Just when one thought that the new Chip on the credit cards would provide us with security - turns out the system will approve a transaction without a PIN!
While traveling, I was at a store in India and paid with my Visa card. They first swiped it, and as it had a chip they were asked to insert the chip side in the machine – initiated the transaction and was waiting for me to enter the PIN.
At this point I got engaged with the shop-keeper in a discussion on other services. The reader was still waiting for me to enter the PIN.
About 3 minutes later, the transaction was approved without my input of the PIN number.
What a serious ****-up. The transaction should have been rejected because of a time-out.
So this is a perfect hack for stolen cards – Didn’t Visa check this use-case?????
Am I the only one that has run into this situation? It can’t be a reader problem – it has to be at the approval center. At least I hope so – upgrading the readers will be an expensive affair!
I would love to know how wide spread this is. So next time you use you chip card and find the use-case works or does not work – please drop me a line at george.kongalath@lmcgeko.com
Tags: backdoor, chip-on-card, Credit Card, insecure, stolen card
