Join the Community

22,037
Expert opinions
43,964
Total members
420
New members (last 30 days)
182
New opinions (last 30 days)
28,682
Total comments

Chip and Skim: cloning EMV cards with the pre-play attack

  0 3 comments

The EMV (Chip & PIN) protocol requires ATMs and point-of-sale terminals to generate a random number. If this number (known in EMV terminology as the "unpredictable number") isn't random, Chip & PIN is left vulnerable to the "pre-play" attack, which is indistinguishable from card cloning to the bank which issued the card. In the course of investigating a fraudulent transaction, for which the bank had refused to reimburse the victim, we discovered that ATM random number generators, across some of the biggest brands, have serious flaws.

By modifying a Chip & PIN card, and by reverse engineering ATM firmware, we analysed random number generators, finding a variety of different types of failures. The results of the survey can be found in our blog post and academic paper, announced at CHES 2012 today.

See also coverage in the FT and Information Age.

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Join the Community

22,037
Expert opinions
43,964
Total members
420
New members (last 30 days)
182
New opinions (last 30 days)
28,682
Total comments

Trending

David Smith

David Smith Information Analyst at ManpowerGroup

Best 5 White-Label Neobank Solutions in 2024

Ruoyu Xie

Ruoyu Xie Marketing Manager at Grand Compliance

Governance, Risk and Compliance: How AI will Make Fintech Comply?

Now Hiring