EMV security flaws highlighted by researchers

Despite the push for adoption of chip and PIN payments in the US, experts have warned that the EMV standard still holds significant security threats.

Speaking at the Black Hat security conference in Las Vegas on Thursday, Ross Anderson, a security engineering professor at Cambridge University with 25 years of experience in payment systems security, warned that EMV suffers from both regulatory and security problems, some of which have already been exploited in attacks.

While conceding that chip and PIN remains superior to swipe cards in many ways, Anderson highlighted a number of attacks possible against EMV that banks have tried to downplay as impractical or overly complex for cybercriminals to launch.

Researchers demonstrated to the Black Hat audience how they could take over mobile payment terminals by using a malicious EMV card. They declined to name any of the vendor devices, as not all of the flaws are yet patched.

Anderson told the audience:  “We’ve been using EMV in the U.K. for 11 years and have a lot of experience understanding how these things break. When this started, we thought we knew what the shortcuts were and what fraud would be, but reality was quite different.”

Related reading

Leave a comment