VISA 1FA EMV?
Date: 2020-09-08
Author: Martin Scholz, Versasec R&D Manager
Using strong authentication, two-factor authentication based on smart cards and PIN, EMV enabled a game changing shift in liability from the credit card companies, to the card holder. Is this still the case if the PIN is not used?
The popular NFC-based payment procedure enables payments of smaller amounts (below 50 EURO), by just tapping the credit card on the PoS without entering a PIN. Now it has been discovered that Visa’s EMV cards can by a simple man-in-the-middle (MITM) attack, be used also for larger amounts, without a PIN.
Researchers at ETH Zurich discovered a critical gap in a protocol used by the credit card company Visa. Other companies, such as Mastercard, American Express and JCB, don’t use the same protocol as Visa, so these cards are not affected by the security loophole.
- https://borncity.com/win/2020/08/29/visa-emv-karten-pin-autorisierung-bei-nfc-pay-ausgehebelt/
- https://emvrace.github.io/
vSEC:CMS
Our product suite provides all the software tools to administrate and manage credentials in a secure and convenient way.
Free Product Trial
Versasec provides enabling IT security products centered on the usage of security devices such as smart cards. Our solutions enable customers to securely authenticate, issue and manage user credentials more cost effectively. Get a free product trial.
Job Openings
We are always looking for new exceptional persons to join our team! Find out more about our job openings.
Versasec Support
Versasec customers with an existing support and maintenance contract can access the Versasec Support Portal, offering extensive professional support and maintenance services. The Versasec Support Portal offers a variety of services, allowing for customers and any site visitor to communicate directly with support engineers.
Company Blog
Our blog addresses the latest security trends and stories. The posts discuss how identity and access management are playing a larger role in keeping corporate data safe as well as brand reputations intact.