千万别迷信芯片卡,其实一样不安全!
很多人对芯片信用卡有盲目的迷信,以为芯片卡比传统磁条卡更安全。
这是一个很普遍的误解。
主要的误区在于大家知道信用卡一旦被复制就有被盗刷的风险,但都忽视了现在主流的信用卡盗刷基本都是发生在网上,即线上盗刷(online skimming of credit card)。
这种线上行为根本不需要复制你的卡,也不需要模仿你的签名,只要知道你的信用卡号码、有效日期、背后的三位数安全码就够了。
很多人遭遇过这种盗刷,明明没出国,却收到银行短信提示在境外发生了消费。
这种线上盗刷一般以小金额消费开始,那是不法分子在试水。有时也会多次小金额试验,一旦成功,就会发生一大笔刷卡消费。就目前我接触过的案例来看,此类盗刷消费大多为在线购物,如书报杂志订阅、会员缴费等。
本文是最近我给公司员工草拟的一些常见问题的解答,并附英文草译(与中文并不完全对应)。由于是公司内部安全科普贴,内容并不深,也不涉及技术内容。作者水平有限,挂一漏万,在所难免。仅供同行参考并请不吝指正。
Q&A about Magnetic Strip Card and Chip Card
关于磁条卡和芯片卡的常见问题与解答
1. 什么是磁条卡?
磁性介质存储,可被轻易读取,被复制,无密码时,复制的卡片无认证,极易被盗刷
A magnetic stripe card is any type of card that contains data embedded in a strip composed of iron particles in plastic film. The front of the card contains identifying information, such as the card holder’s name and the issuing company’s name, while the magnetic stripe resides on the back.
2. 什么是芯片卡?
安全芯片存储以及加密计算,采取三层非对称密钥体系,包括静态、动态、复合数据认证,以及交易过程中的联机认证,卡信息难以被破解、获取、复制,交易过程动态数据、交易数据参与认证,交易不被篡改,保证交易安全。
Chip card security is the latest standard in credit card security. This standard (called EMV®), which was developed and is managed by American Express, Discover, JCB, Mastercard, UnionPay, and Visa) includes a small microchip in the credit card that protects buyers against fraudulent transactions.
*图片采自:https://www.thebalance.com/how-credit-card-skimming-works-960773
3. 哪种卡更安全?
磁条卡易被复制,因此线下交易时不安全。
Magnetic stripe cards simply serve as static storage devices to be read by the terminal. The terminal then performs a card swipe, PIN encryption, and signature capture function.
由于芯片卡不易复制,线下交易时芯片卡更安全。
EMV cards are primarily designed to prevent fraudulent transactions that take place when someone physically swipes a counterfeit card at a payment terminal
Chip cards are hard to clone.
但线上交易:两种卡都不安全。
因为犯罪分子不需要复制卡片,只需知道卡片号码,尤其是有效期和安全码即可盗刷。与磁条和芯片没有关系。
Neither is secure for online fraud, as the fraudsters only need to know the card number, expiration date and CVV to skim it. No clone of the card is needed.
(下面还有几个问题,由于涉及我公司信息,在此略去。)
我们给员工建议的安全用卡最佳实践要点如下:
信用卡安全最佳实践 Secure Your Credit Card – Best Practices
1. Activate transaction reminder (SMS) 启用消费短信提醒服务
2. Protect signature authority 在信用卡背面签名栏设置签名(签名不要太工整)
3. Change passcode regularly 定期更新密码
4. Cover/remove CVV2 Code after memorizing it 记牢信用卡背面的安全码后将其覆盖或刮去(这一点很少有人做)
5. Keep credit card in sight 保证信用卡不离开你的视线范围(谢绝商家对你的信用卡进行复印、扫描或拍照)
6. Use only in legitimate businesses 仅在正规商家使用信用卡
7. Activate security lock for online payment 开启网上支付锁或验证功能(如有疑问可咨询发卡行服务热线)
8. Buy credit card fraud insurance 购买信用卡盗刷险(如:支付宝蚂蚁保险的“银行卡安全险”,可覆盖持卡人名下所有银行卡。)
9. Reconcile bank statement monthly and bill review每月核对信用卡账单,及时发现可疑消费项目
10. Do NOT disclose expiration date and CVV in public (eg. Reading out on cell phone in public) 注意保密信用卡有效日期及安全码(如:不要在公共场合打电话时念出这些信息)
发现信用卡被盗刷后如何应对? What to do if victimized by credit card fraud?
建议依次进行如下步骤:
1. Verify dubious charges with issuing bank 与发卡行核实可疑交易
2. Check card balance on ATM nearby (as an evidence in your favor) 在就近的自动取款机上查询信用卡账户(查询记录可作为对你有利的申诉证据)
3. Change password 更改密码
4. Freeze the card 致电发卡行冻结信用卡
5. Report to police 报警
6. Report to Security Department 向公司安全部报告
7. Change card 换卡
最后,我们建议每个持卡人都通过网上银行设置符合自己用卡习惯的“安全锁”(下面以建行网上银行为例说明“安全锁”如何设置及使用):
“安全锁”功能支持设置信用卡境内刷卡交易,境内无卡交易,境外刷卡交易,境外无卡交易。可根据自身用卡习惯,设置锁卡时段,还可以进一步设置锁卡时段内需要管控的交易类型(包括消费、转账、取现),以及被管控交易类型在非锁卡时段的单笔,单日限额。
The “secure lock” function can be used for domestic transactions, domestic card-free transactions, overseas transactions, and overseas card-free transactions.
The card user can also set the lock period and the transaction types (including consumption, money transfer, cash withdrawal) that need to be controlled during the lock period. The limit of single transactions and single day limit of the controlled transaction type in the non-lock period can be configured too.
可通过两种方式进入“安全锁”设置页面:
-
登陆手机银行(4.0.10及以上版本),通过“信用卡—信用卡管理—安全锁设置”
Log in to Mobile Banking (version 4.0.10 and above), via “Credit Card – Credit Card Management – Secure Lock Settings”
-
登陆个人网上银行,通过“信用卡—卡管家—支付管理—安全锁”设置
Log in to Personal Internet Banking and set it through “Credit Card – Card Manager – Payment Management – Secure Lock”
随着网络交易的普及,信用卡盗刷日益猖獗。如何安全用卡是每个人都应该高度关注的安全问题。
*以上原创内容,版权归作者所有。如需转载,请保留原文链接:http://www.securitymanagers.net/emv-chip-vs-magnetic-strip/