It's doubtful that offline mode could be enabled in firmware, certainly not without some serious work. But shimming the terminal 1. Intercepts the chip data stream, 2. Triggers an apparent non chip card insertion, 3. Captures the chip data and if the cracker is good, acts like a terminal and decodes data, 4. Sends stripe data as expected, 5. Terminal received the auth and is happy happy happy.

The shim stands in to intercept the chip data, fill the terminal intro accepting the card as a mag stripe, and doors leave the chip unsynched, which will either kill the chip or force a re sync and raise some innocuous alarms. Ask we care about if that it is possible to circumvent the chip.

IF the terminal permits swipe insertions. Many in EU will not, but if the cracker has modified the terminal firmware, all is lost. That is generally very difficult, checksums and signing and all that.

That's as easy as it gets.

If they change mine, it will be the second this year, fourth in two years, sixth or seventh in 3 years. Credit unions don't all own their card systems, and these issuers are lazy.

Some card issuers know that 40-60% of their cards in force are 'compromised'. They consider that normal, and perform fraud/risk monitoring as a normal course of business.

It's not NCR, IBM, etc. It's Ingentico, Verifone, the other terminal makers, and the acquirers (Paymentech, First Data, etc) that handle the data, but Home Depot needs to secure the transmission of that. And I bet most of this was skimmed off of databases that needed to be another layer away from intruders.

There is no such thing as absolute security.

And in the UK, the stories of pensioners being shoulder-surfed at the ATM (or worse) while they peck away at the keypad end with them at the bank being informed that their money is gone, and they must have disclosed their PIN to someone. "Sorry, but the system is totally secure. It isn't our fault". Not as if the camera at the ATM wouldn't be showing some hoodie emptying their account, though the banks have no real incentive to investigate.

Yeah, Chip n PIN is a real winner, for the banks.

One way to scam that is to put a shim in the terminal, forcing it offline. Look for an extra cable coming from the card reader.

Home Depot has been replacing terminals with dip terms for EMV. But the issuers are waiting for some more traction. Most US merchants don't want to pay for the terminals, since the risk doesn't shift sufficiently for them to pay the money.

And as mentioned above, any card-not-present transactions are unaffected by EMV. Most of these rings sell cards to be used not-present. It;s fairly common to place the order on the website for local pickup, grab the loot and fence it. EMV doesn't stop that.

I'm not asserting any state regulators are acting out of some concern about global warming. The commissioners I've had the opportunity to watch have focused on both liquidity and rates. In Maine, for instance, it was a decades long battle with Blue Cross over returns and rates. Then BC went private, and a settlement over capital was reached. In the homeowners market, the commissioner battled over rates and returns, with a tertiary concern over reserves.

Most state commissioners are fighting over rate increase demands based on investment returns, and discerning the true state of the carriers.

None of this is as simple as your (and i) make it seem. Insurers have a vested interest in overstating risk always, either hiding profits or understating the value of reserves.

Global warming is a convenient excuse for higher premiums, but a rogue hurricane will do as well.

Oh, and reinsurers are largely unregulated, but they largely serve commercial and special (excess) coverage. By definition, they are not primary carriers.

There is virtually NO property or healthcare insurance market that is state-regulated and is NOT rate regulated. Roughly half the state regulate auto insurance rates. Virtually all insurance sold to consumers is state - regulated in the U.S.

The myth is that price competition is the dominant method of acquiring market share. Bear in that most insurance markets are state-regulated, and if we limit ourselves to property insurers, rigidly regulated.

Isn't that report (falsifying, inaccuracy, etc.) Enough for an investigation and penalties? Would be I I did it.

Couldn't be a reaction to past losses from storms, eh? Or just profiting from uncertainty?

Seriously, this isn't evidence of anything than a profit motive.

And add in the volunteer group that decided to save the project, working out of an abandoned McDonald's.

Oh, wait....

Just like surveillance technology (whoops, it *is* surveillance technology), or tracking technology, and those are just so helpful. Especially to those in power.

I'm just as suspicious of this as I am of the police, the government at all levels, or our elected representatives. These entities all need adult supervision. And good controls.