The following message is a courtesy copy of an article that has been posted to bit.listserv.ibm-main,alt.folklore.computers as well.
jayare...@hotmail.com (J R) writes: > That's the point of (EMV) "chip" cards. They are inherently more secure. modulo when there are significantly less secure ... "yes card" vulnerability reference ... basically compromise POS terminal (or other swipe mechanism to skim the data ... effectively same kind of exploit used to skim magstripe data) ... and then "trivially" create counterfeit "yes card" ... original reference gone 404 ... but can be found at the wayback machine referencing presentation at cartes2002: http://web.archive.org/web/20030417083810/http://www.smartcard.co.uk/resources/articles/cartes2002.html about the same time there was presentation on the vulnerabilities at the ATM integrity task force meetings (prompting somebody in the audience to comment that they managed to spend billions of dollars to prove that chips are less secure than magstripe) ... a couple recent posts with references: http://www.garlic.com/~lynn/2009q.html#78 70 Years of ATM Innovation http://www.garlic.com/~lynn/2009r.html#16 70 Years of ATM Innovation lots of past posts mentioning "yes card": http://www.garlic.com/~lynn/subintegrity.html#yescard -- 40+yrs virtualization experience (since Jan68), online at home since Mar1970 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
