Hack lets attackers bypass MasterCard PIN by using card as a Visa

Hack lets attackers bypass MasterCard PIN by using them as Visa card

A new attack called a “card brand mixup” exploits vulnerabilities in a protocol used in credit cards to deceive a point-of-sale terminal into transacting with a Mastercard posing as a Visa card, The Hacker News reports.

Researchers from ETH Zurich demonstrated how the use of an Android application to initiate a man-in-the-middle attack enables the terminal and the card to interact while also manipulating the communications between them to create a mismatch between the payment network and the card brand.

By deceiving a payment terminal into activating a flawed EMV Kernel, the actors can induce the terminal to accept a contactless transaction with the card’s primary account number and application identifier indicating different brands, allowing them to perform a Visa transaction with the terminal and a Mastercard transaction with the card, the researchers said.

The researchers submitted their findings to Mastercard, which has since introduced several countermeasures.

New Hack Lets Attackers Bypass MasterCard PIN by Using Them As Visa Card

A new attack called a “card brand mixup” exploits vulnerabilities in the EMV contactless protocol used in credit cards and can be used to deceive a point-of-sale terminal into transacting with a Mastercard and make it believe the card is a Visa card, The Hacker News reports. Researchers from ETH Zurich demonstrated how the use of an Android application to initiate a man-in-the-middle attack enables the terminal and the card to interact while also manipulating the communications between them to create a mismatch between the payment network and the card brand. By deceiving a payment terminal into activating a flawed EMV Kernel, the actors can induce the terminal to accept a contactless transaction with the card’s primary account number and application identifier indicating different brands, allowing them to perform a Visa transaction with the terminal and a Mastercard transaction with the card, the researchers said. The researchers submitted their findings to Mastercard, which has since introduced several countermeasures.