ChRiStIaAn008 asked:

Speaker: Steven J. Murdoch Vulnerabilities in the EMV Protocol EMV is the dominant protocol used for smart card payments worldwide, with over 730 million cards in circulation. Known to bank customers as “Chip and PIN”, it is used in Europe; it is being introduced in Canada; and there is pressure from banks to introduce it in the USA too. EMV secures credit and debit card transactions by authenticating both the card and the customer presenting it through a combination of cryptographic authentication codes, digital signatures, and the entry of a PIN. In this paper we describe and demonstrate a protocol flaw which allows criminals to use a genuine card to make a payment without knowing the card’s PIN, and to remain undetected even when the merchant has an online connection to the banking network. The fraudster performs a man-in-the-middle attack to trick the terminal into believing the PIN verified correctly, while telling the issuing bank that no PIN was entered at all. The paper considers how the flaws arose, why they remained unknown despite EMV’s wide deployment for the best part of a decade, and how they might be fixed. Because we have found and validated a practical attack against the core functionality of EMV, we conclude that the protocol is broken. This failure is significant in the field of protocol design, and also has important public policy implications, in light of growing reports of fraud on stolen EMV cards. Frequently, banks deny such fraud victims a refund

Advertisement
Share →

8 Responses to Credit Card Chip and Credit Card PIN is Hacked

  1. starnear says:

    Agree with EMV lost card frauds…but still its better than purse being lost 🙂
    There is a tag called CVM results from the EMV cards, which will tell precisly what CVM is performed. If the cards a personalized with TSI tag, in CDOL will resolve the issue as well, field 55 is one more option too 🙂 EMV still remains te most secure payment method

  2. BuddhaChu says:

    @josh280694

    He’s using prezi.com

  3. mokmok8080 says:

    1dt

  4. hackulous says:

    The success code is (almost) OVER NINE THOUSAND!

  5. MrMacee says:

    Nope it wasn’t keynote, actually it was made with prezi.com and playedback with flashplayer.

  6. MrAngry61 says:

    Interesting presentation. And reassuring that at least one UK bank (Bar*****) apparently has resolved the problem.

  7. FuttFel says:

    @josh280694 He is using a Mac so my guess is… Keynote. Which is part of the iWork suite.

  8. josh280694 says:

    Does anyone know what program he’s using to make the slideshow?

Leave a Reply

Your email address will not be published. Required fields are marked *

* Copy This Password *

* Type Or Paste Password Here *

Looking for something?

Use the form below to search the site:


Still not finding what you're looking for? Drop us a note so we can take care of it!

Set your Twitter account name in your settings to use the TwitterBar Section.