European Payment Card Protocols Wide Open To Fraud

Trailrunner7 writes: Researchers have discovered serious security vulnerabilities in a pair of protocols used by software in some point-of-sale terminals, bugs that could lead to easy theft of money from customers or retailers. The vulnerabilities lie in two separate protocols that are used in PoS systems, mainly in Germany, but also in some other European countries. Karsten Nohl, a prominent security researcher, and two colleagues, discovered that ZVT, an older protocol, contains a weakness that enables an attacker to read data from credit and debit cards under some circumstances. In order to exploit the vulnerability, an attacker would need to have a man-in-the-middle position on the target network, which isn't usually a terribly high barrier for experienced attackers.

Not a shocker.

In order to exploit the vulnerability, an attacker would need to have a man-in-the-middle position on the target network

If an attacker already has a MITM presence on the network, you have larger problems. At least 75% of these "push the panic button" vulnerability reports assume the target has already been compromised in some way.

Re:No. They Said They Were Completely Secure.

Researcher have found a way to abuse the system. When it comes to the American payment cards everyone knows someone who has been the victim of actual fraud.