Vulnerability discovered in Chip and PIN security system
In a groundbreaking discovery, a team of researchers from the University of Cambridge has uncovered a vulnerability in the Chip and PIN system that could potentially enable fraudsters to commit card fraud in the future.
The research, presented in the paper titled "Chip and Skim: cloning EMV cards with the pre-play attack," highlights a method to 'skim' Chip and PIN cards by predicting the one-off code (Unpredictable Number, UN) sent from the terminal to the card operator. This discovery could allow the recording of all necessary information from the moment of card access to the point of impersonation at a future date and location.
According to the research, the Unpredictable Number is generated for every transaction using a Chip and PIN card via the EMV standard to authenticate the transaction. Mike Bond, a visiting professor at the University of Cambridge, noticed a pattern in a series of UNs related to ATM fraud, which could be used to predict future UNs.
This method could potentially be used to commit fraud by impersonating chip cards at future dates and locations. The specific card processing companies or ATM models involved in the vulnerability have not been disclosed in the provided information.
MWR Infosecurity, a cybersecurity firm, previously demonstrated that a pre-prepared smart card could be used to harvest card numbers and PINs from a Chip and PIN terminal. This method, demonstrated earlier this year, could be a possible means for criminals to exploit the discovered flaw in Chip and PIN cards using compromised devices or smartcards to install malware.
The researchers express concern that, similar to the banking industry's assurances about credit risk management before 2008, regulators have been overly trusting of industry assurances about operational risk management. They call on regulators to be more skeptical of card processing companies' security claims.
Bond and his colleagues reported the exploit to banks in February, but they have declined to comment. The search results do not provide information on which banks were informed by the researchers at the University of Cambridge about the potential risk of "skimming" of chip and PIN cards or how those banks reacted.
Ian Shaw, CEO of MWR Infosecurity, stated that criminals are constantly testing these systems and it is surprising that manufacturers have done little to safeguard retailers and Chip and PIN card users. The specific ATM models with defective random number generators were not disclosed in the provided information.
The research emphasizes the need for improved security measures to prevent fraud in Chip and PIN transactions. As the world continues to rely on digital payments, it is crucial that the necessary steps are taken to ensure the security and integrity of these systems.
Read also:
- Reporter of Silenced Torment or Individual Recording Suppressed Agony
- Musk announces intention to sue Apple for overlooking X and Grok in the top app listings
- Cybertruck's Disappointing Setback, Musk's New Policy, Mega-Pack Triumphs, Model Y's Anticipated Upgrade Prior to Refresh (Week of January 25 for Tesla)
- Innovative Company ILiAD Technologies Introduces ILiAD+: Boosting Direct Lithium Extraction Technology's Efficiency Substantially
