The vulnerability was revealed in a report called “The EMV Standard: Break, Fix, Verify.”
Every time we make a payment using credit/debit cards, the EMV communication protocol is used for processing payments. Having been developed by Europay, Mastercard and Visa, etc. it is used for over 9 billion cards globally.
However, as is the principle of cybersecurity, nothing stops it from being vulnerable. Drawing on this, recently, 3 researchers namely David Basin, Ralf Sasse, and Jorge Toro-Pozo from the Department of Computer Science at ETH Zurich have discovered vulnerabilities in the protocol which would allow an attacker to conduct a Man in the Middle Attack (MITM) and therefore engage in fraudulent transactions.
See: Emojis To Be Your New Pin Codes
Using a model that simulated a real-world situation involving the merchant machine, the user’s card, and the bank; the researchers were able to find 2 main vulnerabilities. Firstly, they developed an Android app as a Proof of Concept (POC) which when used to make contactless payments would allow the attacker to go through without the use of any PIN code.
The reason this is possible is because of the lack of authentication & cryptography used in the cardholder verification method which makes it possible for the attacker to modify settings to suit their needs. As an example, the researchers also did such a transaction successfully worth $190 for testing in a real store using their own cards.
The s ..
Support the originator by clicking the read the rest link below.
