0
24

[–] crediblehulk 0 points 24 points (+24|-0) ago 

The magnetic bar on your plastic card stores a Big Number that identifies your card. When you swipe your card at the store, that number get sent to the Bank (or the credit/debit processing company in between) that makes the transaction happen. The same number gets sent every time. If a Bad Guy manages to eavesdrop (or do their own swipe one time), all they need to do is copy that Big Number onto their own card, and they can use it as if it is your card.

When you use the chip, the transaction is a bit more complicated. You plug your chip into the reader. The Bank sends your chip a Challenge through the reader. The Chip is actually a Fancy Encryption Math Machine with its own Secret Key that spits out a different Big Number every time depending on the Bank's Challenge. The message to the Bank never includes the Secret Key, just a Big Number derived from the Secret Key using the Fancy Math and the Challenge. It doesn't matter if a Bad Guy manages to eavesdrop on the Big Number that your card sends to the Bank, because that Big Number is only useful for that one transaction. Also, depending on your Bank, you may need to give your card a PIN for it to spit out the right answer.

Source: MS in Computer Science, studied encryption among other things. Work for a Bank, though not in Card Processing. Also, I sell concessions at a theater using a card reader, and I like to know how these things work.

0
4

[–] mdof1337 0 points 4 points (+4|-0) ago 

MS in Comp Sci and you work at a theatre? Hopefully that's by choice or I'm nervous for my future.

0
6

[–] MisterMcDuck 0 points 6 points (+6|-0) ago 

Choice or he doesn't like programming. If you're willing to program, you'll find people tripping over themselves to employ you.

0
2

[–] crediblehulk 0 points 2 points (+2|-0) ago 

Oh, my day job is as an automated software tester at a bank, and I do enjoy it. The theatre thing is my "escape from the grind", my excuse to get out of the house on evenings and weekends when there is a show going on.

0
0

[–] alexbuzzbee 0 points 0 points (+0|-0) ago 

Also CS-type, not nearly at your level though. Well done. Also, funny use of capitalization ("Fancy Encryption Math Machine", "using the Fancy Math").

0
0

[–] SteelKidney 0 points 0 points (+0|-0) ago 

So, does it take a special kind of card reader? Or does it happen automagically when I swipe the card?

0
3

[–] Abraham_Lincoln 0 points 3 points (+3|-0) ago 

My knowledge is that the magnetic strip is like giving access to a whole check book, if you have the information contained in the strip you can use it for as many transactions as you'd like.

The chip on the other hand makes the card act like many single check checkbooks because it uses a unique id for each transaction which is useless for any future transactions. If you don't have that same chip then good luck copying it, especially compared to copying a magnetic strip.

I am not intimately familiar with this tech though, so I could be wrong.

0
1

[–] Gamio 0 points 1 points (+1|-0) ago 

The chip is a smart card, an 8bit microcontroller and operating system with a goal of being a cryptography processor and some have even started keeping data on the card owner as a way to prevent kids using credit/debit cards from buying things they shouldn't be buying. When the card is interfaced with it has to preform a certain way in a challenge / response kind of handshake with the terminal before payment / service can continue. The end goal is to make it as difficult as possible for anyone to duplicate the card, you'd have to first figure out how the terminal works then figure out how the operating system and microcontroller work and how they both work together, get things wrong and your terminal and or credit card might lock up making it a difficult way to steal money.

The exact same technology powers the sim card in your phone, some even run java applets and connect to your carrier network to receive updates and run in a kind of virtual machine state insulating the important carrier access functions away from any would be malicious software designed to steal access or data from users.

0
1

[–] SquarebobSpongebutt 0 points 1 points (+1|-0) ago  (edited ago)

Magnetic stripes are easy to clone. The information on the stripe is static and never changes, meaning that I can read it right off your card and write it to another one. Readers to steal the info are cheap and writing is not too expensive either. I can tell you from many years working in and with credit card companies (including both of my parents working for one right now) that security is extremely tight around blank cards due to this. If I can steal just a couple of blank cards I can get information from valid card using a skimmer (easy to pay a worker at a place where your card is taken to run it like a bar or restaurant $5-10 per skim) and write it to the blanks. Embossing info to match it is easy enough also. There are a lot of cases where employees at card companies would "lose" a few cards here and there and sell them to folks who would do just that. Enough so that most places have a full lock down (nobody in or out) of a processing facility if a single card is known to be missing.

Chips on the other hand can be rewritten every time you use them. That is why it tells you to leave your card in until the transaction is complete and tells you when to remove it. They can change the encryption key at will making it much harder to read and fake. Every time you use it your info on your chip has to match the info the processor has on record and if not the card can be rejected.

0
0

[–] machina70 0 points 0 points (+0|-0) ago  (edited ago)

The info on the magnetic bar can be copied and cheaply put onto a fake card. The chip hides your information, and it's harder to get a hold of card with a chip and a chip programmer.(for now, it used to be hard to get a magnetic strip card maker, but then it wasn't)