
Credit card breach at Kmart despite using chip and PIN technology - heywire
https://krebsonsecurity.com/2017/05/credit-card-breach-at-kmart-stores-again/
======
panda88888
The HN headline is click bait. Using chip and pin doesn't prevent breach of
the payment system. TFA even states the breach most likely only affected mag
stripe cards, not chip cards.

Edit: I clicked to see how the chip was compromised and was sorely
disappointed.

~~~
heywire
Sorry, I was trying to convey that Kmart had the upgraded card terminals,
which should mean point-to-point encryption of all cardholder data (including
mag-stripe), but couldn't figure out a way to fit that into a headline in a
way that people not familiar with payment systems would understand. This story
is quite interesting to me, because my understanding was that terminals which
support EMV must be point-to-point encrypted, so the cardholder data should
not have been available to any system between the card terminal and the
host/bank.

