If you use the mag strip you’re required to sign but a study showed that most cashiers don’t even look at the signature never mind compare them.

The chip means you need a code that has 10000 different possible combinations. That’s a lot more secure.

Contactless decreases security for convenience but usually requires you to enter the code periodically or after a certain amount has been spent

It’s not the same data.

A mag stip is just data storage – everything it knows, it will show you.

The chip doesn’t expose everything it knows to the payment terminal. The terminal “asks” it to authorize a transaction, and the chip “answers” based on the question. What gets asked is different every time, and hence the answer is also always different. Therefore, capturing a single answer from a chip is useless since it will never be the same twice.

The information on a magnetic stripe is static. Anyone with a reader or skimmer can take that information, duplicate it, and use it to make purchases.

The chip is dynamic. It is actually a computer chip. The codes used by the chip change with each purchase, in a manner that is predictable only to the people that set it up. So reading the information from the chip doesn’t help you unless you also compromise the databases of the institution that set it up. But if you can do the latter, you don’t need to read the chip in the first place.

I work for a bank, used to do disputed transactions, many of them involving cards.

The chip is *not* more secure than the mag strip. That’s not why banks forced all the cards to use them.

The chip just sends a report that it’s been used for every transaction it’s involved in. So the bank knows, if the charge on your card used the chip, your card was *physically there* to make the purchase, and that it wasn’t made online or over the phone or some other way.

This means that if someone calls the bank, says they had their card in their possession, but the last 5 chip-based charges on their account are fraudulent, the bank will deny that dispute case and say “your chip was used and you said you had your card, therefore you made these charges.”

I can confirm this pisses off *a lot* of people.

EDIT: Downvoting the person telling you that your cards aren’t safe is some pretty naive shit.

To expand a little more then some others are:

The data on the mag strip is just static, like text printed on a page. So if someone used a photocopier, they could reproduce that text and pretend to be you. This can be done by putting a hard to see device over the card reader, that can read your card as you swipe it.

The chip, however, is a little computer than can do a little calculation. The actual math it does is well out of ELI5 territory, but the idea is simple enough.

The chip has a secret number in it that, importantly, *never leaves the chip*. However, it can still prove that it has this number. It can do this by “multiplying”* this number by the random number the card reader gives it, and then giving back the result. So if the secret number was 5, the reader might give it 3, and it would return 15. The reader can them give the result to the bank (or whoever issued the card), who also know the secret number, who can verify that the result is accurate.

* In reality, these numbers are hundreds of digits long and the function isn’t multiplication, but something that is much more complex and that doesn’t have a way to reverse it, the way that division reverses multiplication. The math itself is far beyond ELI5 territory, though.

The nature of this math is such that the input and output appear to be essentially random and even if you could see hundreds of examples of input and output pairs, you still couldn’t feasibly figure out the secret number.

Because the number itself doesn’t leave the chip, the best you can do is intercept a few input-output pairs between the reader and the card, however since the card readers ask for the results with a random number (and these numbers are very large) the chance that you happen to have seen that number before are essentially 0.

The information on a magnetic stripe is static. Anyone with a reader or skimmer can take that information, duplicate it, and use it to make purchases.

The chip is dynamic. It is actually a computer chip. The codes used by the chip change with each purchase, in a manner that is predictable only to the people that set it up. So reading the information from the chip doesn’t help you unless you also compromise the databases of the institution that set it up. But if you can do the latter, you don’t need to read the chip in the first place.

If you use the mag strip you’re required to sign but a study showed that most cashiers don’t even look at the signature never mind compare them.

The chip means you need a code that has 10000 different possible combinations. That’s a lot more secure.

Contactless decreases security for convenience but usually requires you to enter the code periodically or after a certain amount has been spent

Imagine I am talking to you on the phone. I ask you: What is your name? You say “Jon Smith”. Ok, I take money from Jon Smith. If you aren’t Jon Smith, I have no way to prove it. That’s the mag strip.

Instead, I ask you: What’s your name and what’s the last house number you lived at? You say Jon Smith, 3455. I can now confirm you are likely Jon Smith (or at least know something extra “secret” about Jon Smith.) That’s mag stripe + CCV.

But the problem is if someone is eavesdropping on the phone, they can claim to be Jon Smith at 3455.

So, instead of asking for your house number, I might ask you for the *sum* of the last two houses you lived at: 3455+1111 = 4566.

And the next time I ask, I might ask for the difference between your two house numbers: 3455-1111 = 2344. Even if you know the sum of the two house numbers you don’t know their difference. That’s chip with cryptography.

Of course the cryptography is much more complex than adding or subtracting two numbers but it gives you idea of how to communicate that you know some secret information without giving away the secret information.

It’s not the same data.

A mag stip is just data storage – everything it knows, it will show you.

The chip doesn’t expose everything it knows to the payment terminal. The terminal “asks” it to authorize a transaction, and the chip “answers” based on the question. What gets asked is different every time, and hence the answer is also always different. Therefore, capturing a single answer from a chip is useless since it will never be the same twice.

the magnetic strip just has a number tied to it. think of it like your bank account number. if a skimmer gets it, you’re screwed.

the chip or tap uses tokenized numbers. if you’ve ever used an RSA token, or a physical authenticator, it’s like that. or heck, even google authenticator. they generate an expected number in a specific order, so each time you use it, that number is no longer valid and only valid for a short period of time. so if a skimmer gets it, it’s worthless as you’ve already used it and time has already expired it. it’s way safer and companies would probably save money related to fraud if they switched to tap.chip more quickly