True story: I was an American in the wastelands of Uzbekistan and needed to find a bank to get currency. Locals pointed us in the direction of a tiny cluster of buildings on the horizon. We got there and one of the buildings was indeed a tiny bank of some kind. We gave the person running the place our debit card and he looked at it with surprise. He flipped it over and over then gave it back. They didn't accept magnetic stripe cards-- only chip and pin. What backwater place did I come from that still issued magnetic stripe only cards?
Was just in Israel and was shocked to learn it's still using magnetic stripe. Fortunately, my American issued chip-and-signature cards still have a magnetic stripe as well.
When you talk to your US bank, make sure you get a chip card that is international-enabled (aka has chip+pin on it). Nearly all the US cards are chip+signature, which means they won't work at places like European train station ticket kiosks (no way to enter a signature). Found that out myself...
Heck, even in places that support both, chip-and-sign cards are an enormous pain. I'm a Canadian with an American corporate Amex and inevitably the dance is:
1. The guy dips the chip. Machine errors out.
2. Guy tries it again and fails.
3. Finally listens to me and dips the chip, then swipes. But it has to be right after the chip fails so the machine will accept the swipe.
Why? Well if they swipe first, the machine says to use the chip, then they use the chip and it errors out on that, and then they swipe again and it works.
Thailand and Malaysia- same. Chip card was skimmed, though- or the account was somehow compromised in the British Virgin Islands a couple months later. So the security isn't perfect.
Edit: I believe the BVI heist was from a wifi purchase.
A few months ago I went to use my high street bank's ATM and it had an unusual card aperture. The rest of the machine looked normal. I walked into the branch, explained my concern and the cashier looked at me for several long moments, as if I had made some amazing comment, then said their engineers had fitted it and it was fine to use. I got the impression that I was the first to ask about it, and that such questions are unusual.
No kidding. Next time walk in with a clipboard, some sort of name tag, and announce to the cashier that you need to perform maintenance on their ATM machine for the next half hour.
It's interesting how the standard design of ATMs has created an opportunity for skimmer apertures. Straight from factory, ATMs are often a 1980s-vision-of-the-future with lots of bevels, mixed plastics of assorted shiny/matte, inexplicable recesses and protrusions. Even bulky skimmers and cameras (to capture your pin number) can be attached to the faceplate and most wouldn't think to question it.
I've got a question about the chip cards. I have one and I use it when possible. I often hear that the reason to use them is that they are harder and more expensive to copy than cards with just a magnetic strip. This seems like a pretty weak deterrent. If everyone starts using chips wouldn't the price of creating cloned cards with chips go down? Wouldn't it eventually become worthwhile to criminals? Or do the chips provide another layer of security that I'm unaware of?
My understanding is that the strip essentially encodes the credit card number, and that when you swipe it, you pass the number. Therefore, "stealing" the card is as easy as MITM-ing that (with a skimmer).
The chip, on the other hand, answers a query that proves that it knows a secret. If the attacker listens to the exchange between the card and the reader, it doesn't learn the secret itself, and the next transaction will ask a different query.
The most important difference is the presence of encryption in the case of chip cards. Magnetic strips offer their data in plain text form when swiped through any card reader.
I don't consider myself an authority on this, but that's one of the most convincing skimmers I've ever seen. Significant effort went into designing and manufacturing that.
Seriously. I'm always looking for skimmers, more out of curiosity than paranoia. But even with me actively looking, I wouldn't have noticed it. Impressive.
Can the rise of skimmers be attributed to the fact that a chip card is more difficult to "hack" into and since more and more customers and vendors are requiring dipping chip cards the thieves want to get as many cards as possible before all vendors require chip and dip?
Here in Singapore I could get a replacement debit/atm card in an hour by visiting any open branch. Or credit card in 3-4 working days. Maybe it is because Singapore is such a small country.
I have to say though hearing the stories about consumer facing tech from the US credit cards, 911, cable boxes internet speeds vs the business tech you see where the US dominates. I feel the people are less important in the US then the corporations.
