Questions tagged [emv]

EMV (Europay, MasterCard and Visa) is a standard for credit cards, commonly referred to as "chip-and-PIN".

48 questions
13
votes
3 answers

Why EMV cards cannot be cloned?

It's frequently stated that EMV cards cannot be cloned. I'd like to know, specially with commodity smart card readers/ writers, why is this true? What specific data cannot be read using commodity hardware, and what type of hardware would be required…
Jaywalker
  • 241
  • 1
  • 2
  • 6
12
votes
1 answer

How does Square Reader comply with EMV pin entry requirements?

Square recently launched their Square Reader physical device. AS well as accepting NFC based payments (e.g. Contactless or Apple/Android Pay, it also accepts Chip and PIN authentication. However the PIN entry takes place in an app on the smart phone…
Megan Walker
  • 223
  • 1
  • 7
7
votes
4 answers

Reading magnetic stripe on a credit/debit card with an EMV chip

Is there any way of knowing is a credit/debit card has an EMV Chip, by reading the magnetic stripe. This way I could deny the payment via magnetic stripe and ask to the customer to insert the card via EMV. How would it be possible or why it can't be…
Emilio
  • 73
  • 1
  • 4
7
votes
3 answers

Are RFID shielding sleeves/wallets necessary for payment cards?

I have seen advertised several times now products that claim to "protect" contactless payment cards (e.g. special sleeves, wallets). What exactly do these products protect against? Is it just protecting against inadvertently using the wrong payment…
JonnyWizz
  • 1,971
  • 1
  • 14
  • 34
4
votes
1 answer

Guessing PIN code of smartcard using brute force and offline reader

I came across this question Offline brute-forcing of a bank card PIN, which was asked 7 years ago. I'm currently exploring vulnerabilities in EMV protocol, and I wanted to double check if an idea I had in mind is viable. I came across a paper…
4
votes
1 answer

How to securely transfer DUKPT BDK between HSMs?

I'm trying to understand best practices and capabilities regarding the use of an HSM, e.g the Thales Payshield 9000. Specifically, I wish to securely transfer a BDK for DUKPT from one HSM to a second, without it ever being in the clear, or…
Nik
  • 171
  • 5
4
votes
2 answers

Does EMV protect against sniffing PAN data from untrusted network?

I have received conflicting information in regards to the security of PAN data on the wire. Can this be sniffed with properly configured EMV at an atm? To quote from the link…
Tyler
  • 43
  • 3
4
votes
2 answers

EMV as authentication technology and not a data security technology

I'm trying to wrap my head around what I view as EMV chip card security loopholes. Here's what I'm told about EMV. If a transaction is being recorded maliciously by a third party, they will get your account number, but: they will miss info…
3
votes
1 answer

Using chip and pin credit card for authentication?

I'd like to use a chip and pin credit card for authentication, that is to register a card into a system and then use it to log in (for demo/entertainment purposes only so bulletproof security isn't required). I've had the idea of performing a fake…
user42178
3
votes
1 answer

EMV(Chip) Cards - What's the point of having the chip card communicating directly to the authorising server? & Clarification of CDA in EMV

Ok I understand from my research that the Chip Card creates an AC Key(MasterKey+AccNumber) to communicate with the authorizing server securely (3DES key to have encrypted communication) but I don't understand the following.. What's the difference…
3
votes
1 answer

Advantages of using a Digital Signature Scheme (DSS) with Appendix instead of DSS giving Message Recovery

I've been looking at the EMV draft specification (pdf) for using Eliptic Curve Cryptography in payment cards instead of the currently used RSA. One thing I've noticed is that they've moved from using the RSA Digital Signature Scheme (DSS) giving…
Peanut
  • 1,019
  • 1
  • 8
  • 22
3
votes
1 answer

Are there any transaction time constraints in EMV contact and contactless cards?

I am looking into EMV Contact and Contactless protocols, but I felt there were a few ambiguities which I would appreciate help with: Is the chip used in EMV Contactless capable of performing the same computations as the contact? I know that the…
3
votes
1 answer

Can someone clone emv chip card by knowing the magnetic stripe info?

Lets consider that someone skimmed the magnetic stripe of a credit/debit card which also has an emv chip. Can this info be translated and stored into an emv chip? And if this is possible, it is supposed that the information on the emv chips is…
3
votes
3 answers

What info this EMV chip "skimmer" was actually capturing?

Reading a security blog I found an article about an EMV skimmer designed to be inserted into the ATM's chip card slot. What info was this device actually capture? As far as I know there's definitely not enough info on an EMV card to perform an…
André Borie
  • 12,706
  • 3
  • 39
  • 76
2
votes
0 answers

Which keys does a bank typically exchange with a card scheme?

I'm trying to understand the different EMV-related keys that are shared between a bank who issues EMV cards and a card scheme, such as Visa or MasterCard. I understand the bank would typically generate an RSA key pair and request the scheme to…
Duncan Jones
  • 1,647
  • 1
  • 10
  • 14
1
2 3 4