The latest person to fall victim to credit card fraud is PayPal's President David Marcus. The incident has created a buzz among many, especially since PayPal specializes in online payments and one would expect the president of such a company to be safe from hackers. However, Marcus, who accepted that his credit card information had been stolen, while lobbying that PayPal is safer, raises concerns on the security issues with EMV chip credit cards.
He has used the incident as an opportunity to promote his own company.
My card (with EMV chip) got skimmed while in the UK. Ton of fraudulent txns. Wouldn't have happened if merchant accepted PayPal...
— David Marcus (@davidmarcus) February 10, 2014
A hacker not only stole the credit card information, but also made several fraudulent transactions. But what the PayPal president points out is that the EMV chip credit cards that are being touted as safe and reliable, are in fact not so safe.
Following the data breach at the Target Corp, EMV Chip cards were set across as much safer options in comparison to vulnerable magnetic-stripe credit and debit cards in the United States.
However, it now appears that EMV cards alone can not prevent a possible hacker from stealing the credit card information. Digital Transactions, a news analysis website reported earlier last month that the EMVs are vulnerable and should not be considered hacker-proof.
The article stated that "data still can be transmitted, unencrypted, or in plain text, during an EMV transaction. Much of the data is the same information fraudsters intercept from mag-stripe cards, including the primary account number (PAN), card expiration date, and cardholder name."
And when the card is connected "to the Internet and you introduce the possibility of hackers capturing card data unless the information is encrypted immediately upon swipe (or tap or "dip" with chip cards) and not decrypted until arriving at a secure place outside the merchant environment. Although the links in the payment-processing chain where data move unencrypted have shrunk over the years, vulnerable plain-text points remain," the article added.
Following the incident, there has been increasing pressure on the card issuers to improve the credit and debit card security features.