the whole world burns

Archive for category 'banking'

Chip and PIN is broken

 #

The flaw is that when you put a card into a terminal, a negotiation takes place about how the cardholder should be authenticated: using a PIN, using a signature or not at all. This particular subprotocol is not authenticated, so you can trick the card into thinking it’s doing a chip-and-signature transaction while the terminal thinks it’s chip-and-PIN.

Would you have spotted the fraud?

 #

Scarily authentic-looking ATM skimmers.

Small things, links and miscellany, sparkling with light. Sam's tumblelog.

Related Tags