Chipped cards have been hacked in the past, despite the security rhetoric from banks and merchants.
Until recently, it was done through a Man-in-the-Middle attack.
'Man-in-the-Middle' is where an attacker changes the communication between parties who think they're talking with each other directly.
Security measures are now in place to stop this kind of chip scam, but it was not until scientists studied the forensics that the police could even figure it out.
Second chip
It turns out that the fraud worked through a second chip embedded in the card, installed there by the crook.
The glued-on dummy chip answered affirmatively when polled. It let a transaction go through when the terminal asked the card's original chip if the entered PIN was correct, Catalin Cimpanu explained in a Softpedia article.
Cimpanu also referenced forensic analysis by French scientists explaining how a 2011 card fraud scam was carried out.
Double chips
The "forgeries are remarkable in that they embed two chips wired top-to-tail," the researchers, from École Normale Supérieure and CEA-TEC PACA Centre Microélectronique de Provence, said in their paper.
"The first chip is clipped from a genuine stolen card; the second chip plays the role of the man-in-the-middle; and the entire assembly is embedded in the plastic body of yet another stolen card," they said.
Law enforcement couldn't figure out how scams like this were being done until the researchers identified it with X-rays, microscopes, and protocol analysis.
Belgian police
The analysis became possible in the 2011 case, using evidence uncovered when one of the perpetrators was caught.
According to the report, the suspect, a 25-year-old woman, had failed to remove her phone's SIM card before performing a transaction with a bad card, and the big-data identification ended up getting her arrested. Authorities also reportedly found a stash of cigarettes and scratch games, which the scammers had used to buy with the hacked cards so they could sell them on the black market. The police arrested some of her associates and found 25 other bank cards.
But they couldn't figure the fraud out, thus the request to the scientists.
Visual inspection
Once the scientists had the specimen cards they were able to start the physical analysis with a visual inspection.
Signs of deformity around the chip appeared after heating, they surmised—and that led them to look further in that spot.
They then found that the module was about half-a-millimeter thicker than normal, and they found tiny traces of glue. There were two chips.
Data
X-ray images then found wiring added between the chips, and software querying discovered contradictory data with that, which was embossed on the card.
The scientists also performed side-channel analysis, which measures variations in the chip's power consumption compared to what it should be.
Lazy scammers
Notably, one area that the perpetrators erred in was that much of their modding and programming was of the bare minimum needed to do the hack—good work, but it gave the game away early in the forensics because the chip didn't behave as it should have.
If they'd taken more time, would the hack ever have been found?
Today, the scientists think that the attack couldn't take place, due to "new authentication mode and network-level protections acting as a second line of defense," they said in the paper.
The result
And the result then? The baddies went to prison, and EMV, who runs the chip system, improved their security.