Re: Order the bouillabaisse...Wow! I didn't know about the banking response to early chip+pin card functionality. I can't believe the banks believed the technology was too perfect to be compromised.
Re: Order the bouillabaisse...@Dan: You and I haven't said it was perfect. Some have, though (more or less).
And that has created much of the problem. So many victims of ID theft via their compromised EMV cards in its earlier days in Europe were told by the credit-card companies and banks that they were on the hook for the money stolen from them because the security of chip-and-pin was so perfect that there's no way they could have been breached. The academic paper I linked to discusses at length the enhanced problems these false notions of supreme superiority of EMV have created.
(Not to mention the technical problems that are unique to EMV vs. swipe-the-stripe.)
Re: Order the bouillabaisse...@Dan: Well, come on, now. Let's not act like chip-and-pin is perfect when it comes to security (or, for that matter, necessarily a substantial improvement).
Re: Pure click-bait scare tacticsKrebs's work on how to find skimmers by pulling on the slots, among other methods, is actually what I thought of when reading this piece. From there, I realized that a gas pump was the place I would be least likely to check because neurotic me sees them as dirty and wants to touch them as little as possible.
I wouldn't go so far as to call the piece or its (perhaps partly tongue-in-cheek) conclusion to be "fearmongering." The security, privacy, and civil-liberties problems of credit and debit cards have been on the radar for years -- and well before skimmers were being widely talked about. Cash has its distinct advantages -- and even Krebs has offered similar warnings when it comes to using cards vs. cash at certain establishments (particularly chain restaurants and hotels). Moreover, the IEEE research is worth discussing, IMHO.
I respect Krebs's work, but he doesn't hold a monopoly on skimming journalism.
Pure click-bait scare tacticsBrian Krebs has been writing about skimmers for seven years now. See https://krebsonsecurity.com/all-about-skimmers/ for all the articles. They will tell you far more (and far more useful) information on the subject.
Skimmers are nothing new. They have been found at payment devices everywhere, not just gas pumps and ATMs, but they are also not nearly as widespread as you would have us believe.
Your article's conclusion of "use cash or be pwned" is just fearmongering. That's something I'd expect to find on click-bait advertising banner, not from a respectable journal like Light Reading.
And that has created much of the problem. So many victims of ID theft via their compromised EMV cards in its earlier days in Europe were told by the credit-card companies and banks that they were on the hook for the money stolen from them because the security of chip-and-pin was so perfect that there's no way they could have been breached. The academic paper I linked to discusses at length the enhanced problems these false notions of supreme superiority of EMV have created.
(Not to mention the technical problems that are unique to EMV vs. swipe-the-stripe.)
Exhibit A: (link)
Exhibit B: (link)
Exhibit C: (link)
I wouldn't go so far as to call the piece or its (perhaps partly tongue-in-cheek) conclusion to be "fearmongering." The security, privacy, and civil-liberties problems of credit and debit cards have been on the radar for years -- and well before skimmers were being widely talked about. Cash has its distinct advantages -- and even Krebs has offered similar warnings when it comes to using cards vs. cash at certain establishments (particularly chain restaurants and hotels). Moreover, the IEEE research is worth discussing, IMHO.
I respect Krebs's work, but he doesn't hold a monopoly on skimming journalism.
Skimmers are nothing new. They have been found at payment devices everywhere, not just gas pumps and ATMs, but they are also not nearly as widespread as you would have us believe.
Your article's conclusion of "use cash or be pwned" is just fearmongering. That's something I'd expect to find on click-bait advertising banner, not from a respectable journal like Light Reading.