EMV: attacks, solutions, and lessons presented at SEC-T 2009

by Saar Drimer (Computer laboratory),

Tags: Payment Card Security

Summary : Security-critical systems can appear to be secure in theory, but fail when deployed in practice. An example is "Chip and PIN", an EMV-based smartcard payment system deployed in the UK just over three years ago. In this talk, several practical attacks on "Chip and PIN" will be described and discussed in the context of design, certification, legislation, and usability problems, and how deployment changed the criminal landscape. Lessons will be drawn from the experience gained while analysing this closed security system, and from the industry\'s response to demonstrated security vulnerabilities.