A “critical” flaw in how contactless cards from Visa – and potentially other issuers – have implemented the EMV protocol can be abused to launch a “PIN bypass attack,” researchers warn. But Visa says the exploits would be “impractical for fraudsters to employ” in real-world attacks.
A team of security researchers from the Department of Computer Science at Zurich’s Swiss Federal Institute of Technology, aka ETH Zurich, say they have identified a flaw in the EMV – for Europay, Mastercard and Visa – protocol used by contactless payment cards, that can be exploited by an attacker to bypass having to use a PIN code to complete a high-value transaction.
