Seriously, not everybody will have the same results from google for the same search, don't you know about the filter bubble [1]?

Then again the number of google result never was a very good indicator even less since google search started removing search features and return only a single page of supposedly relevant results.

[1]:http://dontbubble.us/

I remember the US refusing to rely on foreign technology, hence refusing to issue plastic money with chips.

But this changed after the CIA got their hands on the technology through in-q-tel acquisition of the french company gemplus then world n°1 company in the business. Then cards with chips were coming the US and it was expected for the rest of the world to get backdoors with their US issued chip cards, years later the french government finally bought back control of the company but way too late.

Now that they have the technology, I'm surprised the switch has not happened yet, even more so since cloning and other kind of fraud is quite easy with magstripes (not that it is that much harder with chips, see yescards).

The coin introduced here seems anachronistic to my european eyes which have not seen a card being swiped in the last 30 years and a great opportunity for fraud. Better use than reducing the number of card in a wallet is obviously to charge other people for your expenses by cloning their cards.

>> (not that it is that much harder with chips, see yescards).

Never heard of that before, interesting.

I used programmable test cards when doing EMV and did wonder what would happen if I made such a card but (as the wikipedia page says) they're of very limited utility as they don't have the right keys to do anything but low-value offline transactions.

Cloning chip cards is still pretty hard, IMHO, though that is interesting.

When Serge Humpich, a french engineer, found the vulnerability the yes card is based on at the end of the 1990's, he got in touch with the GIE in charge of european bank cards to warn them and propose a fix in hope of landing a job.

They asked him for proof, as an engineer he gave them proof by buying metro tickets and sending them the tickets, the receipt and the card used to exploit the vulnerability. The GIE CB then went on pressing charges and using those as evidence of the crime and Humpich was sentenced to prison, the flaw was not fixed and the whole story got in the media.

Then yes cards started to appear all over France and Europe and people would draw money directly from atms with yes cards, until all ATMs were replaced by fixed version gradually over a few years.

The amount of fraud related to yes cards and subsequent iterations was never disclosed, but it was estimated to be in the tens of billions euros per year.

In 2001 a network of gas stations got exposed for copying the magstripe of chip cards which were then sent to be cloned in other countries and the same CBCarbon surfaced, a software dedicated to cloning chip cards issued after 1999 (those including the crypto bump from 320bits to 768bits)

I suppose this is not the low hanging fruit of getting the money from ATMs as the current method is a physical attack based on making them explode using gas but I sincerely doubt chip cards are really secure nowadays, probably just not as easy as it used to be.

I have my doubts it was anywhere close to that amount as it would work only in very specific circumstances.

The mag stripe thing is a weakness in mag stripes. The effectiveness of EMV is amply demonstrated by the fact that the numbers had to be sent to othe countries to be useful.

And yes cards in an ATM? The ATM software was not up to the standards that are required by the banks for third parties then. Implementation bugs, nothing more.