Throughout the years, consumers have all heard the stories about how financial information has been stolen when using physical payment terminals. Despite best efforts by card issuers to step up the security game, the payment terminals themselves are inherently insecure. Or to be more precise, the modulated payment protocols powering these terminals are the root of all evil, as there are major security flaws waiting to be exploited.
Getting Rid of Outdated Payment Protocols
Whenever financial data theft occurs, most people only think about what would happen to the affected consumers. But at the same time, merchants are exposed as well, as their financial details have been exposed during these attacks as well. In the end, the trust factor between retailers and consumers is diminishing, even though neither party is at fault for the theft.
The real culprit comes in the form of outdated payment protocols powering the financial infrastructure we know today. Keeping in mind how nearly every payment terminal in the world is connected to a computer at some point along the line, financial details can be obtained by hackers in a different number of ways.
Skimming, whereby an assailant reads payment card details as they are passed through the terminal itself, has become far less profitable since EMV-enabled cards have been introduced. As a result, hackers and thieves have to resort to alternative methods, such as obtaining the financial information by attacking the payment protocol itself.
Very few people know that most payment protocols allow users to read stored PIN codes remotely. Additionally, all of the card information transmitted by consumers is stored in a local area network, rather than properly safeguarded. Even though there are security measures in place – such as cryptographic signature protection – there are ways to circumvent this security.
Hardware Security Modules, which are something used to store the payment protocol mechanism, are subject to timing-attacks. Pulling off such an attack discloses valid cryptographic signatures, which can then be used by hackers to access the stored financial data. To make matters even worse, cryptographic signatures are often the same across multiple payment terminals.
Upgrading these integrated payment protocols will not be an easy feat, as it has taken many years to develop these solutions in the first place. Twenty-five years later, very few changes have been made to payment protocols over the world, while technology kept evolving. The results could be quite catastrophic in the next few years unless proper action is taken.
Or Simply Use Bitcoin
One alternative option would be for both retailers and consumers to make the switch to using Bitcoin as a payment method. Unlike traditional financial means, Bitcoin transactions do not expose any vital data, and transactions are broadcasted onto a public ledger anyway, making it useless to try and intercept them.
In addition, Bitcoin payment are far cheaper compared to card payments, and transactions settle within mere seconds. But there is an additional bonus for retailers, as they can opt to receive the fiat value of every Bitcoin transaction deposited to their bank account the next business day, rather than to wait thirty days.
What are your thoughts on the outdated payment protocols we still use to this very day? Let us know in the comments below!
Images courtesy of Shutterstock, SRLabs