Cloning magstripes from EMV data is, in fact, the way how many carding gangs still operate today. Crooks use skimmer or shimmer devices to collect data on EMV cards, they create a magstripe clone, and then they use this clone to make fraudulent transactions at Point-of-Sale (POS) systems or withdraw money from ATMs in third-world countries where EMV cards have not been rolled out and magstripe cards are still accepted.
Galloway explains why this is still possible. “First, the commonalities between magstripe and EMV standards for chip inserted and contactless mean that it’s possible to determine valid cardholder information from one technology and use it for another,” Galloway said. While banks don’t have full control of what card/payment technologies are supported in other countries, and they’ll still have to support older technologies for legacy purposes, they have the power to verify transactions correctly.
Read the full article at ZDNet