cards that arrive here will get the same treatment. Holy chip!
- . Christopher A. Young learn more about Jesus .
HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.