
Shimmers are the newest tool for stealing credit card info - chaosmachine
http://www.cbc.ca/beta/news/canada/british-columbia/shimmers-criminal-chip-card-reader-fraud-1.3953438
======
closeparen
How is this possible? Wasn't the point of chip cards to sign specific
transactions using an internally stored secret? Or is it actually just an
obtuse way to move a shared secret around?

------
mgberlin
What "tap" function is the author talking about?

~~~
grzm
I believe they're referring to "contactless" use. Here are the reference I
found:

[https://www.shopify.com/blog/36816197-emv-chip-cards-are-
com...](https://www.shopify.com/blog/36816197-emv-chip-cards-are-coming-to-
the-u-s-heres-what-merchants-need-to-know)

 _Tap (Contactless)

Data between chip card and a payment terminal is exchanged wirelessly when the
two come into contact. In most cases, the customer will be required to provide
no verification for smaller transactions. New forms of mobile payments like
Apple Pay will also work this way._

Here's another article describing it (and potential issues):

[http://globalnews.ca/news/2295763/tap-and-pay-cards-its-
fast...](http://globalnews.ca/news/2295763/tap-and-pay-cards-its-fast-and-
convenient-but-is-it-more-secure/)

I'm by no means an expert! I just used google. Clarification and corrections
most welcome!

