European Credit and Debit Card Security Broken - Slashdot

Slashdot

European Credit and Debit Card Security Broken 245

Posted by timothy on Thursday February 11 2010, @05:52PM
from the pounding-marks-for-euros dept.

Jack Spine writes "With nearly a billion users dependent on smart banking credit and debit cards, banks have refused liability for losses where an idenification number has been provided. But now, the process behind the majority of European credit and debit card transactions is fundamentally broken, according to researchers from Cambridge University. The researchers have demonstrated a man-in-the-middle attack which fooled a card reader into accepting a number of point-of-sale transactions, even though the cards were not properly authenticated. The researchers used off-the-shelf components (PDF), and a laptop running a Python script, to undermine the two-factor authentication process on European credit and debit cards, which is called Chip and PIN."

This discussion has been archived. No new comments can be posted.

European Credit and Debit Card Security Broken

Search 245 Comments Log In/Create an Account

Comments Filter:

Man in the middle is Greece! (Score:2, Funny)

by Orga (1720130) writes: on Thursday February 11 2010, @05:54PM (#31105672)

They finally figured out how to bail themselves out

Share
twitter facebook
Ambiguous data as vali (Score:3, Funny)

by Anonymusing (1450747) writes: on Thursday February 11 2010, @05:56PM (#31105696)

FTA: "The central problem with the EMV protocol is that it allows the card and the terminal to generate ambiguous data about the verification process, which the bank will accept as valid... while a PIN must be entered, any PIN code would be accepted by the terminal."
That's a serious flaw. You've got to insist on data being valid if you are going to record it as valid.
It's a good thing that we don't rely on ambiguous data in any other part of life.

Share
twitter facebook
Sigh! Go ahead, (Score:5, Funny)

by kclittle (625128) writes: on Thursday February 11 2010, @05:58PM (#31105736)

... blame Python! :)

Share
twitter facebook
Strike at the heart of the problem (Score:5, Funny)

by OglinTatas (710589) writes: on Thursday February 11 2010, @06:01PM (#31105806)

The researchers used off-the-shelf components (PDF), and a laptop running a Python script...
It is long past time for governments to criminalize the use of Python.

Share
twitter facebook
Figures... (Score:5, Funny)

by DoofusOfDeath (636671) writes: on Thursday February 11 2010, @06:05PM (#31105864)

Leave it to an English university to focus on phish and chips...

Share
twitter facebook
Re:Chip and Chip security... wait a second! (Score:3, Funny)

by Cryacin (657549) writes: on Thursday February 11 2010, @06:10PM (#31105944)

I bet the guy that signed off on the pin being stored on the chip is the same moron who's password is 1,2,3,4,5,6 and has it written on a post it note stuck to his monitor.

Parent Share
twitter facebook
Re:Sigh! Go ahead, (Score:3, Funny)

by FooAtWFU (699187) writes: on Thursday February 11 2010, @06:17PM (#31106044) Homepage

You know, they say a lot of things about Python, but at least it doesn't name two of the most basic and important language operations after the contents of address register and contents of decrement register like some (otherwise-spiffy (if you overlook the (numerous) parentheses)) languages out there.
(Just the contents of cash register, apparently.)

Parent Share
twitter facebook
Re:Strike at the heart of the problem (Score:4, Funny)

by spun (1352) writes: <loverevolutionaryNO@SPAMyahoo.com> on Thursday February 11 2010, @06:40PM (#31106350) Journal

The researchers used off-the-shelf components (PDF), and a laptop running a Python script...
It is long past time for governments to criminalize the use of Python.
Or at least criminalize its use... on a plane.

Parent Share
twitter facebook
There's a work-around! (Score:3, Funny)

by SpaceLifeForm (228190) writes: on Thursday February 11 2010, @06:41PM (#31106364)

Use Cash.

Parent Share
twitter facebook
Re:There's a work-around! (Score:3, Funny)

by DotNM (737979) writes: <matt@mattdBOYSENean.ca minus berry> on Thursday February 11 2010, @07:09PM (#31106754) Homepage

Yes it does. Zero liability will be assumed by anyone... and that's a promise!

Parent Share
twitter facebook
Re:Sigh! Go ahead, (Score:1, Funny)

by Anonymous Coward writes: on Thursday February 11 2010, @07:17PM (#31106888)

All I know is that the script could have been done in Ruby on rails in 1/2 a line. THAT'S HOW GOOD RUBY IS!!!

Parent Share
twitter facebook
Re:Chip and Chip security... wait a second! (Score:3, Funny)

by ppanon (16583) writes: on Thursday February 11 2010, @11:44PM (#31109274) Homepage Journal

That's OK. The TSA already drilled out the lock the last time you flew anyways

Parent Share
twitter facebook
Re:There's a work-around! (Score:1, Funny)

by Anonymous Coward writes: on Friday February 12 2010, @03:39AM (#31110334)

Use Cash.
OK, but what is the going exchange rate for L2 to RAM?

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

995 commentsZimmerman Charged With 2nd-Degree Murder
910 commentsIn Nothing We Trust
811 commentsTSA's mm-Wave Body Scanner Breaks Diabetic Teen's $10K Insulin Pump
743 comments$60 Light Bulb Debuts On Earth Day
734 commentsWindows 8 Won't Play DVDs Unless You Pay For the Media Center Pack

I guess the Little League is even littler than we thought. -- D. Cavett