Inducing Authentication Failures to Bypass Credit Card PINs

Explore a critical security vulnerability in credit card transactions using the EMV standard in this conference talk from USENIX Security '23. Learn how researchers from ETH Zurich discovered a flaw in the offline data authentication mechanism that allows bypassing PIN verification for high-value Mastercard transactions. Understand the technical details of how integrity checks using RSA signatures and keyed MACs can be exploited, and see a demonstration of an Android app that modifies unprotected card-sourced data to trick real-world terminals. Gain insights into the potential risks of this vulnerability and the researchers' recommendations for addressing this security issue in payment systems.