How secure are chip-based cards?
Source: Vistar Communications for Paladion , Author: Prashant Verma
Posted: Thu August 30, 2018 5:35 pm

UAE. Chip based cards having Wifi icon work on RFID or NFC technologies (but not on WiFi). It operates in nearby local field. This is like our MiFi based access card, which is flashed against a reading device to record our attendance or grant us door access.

The user of such a card walks near to the payment terminal (RFID or NFC reader) and flashes the card and a debit happens.
 
How this can be hacked?
A rouge reading device need to carried by hacker to sniff or record the authentication data from card (CVV number, expiry date etc). If you and me are doing a handshake, your wallet in your pocket has a NFC card and my pocket has a battery operated reader, your card emits and my reader sniffs. I can clone your card or use card auth data I recorded to transact fraudulently.
 
What can user do?
NFC protected wallets, that contain the emanation within the wallet (plenty of them available in ecommerce websites. Home remedy or hacks like wrap your nfc card in aluminium foil do work sometimes.
 
What can card issuers and payment processors do?
Secure the card data by adapting adequate protection of authentication and encryption data. Remember PCI DSS standards and apply them in the context of NFC and RFID.

NFC technology specific secure configurations need to be applied.

Photo Caption: Prashant Verma, AVP – Threat Management at Paladion

 

MIDDLE EAST BUSINESS COMMENT & ANALYSIS

date:Posted: September 21, 2018
UAE. Analysts to explore AI developments and influence on businesses at the Gartner Symposium/ITxpo 2019, March 4-6 in Dubai, United Arab Emirates.
date:Posted: September 20, 2018
UAE. Research from Aruba and Ponemon Institute shows security teams view Machine Learning and network visibility for users and IoT devices essential for battling stealthy threats inside IT infrastructures.
date:Posted: September 19, 2018
UAE. Few are confident in spotting security risks and vulnerabilities in DevOps operated public cloud environments.
dhgate