Slashdot Mirror

← Back to Stories (view on slashdot.org)

European Credit and Debit Card Security Broken

Posted by timothy on from the pounding-marks-for-euros dept.

Jack Spine writes "With nearly a billion users dependent on smart banking credit and debit cards, banks have refused liability for losses where an idenification number has been provided. But now, the process behind the majority of European credit and debit card transactions is fundamentally broken, according to researchers from Cambridge University. The researchers have demonstrated a man-in-the-middle attack which fooled a card reader into accepting a number of point-of-sale transactions, even though the cards were not properly authenticated. The researchers used off-the-shelf components (PDF), and a laptop running a Python script, to undermine the two-factor authentication process on European credit and debit cards, which is called Chip and PIN."

13 of 245 comments (clear)

  1. Man in the middle is Greece! by Orga · · Score: 2, Funny

    They finally figured out how to bail themselves out

  2. Ambiguous data as vali by Anonymusing · · Score: 2, Funny

    FTA: "The central problem with the EMV protocol is that it allows the card and the terminal to generate ambiguous data about the verification process, which the bank will accept as valid... while a PIN must be entered, any PIN code would be accepted by the terminal."

    That's a serious flaw. You've got to insist on data being valid if you are going to record it as valid.

    It's a good thing that we don't rely on ambiguous data in any other part of life.

    --
    Liberal? Conservative? Compare perspectives at Left-Right
  3. Sigh! Go ahead, by kclittle · · Score: 4, Funny

    ... blame Python! :)

    --
    Generally, bash is superior to python in those environments where python is not installed.
    1. Re:Sigh! Go ahead, by FooAtWFU · · Score: 2, Funny

      You know, they say a lot of things about Python, but at least it doesn't name two of the most basic and important language operations after the contents of address register and contents of decrement register like some (otherwise-spiffy (if you overlook the (numerous) parentheses)) languages out there.

      (Just the contents of cash register, apparently.)

      --
      The World Wide Web is dying. Soon, we shall have only the Internet.
    2. Re:Sigh! Go ahead, by Anonymous Coward · · Score: 1, Funny

      All I know is that the script could have been done in Ruby on rails in 1/2 a line. THAT'S HOW GOOD RUBY IS!!!

  4. Strike at the heart of the problem by OglinTatas · · Score: 5, Funny

    The researchers used off-the-shelf components (PDF), and a laptop running a Python script...

    It is long past time for governments to criminalize the use of Python.

    --
    More music, fewer hits
    1. Re:Strike at the heart of the problem by spun · · Score: 3, Funny

      The researchers used off-the-shelf components (PDF), and a laptop running a Python script...

      It is long past time for governments to criminalize the use of Python.

      Or at least criminalize its use... on a plane.

      --
      - None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
  5. Figures... by DoofusOfDeath · · Score: 4, Funny

    Leave it to an English university to focus on phish and chips...

  6. Re:Chip and Chip security... wait a second! by Cryacin · · Score: 2, Funny

    I bet the guy that signed off on the pin being stored on the chip is the same moron who's password is 1,2,3,4,5,6 and has it written on a post it note stuck to his monitor.

    --
    Science advances one funeral at a time- Max Planck
  7. There's a work-around! by SpaceLifeForm · · Score: 2, Funny

    Use Cash.

    --
    You are being MICROattacked, from various angles, in a SOFT manner.
    1. Re:There's a work-around! by DotNM · · Score: 2, Funny

      Yes it does. Zero liability will be assumed by anyone... and that's a promise!

      --
      There's no place like localhost
    2. Re:There's a work-around! by Anonymous Coward · · Score: 1, Funny

      Use Cash.

      OK, but what is the going exchange rate for L2 to RAM?

  8. Re:Chip and Chip security... wait a second! by ppanon · · Score: 2, Funny

    That's OK. The TSA already drilled out the lock the last time you flew anyways

    --
    Laissez lire, et laissez danser; ces deux amusements ne feront jamais de mal au monde. - Voltaire