This claim of a glaring hole in EMV, the chip-based system, may be true due to the way many retailers are upgrading their payment machines by not encrypting the transaction. This makes card information vulnerable. Payment machines are unencrypted by default, and retailers have to pay more to turn on encryption.

During their presentation, NCR researchers advised shops to encrypt everything in a transaction.

"There's a common misperception EMV solves everything. It doesn't," Patrick Watson, one of the researchers, told CNNMoney.

Randy Vanderhoof, director of the U.S. Payments Forum (formerly the EMV Migration Forum), saw the possible flaw differently.

"If the data on the magnetic stripe is altered, it might fool the terminal, but when the authorization request gets to the issuer, they can recognize it was altered because they know what information should be on the magnetic stripe, and will therefore reject the transaction," he said.

Vanderhoof maintained these kinds of risks with magnetic stripe cloning or altering are exactly the kinds of problem EMV is best at preventing.

Can your cybersecurity strategy handle an attack? Do you have the latest tools and techniques to prevent fraud and data breaches? Get them and more at our FREE Second Annual Data Breach Defense Virtual Conference on September 7. Plus, you'll also learn the latest trends in cybersecurity including incident responses and be able to immediately download white papers, and so much more. Register for FREE Now! 

To help merchants and acquirers develop their strategies for EMV implementation, payment network members of the U.S. Payments Forum updated a guide outlining their minimum requirements for chip deployment, which included adding requirements for the recently-announced, faster EMV solutions from American Express, Discover, MasterCard and Visa.

The EMV Minimum Requirements Matrix helps U.S. issuers, merchants, acquirers, processors and vendors who are planning deployments of EMV chip programs in the U.S. understand the requirements of chip deployment for the payment networks.

"Having the most current minimum requirements for chip implementation compiled in one place provides a starting point for merchants and acquirers in their chip deployments, whether they plan to implement all of the features or choose a simpler deployment such as the new faster EMV specifications," Vanderhoof said.

The matrix focuses on the minimum card and terminal requirements for payment networks Accel, American Express, Armed Forces Financial Network, China UnionPay, Discover, Jeanie, MasterCard, NYCE, PULSE, SHAZAM, STAR and Visa for the U.S. market. The participants documented their respective card and terminal configurations for EMV compliance. While the document addresses minimum requirements, decisions regarding deployment of chip technology differ by stakeholder; and involve a balancing of considerations, such as business needs and preferences, deployment timing, complexity, and associated initial and future costs.

Can your cybersecurity strategy handle an attack? Do you have the latest tools and techniques to prevent fraud and data breaches? Get them and more at our FREE Second Annual Data Breach Defense Virtual Conference on September 7. Plus, you'll also learn the latest trends in cybersecurity including incident responses and be able to immediately download white papers, and so much more. Register for FREE Now!