Blog

Study calls EMV security into question

September 14, 2012

While many businesses have moved to more technologically advanced payment systems at credit card terminals, some researchers have indicated that the system is susceptible to security breaches.

While many businesses have moved to more technologically advanced payment systems at credit card terminals, some researchers have indicated that the system is susceptible to security breaches.

According to a recent study at Cambridge University’s computer laboratory, the EMV, also called “chip-and-PIN , could be easily hacked by using relatively unsophisticated counting tools. One of the biggest problems, according to researchers, is the “unpredictable numbers” formula that Cambridge professor Ross Anderson says could malfunction during a transaction. In the study, “Chip and Skim: Cloning EMV cards with the Pre-Play Attack,” Anderson and his colleagues point to specific issues that hackers could take advantage of.

“This leads to two potential failures: If the merchant terminal doesn’t a generate random number, you’re stuffed,” he said in an interview with Krebs on Security. “And the second is if there is some wicked interception device between the merchant terminal and the bank, such as malware on the merchant’s server, then you’re also stuffed.”

If the right precautions aren’t taken,credit card users could be susceptible when paying at a credit card terminal. In one recent case, as many as 500,000 Australian consumers were put at risk after Eastern European hackers were able to obtain information. One of the best ways to prevent these types of issues is by achieving PCI compliance.

Back To Blog