Consumers might have felt a bit safer using their credit card with the introduction of EMV chip technology, but thieves looking to steal your information have managed to find a way to still gain access to PIN numbers, as well as your card’s chip in some cases.
According to TechCrunch, devices called “shimmers” can now read your card number and possibly access your card’s chip and obtain your PIN number. Shimmers are actually not new — the security breach has been around since 2015, but many assumed cards equipped with chips were immune to it.
But because shimmers are so thin and can easily be hidden inside of an ATM or card reader, it does have the potential to capture the data when a card’s chip is activated. While it can’t be used to create a chip-based card, enough data is passed to create dumb magnetic cards.
In fact, a report by Fortune noted that identity fraud went up 16 percent last year, costing consumers $16 billion in losses. The majority of that theft was from credit cards. And while the chips might have made it harder to make fraudulent purchases in-store, thieves are simply turning to online marketplaces to do their damage. Card-not-present fraud, which is when a thief buys something online or by phone, rose 40 percent last year.
Experts say the main reason for theft with chip cards is when banks and vendors don’t correctly implement the chip card standard, known as EMV.
“The only way for this attack to be successful is if a [bank card] issuer neglects to check the CVV when authorizing a transaction,” wrote NCR Corp. in 2016. “All issuers must make these basic checks to prevent this category of fraud. “