Chip and PIN is Broken
- Pin and Chip bypass the pin code
EMV is the dominant protocol used for smart card
payments worldwide, with over 730 million cards in circulation.
Known to bank customers as “Chip and PIN”, it is used in
Europe; it is being introduced in Canada; and there is pressure
from banks to introduce it in the USA too. EMV secures
credit and debit card transactions by authenticating both the
card and the customer presenting it through a combination of
cryptographic authentication codes, digital signatures, and the
entry of a PIN. In the following paper that describe and demonstrate a
protocol flaw which allows criminals to use a genuine card
to make a payment without knowing the card’s PIN, and
to remain undetected even when the merchant has an online
connection to the banking network. The fraudster performs a
man-in-the-middle attack to trick the terminal into believing
the PIN verified correctly, while telling the issuing bank that
no PIN was entered at all.
Hi,
I’m just getting started with my new blog. Would you want to exchange links on our blog-rolls?
BTW – I’m up to about 100 visitors per day.
[回應]