EMV é a reunião entre Europay, Mastercard e Visa e define um dos mais fortes padrões de uso de smartcards em transações financeiras. Daniel Rosa, membro da lista cisspbr alertou para as diferenças entre os sistemas de smartcards e eu fui correr atrás para verificar a informação passada. Eis que encontro a assustadora afirmação no site da Multos.

EMV Terminals need to be able to authenticate that the EMV transaction data generated by the card is genuine. This can be performed without the terminal needing to go on-line with “Static Data Authentication” (SDA) or “Dynamic Data Authentication” (DDA). In the case of SDA, the same digital signature is used by the card to authenticate itself each time an offline transaction takes place. This means that it may be possible to copy that card’s data, and create a duplicate card using programmable smart cards. Cloned SDA cards cannot be blocked if they are used in off-line terminals, but can be detected as soon as the terminal goes on-line. For this reason the threat of SDA card cloning is judged to be less of a threat than the current magnetic stripe technology. SDA is the most common deployment of EMV smart cards to date, since they do not require RSA cryptographic support in the chip, and so are less expensive.

The solution recommended for greater security is “Dynamic Data Authentication”, because it protects against the cloning of chip cards and against so-called "replay attacks". This is because a DDA terminal can dynamically authenticate that a DDA card is a genuine card off-line, by sending a challenge to the card which is processed by the card’s RSA co-processor, and responded to. The disadvantage of DDA is that the requirement for an RSA co-processor makes the smart card more expensive than a simple SDA card. Both MasterCard and Visa have defined EMV smart card implementation options for DDA and SDA.

Ao que parece o o inclonável não é tão inclonável assim. Ponto para o paranóico Nelson Corrêa que sempre reclamou dos cartões com chip. Vamos ver quanto tempo vai demorar para a novidade chegar no Brasil e se nossas instituições financeiras resolveram escolher SDA pois é "mais barato".