Chip-PIN defense is 'broken,' say researchers

A flaw in the protocol underlying chip-and-PIN transactions allows an attacker to push through a purchase without a valid PIN.

Chip-and-PIN readers can be tricked into accepting transactions without a valid personal identification number, opening the door to fraud, researchers have found.

Researchers at Cambridge University have found a fundamental flaw (PDF) in the EMV--Europay, MasterCard, Visa--protocol that underlies chip-and-PIN validation for debit and credit cards.

As a consequence, a device can be created to modify and intercept communications between a card and a point-of-sale terminal, and fool the terminal into accepting that a PIN verification has succeeded.

Read more of "Chip and PIN is broken, say researchers at ZDNet UK.

 

ARTICLE DISCUSSION

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

Hot on CNET

CNET's giving away a 3D printer

Enter for a chance to win* the MakerBot Replicator 3D Printer and all the supplies you need to get started.