The research, published by a group of academics from the ETH Zurich, is a PIN bypass attack that allows the adversaries to leverage a victim’s stolen or lost credit card for making high-value purchases without knowledge of the card’s PIN, and even trick a point of sale (PoS) terminal into accepting an unauthentic offline card transaction.
All modern contactless cards that make use of the Visa protocol, including Visa Credit, Visa Debit, Visa Electron, and V Pay cards, are affected by the security flaw, but the researchers posited it could apply to EMV protocols implemented by Discover and UnionPay as well. The loophole, however, doesn’t impact Mastercard, American Express, and JCB.
The findings will be presented at the 42nd IEEE Symposium on Security and Privacy to be held in San Francisco next May.
Modifying Card Transaction Qualifiers Via MitM Attack
EMV (short for Europay, Mastercard, and…