The one with the keylogger-featuring keypad is what has me most worried, someone could rob me of my card a bit later. Then again, they might as well rob my card and demand the code, having someone else try it while keeping me at gunpoint. Yeah guns are outlawed here, but that doesn't mean they don't have 'em.
Crypto is cool, until you mention physical security. Obligatory: http://xkcd.com/538/
I live in a European country where chips are common. Yet, about one year ago I encountered a skimming device (I ripped it off and brought it to the cops). Unless magnetic strips are completely disabled (domestically and abroad) the security issue is still there.
Incidentally, one of my banks by default blocks all use of Maestro (the European debit card system) outside of the Eurozone. You have to activate use of Maestro abroad on a trip by trip basis. One of my other banks automatically blocks credit cards used in the United States unless preceded by cash withdrawal at an ATM.
How do chips solve the problem? From my understanding, a man-in-the-middle scanner can gather enough information about query-responses to simulate the chip. This was one of the big problems identified with RFID chips embedded in passports because all a criminal would need to do is brush by other travelers with his skimmer.
* Some banks cards were vulnerable due to faulty crypto. The banks phased those cards out.
* Attacks based on a malicious PIN pad logging the PIN code, then feigning a chip error and telling the user to fall back to the magstrip, thus turning to traditional skimming.
I haven't read anything that attacks the chip itself on current cards. Do you have any links?
edit2: Wikipedia TL;DR: There are two currently-relevant attacks:
* One lets attackers trick a terminal into initiating a PINless transaction in order to use a stolen card. This information is sent to the issues as part of the authentication, so a bank could deny all PINless chip charges if they wished (I'm not sure what cases this legitimately used in?), plus there's a clear trail that the cardholder isn't liable.
* The latest attack tricks the card into downgrading to an older, plaintext method of transferring the PIN from the terminal to the card, allowing the PIN to be skimmed. I'm not sure how this is useful in recreating the card to steal money.
There's some evidence that the first attack was used in the wild, but the banks deleted the logs showing whether a PINless transaction took place so the customers were found liable for the charges.
To make matters worse, after C&P rolled out some banks would just flat out refuse to reimburse cardholders for fraudulent charges. They claimed the system was bulletproof and if fraud did happen, then it was the cardholder's fault: http://en.wikipedia.org/wiki/Chip_and_PIN#Banks.27_liability
The chips are sophisticated and powerful enough to setup an SSL/TLS session to the bank if needed. Just like with SSL/TLS, if it's designed correctly, intercepting the traffic between the card and POS/ATM is useless.
I haven't been able to find very much on this in a few evenings that I searched for info on it, but from what I've been able to find I'm quite sure that it's possible to do. The chips give a boolean response as to whether the PIN number is correct and lock themselves after 3 attempts. Combined with the knowledge that 6 pins (=6 parallel bits) are used for 4 digit PIN numbers (log(10^4)/log(2)=14bits), you can deduce that it must have at least persistent storage and computational capabilities. A complete Von Neumann machine. This makes it feasible to implement algorithms like RSA and AES (asymmetric and symmetric encryption) on the chips. The POS/ATM then provides power and a connection to the desired bank, and all should be fine.
I don't really think they are that good to connect to the bank directly, but the idea that the chip is capable of this kind of crypto makes me feel better than with magnetic strips.
They are "sort of" connecting to the bank - the idea is that the card issues an authorisation token w. the amount and other info, signs it with the private key, and then the merchant sends it to the bank which may approve or deny the transaction.
The chip is authenticated with a public/private key challenge/response. The private key is never sent to the ATM; the chip actually runs a very small program/system that can generate the correct response to the challenge using its private key. The chip is powered by the contact with the ATM.
I just wish banks had the option to get a card without a magstripe. I could use the chip-only card for day to day stuff and only use the magstripe when I travel to the U.S.
You can clone a "magnetic card" from a chip card - it's magnetic stripe will be identical, but you won't have the private key of the chip.
And afterwards, if the bank knows that it is supposed to be a chip-capable card; and the location (country) is supposed to be chip-capable, then all mag-stripe transactions are rejected even if the "all required information" is correct.
The banks could do this, but in general they don't seem to - it's too annoying for their customers when the chip is covered in dirt, a bit damaged, whatever.
Good point, I hadn't thought of that. I suppose I should call my bank and ask them. But how do I know what they're saying is true? Usually when you call support (never tried calling a bank) you get some blonde that tells you nothing except that "everything is secure!"...
On the other hand, the card doesn't slide all the way in anymore. Just far enough so that it sticks and it can read the contacts, so at least they can't grab all the information on it.
For a longer list, see: https://krebsonsecurity.com/all-about-skimmers/
The one with the keylogger-featuring keypad is what has me most worried, someone could rob me of my card a bit later. Then again, they might as well rob my card and demand the code, having someone else try it while keeping me at gunpoint. Yeah guns are outlawed here, but that doesn't mean they don't have 'em.
Crypto is cool, until you mention physical security. Obligatory: http://xkcd.com/538/