Researchers at the University of Cambridge this week revealed that they had identified a troubling defect in the propagation of one-off chip and PIN verification codes for EMV transactions. The flaw makes it possible for thieves to predict the next code that will be created by an ATM or POS terminal and essentially skim the smart card.

When an EMV-enabled card is used, a supposed "unpredictable number" is created to authenticate the transaction. However, an Information Age report said, when researchers tested chip cards at ATM terminals, they discovered that numbers issued by some terminals followed a pattern that could be identified and used to falsify transactions.

Visiting professor Mike Bond discovered the problem while reviewing a list of UNs that had been generated by an ATM in an apparent case of fraud. He and fellow researchers then tested a number of ATMs and found that some had faulty number generators.

"If you can predict [a UN], you can record everything you need from momentary access to a chip card to play it back and impersonate the card at a future date and location," Bond told Information Age. "You can as good as clone the chip."

Thieves can exploit this weakness either by locating a predictable number-generating device, or by installing malware on the device using a specially programmed chip card. The research have called for regulators to step up their efforts and not take processing companies' security claims for granted the article said.

For more on this topic, visit the EMV research center.

Related Content

User Comments – Give us your opinion!
Products & Services

White labeled mobile payment platform

http://global.networldalliance.com/new/images/products/6117.png

6117/White-labeled-mobile-payment-platform

Infobip USSD solution

http://global.networldalliance.com/new/images/products/6125.png

6125/Infobip-USSD-solution

Highway Toll Payment

http://global.networldalliance.com/new/images/products/6747.png

6747/Highway-Toll-Payment

Direct Operator Billing

http://global.networldalliance.com/new/images/products/6031.png

6031/Direct-Operator-Billing

Qwick Codes Mobile Wallet

http://global.networldalliance.com/new/images/products/4294.png

4294/Qwick-Codes-Mobile-Wallet

IPADĀ® PIN Transaction Device

http://global.networldalliance.com/new/images/products/4297.png

4297/IPAD-PIN-Transaction-Device

Multichannel Banking Platform - WinWebServer ( WWS)

http://global.networldalliance.com/new/images/products/6211.png

6211/Multichannel-Banking-Platform-WinWebServer-WWS

Premium SMS Billing (P-SMS) and Short-Codes

http://global.networldalliance.com/new/images/products/4525.png

4525/Premium-SMS-Billing-P-SMS-and-Short-Codes

BulleT wireless secure card reader authenticator

http://global.networldalliance.com/new/images/products/4296.png

4296/BulleT-wireless-secure-card-reader-authenticator

Payforit

http://global.networldalliance.com/new/images/products/5929.png

5929/Payforit

VAS Show London 2014
ATM & Mobile Innovation Summit
Request Information From Suppliers
Save time looking for suppliers. Complete this form to submit a Request for Information to our entire network of partners.