Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

How Smartcard Payment Systems Fail

Black Hat via YouTube

Overview

Explore the vulnerabilities and failures of EMV smartcard payment systems in this Black Hat conference talk. Delve into the history of EMV implementation, its theoretical security benefits, and the practical challenges that have led to increased fraud. Examine fascinating attack vectors, including supply chain Trojans, protocol flaws enabling PIN bypass, and exploitation of freshness mechanisms. Analyze the governance and regulatory issues contributing to these security shortcomings. Learn about specific attacks like the "preplay" method, which mimics card cloning and undermines tamper-resistant electronics. Gain insights into the complex interplay between vendors, banks, merchants, and regulators in the EMV ecosystem. Understand the broader implications of these security failures as EMV technology expands globally, particularly focusing on its rollout in the United States.

Syllabus

Intro
The EMV protocol suite
Concept of operations
Fraud history, UK
Attack the crypto
Attack the optimisations
What about a false terminal?
Attacks in the real world
A normal EMV transaction
Blocking the 'No-PIN' attack
Card Authentication Protocol
CAP attacks through wicked shops
The preplay attack
Back end failures too...
Attack scale
Broader lessons

Taught by

Black Hat

Reviews

Start your review of How Smartcard Payment Systems Fail

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.