Vulnerabilities in the EMV protocol allow payments without PIN
The contactless payment protocol for EMV bank cards, named after its founders Europay, Mastercard and Visa, contains several security flaws that allow criminals to make payments without using the PIN code for amounts greater than the established limit, currently of € 50.
This discovery, the result of research by David Basin, Ralf Sasse and Jorge Toro, belonging to the Federal Polytechnic School of Zurich, shows that anyone who gets a Visa card, or even if they place an NFC phone at their On the other hand, you could make contactless payments exceeding the established limit, by modifying the transaction data.
Another vulnerability discovered allows payments to be made offline, tricking the payment terminal into accepting false transactions and not charging the user.
- 29/08/2020 emvrace.github.io The EMV Standard: Break, Fix, Verify
- 29/08/2020 hackread.com New vulnerability lets hackers use your credit card without pin code
- 31/08/2020 welivesecurity.com Security flaw allows bypassing PIN verification on Visa contactless payments
- 01/09/2020 europapress.es Las tarjetas Visa sin contacto contienen un fallo de seguridad que permite realizar pagos sin PIN superando el límite
- 01/09/2020 xataka.com Descubren un fallo de seguridad que permite saltarse la confirmación con PIN en pagos contactless de tarjetas bancarias