More and more card readers at POS terminals now support tap to pay means of making a payment. If we are not inserting the chip end of the card, how is it providing additional security?
Edit: wow, lots of great information, thank you folks for taking the time and explaining it like I’m 5.
In: 197
The chip is not just a storage device like a magnetic stripe. It’s kind of a mini-computer with internal RAM (random access memory for its software algorithms) and ROM (read-only memory, a permanent storage). The security it provides is similar to https protocol used to protect you visiting web sites. In addition it’s very hard to access its RAM and ROM to clone it. Even if a waiter takes your card to a back room it is unlikely they have equipment to copy.
The chip checks if it is communicating with a genuine POS terminal and the original bank who issued the card using public/private key cryptography the same way your browser checks if it is communicating with the true reddit.com using https protocol. The terminal and the bank check in reverse order if they are communicating with a genuine chip. Once they checked each other they encrypt all exchanged data. The encryption protects your banking data the same way https protocol protects your data you submit to websites from eavesdropping while the data goes through 3rd party networks.
That’s a high level overview. Feel free to ask how public/private key cryptography works in general.
Latest Answers