A recently released technical paper entitled “Chip and pin is broken” by security researchers Steven Murdoch, Saar Drimer, Mike Bond and Ross Anderson demonstrates a man in the middle attack that lets criminals use stolen payment cards without knowing the pin.
This is obviously a serious security problem as banks have always claimed that the security of the cards cannot be broken. The security exploit exists because the negotiation about how the cardholder should be authenticated is not authenticated itself which means that criminals can “card into thinking itâ€™s doing a chip-and-signature transaction while the terminal thinks itâ€™s chip-and-PIN” which means that it is possible to enter any four digit Pin to complete the transaction.
Here are several facts about the attack:
Continua a leggere – Original Link: European Payment Cards Security Problem