CNET también está disponible en español.

Ir a español

Don't show this again

Chip-PIN defense is 'broken,' say researchers

A flaw in the protocol underlying chip-and-PIN transactions allows an attacker to push through a purchase without a valid PIN.

Security

Chip-and-PIN readers can be tricked into accepting transactions without a valid personal identification number, opening the door to fraud, researchers have found.

Researchers at Cambridge University have found a fundamental flaw (PDF) in the EMV--Europay, MasterCard, Visa--protocol that underlies chip-and-PIN validation for debit and credit cards.

As a consequence, a device can be created to modify and intercept communications between a card and a point-of-sale terminal, and fool the terminal into accepting that a PIN verification has succeeded.

Read more of "Chip and PIN is broken, say researchers at ZDNet UK.

Close
Drag
Autoplay: ON Autoplay: OFF