It's a lot more complicated to make a device or even modify one, capable of reading and passing along the credentials from a smart chip than it is to simply make something to dump the small amount of data from a bar code.
I don't know anything about how these particular chip cards are actually implemented. But the usual method (eg. GSM SIMs), is that the card NEVER divulges its "credentials" to anything even in normal use.
The whole idea with a "smart card", as opposed to a read-only barcode/stripe, is that the chip on the card holds a
shared secret that is known only to it (the chip) and also to a computer back at
headquarters (eg. VISA). The chip uses the shared secret to encrypt/sign data passed to it from the reader, and passes back the results for transmission to the remote
headquarters. This happens with the full assumption that anything transmitted can and will be intercepted.
Done right, it's pretty secure, and no hacked reader can do anything bad with it.
Did they do it right in this case?
Previous Topic
Index
