Vulnerability of payment cards with a microchip
Research has shown that there is a possibility to create the device which can intercept and change the data flow between a card and the payment terminal. Such device can deceive the terminal and register payment without PIN-code input. Scientists managed to register payments without a PIN-code with cards of six emitters, including Barclaycard, Co-operative Bank, Halifax, Bank of Scotland, HSBC and John Lewis. All details of attack do not reveal yet, however it is known that for carrying out of roguish operation it is enough to place the stolen card in the serial input reader of cards which finds room in a backpack. The intercepted data from the stolen card by means of special programs is located on a false card which then is inserted into the payment terminal. The false card gives a special signal therefore the terminal considers that the correct PIN-code though it is absolutely unessential to swindlers to know this code is entered on the terminal – transaction will be considered checked up. Earlier cards with microchip were considered much more protected, than cards with a magnetic strip. The given research has shown, what even these cards cannot be considered impregnable, despite check of a confidential PIN-code. |
|
Researchers from the Cambridge university (Great Britain) have found out fundamental vulnerability in so-called "microchip" payment cards. Scientists have found out that (Europay, MasterCard, Visa), it is possible to use the debit and credit bank cards using report EMV in some transactions without the valid PIN-code that opens before swindlers rich possibilities for crimes.