Security experts from the Computer Laboratory of the University of Cambridge have compromised the electronic autorization and verification process of major credit and debit cards like EC-Card, Eurocard, Mastercard and VISA (EMV).
The computer scientists team around Steven Murdoch found a flaw in the in the EMV protocol which allows criminals to use a stolen genuine card to make a payment without knowing the card’s PIN.
Using a man-in-the-middle attack they trick the electronic terminal into believing the PIN was verified correctly while telling the terminal to step back into signature based authorization mode.
This being said, credit card companies and banks worldwide will not be able to hide behind the phrase that their systems are secure and that customers who have been stolen credit cards have not observed the rule to destroy their credit card’s PIN. Insurance companies take care: customers recurse receivables against issueing banks are coming.
Documentary is courtesy of BBC.co.uk…