Researchers at the University of Cambridge this week revealed that they had identified a troubling defect in the propagation of one-off chip and PIN verification codes for EMV transactions. The flaw makes it possible for thieves to predict the next code that will be created by an ATM or POS terminal and essentially skim the smart card.

When an EMV-enabled card is used, a supposed "unpredictable number" is created to authenticate the transaction. However, an Information Age report said, when researchers tested chip cards at ATM terminals, they discovered that numbers issued by some terminals followed a pattern that could be identified and used to falsify transactions.

Visiting professor Mike Bond discovered the problem while reviewing a list of UNs that had been generated by an ATM in an apparent case of fraud. He and fellow researchers then tested a number of ATMs and found that some had faulty number generators.

"If you can predict [a UN], you can record everything you need from momentary access to a chip card to play it back and impersonate the card at a future date and location," Bond told Information Age. "You can as good as clone the chip."

Thieves can exploit this weakness either by locating a predictable number-generating device, or by installing malware on the device using a specially programmed chip card. The research have called for regulators to step up their efforts and not take processing companies' security claims for granted the article said.

For more on this topic, visit the EMV research center.

Related Content

User Comments – Give us your opinion!
Products & Services

White labeled mobile payment platform


Infobip USSD solution


Highway Toll Payment


Direct Operator Billing


Qwick Codes Mobile Wallet


IPADĀ® PIN Transaction Device


Multichannel Banking Platform - WinWebServer ( WWS)


Premium SMS Billing (P-SMS) and Short-Codes


BulleT wireless secure card reader authenticator




VAS Show London 2014
ATM & Mobile Innovation Summit
Request Information From Suppliers
Save time looking for suppliers. Complete this form to submit a Request for Information to our entire network of partners.