C3Subtitles: 31c3: Practical EMV PIN interception and fraud detection
back

Practical EMV PIN interception and fraud detection

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
00:58:32
Language
English
Abstract
This talks follows our previous EMV research uncovering new findings as well as a detailed analysis of Chip & PIN fraud markers in order to benefit cardholders, as well as issuing banks, in preventing wrongful liability for fraudulent charges.

The EMV global standard for electronic payments is widely used for
inter-operation between chip equipped credit/debit cards, Point of Sales devices and ATMs.

In 2011, our "Chip & PIN is definitely broken" presentation uncovered an EMV design flaw that, by means of chip skimmers, allows for arbitrary PIN harvesting.

Since then, by consulting on EMV implementations and their behaviour under effective attacks, Inverse Path has assisted issuing banks, as well as cardholders, with successful resolution of cases involving wrongful liability for fraudulent charges.

Our updated research effort identifies and verifies new interactions between previous EMV attacks, which even further affect the protection, or lack of, that EMV provides for the PIN.

This presentation aims to fully empower both cardholders and issuers with an understanding of all applicable attacks, while also illustrating the relevant EMV fraud detection markers.

Such information is vital to enable cardholders to request the correct and relevant information necessary to claim fraudulent charges and to enable issuers and processors to prevent fraud in the first place.

Talk ID
6120
Event:
31c3
Day
1
Room
Saal 1
Start
4 p.m.
Duration
01:00:00
Track
Security & Hacking
Type of
lecture
Speaker
Andrea Barisani