Questions tagged [emv]
EMV (Europay, MasterCard and Visa) is a standard for credit cards, commonly referred to as "chip-and-PIN".
48 questions
0 votes
0 answers
5k views
Clone a credit card [duplicate]
I wanted to ask if it's possible to clone your own credit card (clone the emv chip) and copy it onto another emv chip with an emv reader/writer. Shouldn't this be easily possible without extracting ...
- 11
0 votes
2 answers
3k views
Is it possible to use a magnetic striped card with no emv chip to clone a credit or debit card with EMV chip inserted
If a credit card or debit card has a emv chip can it be successfully cloned onto a credit or debit card that does not possess a emv chip If so how does that work and will the ATM accept it
- 1
1 vote
1 answer
384 views
EMV choose crypto method between SDA/DDA/CDA
I'm a newbie in emv world. I'm trying to follow this flow: I'm in the third step. I have to manage the Offline Data Authentication. How can I negotiate the correct way (SDA, DDA or CDA) with the ICC ...
- 121
0 votes
2 answers
345 views
Can ISO 7816 (EMV) based smart card handle interrupts?
ISO 7816 smartcards are typically used in EMV transactions. I know that the card can perform arbitrary actions before sending a response to the terminal in a typical EMV transaction (e.g. signing ...
- 121
3 votes
1 answer
939 views
Are there any transaction time constraints in EMV contact and contactless cards?
I am looking into EMV Contact and Contactless protocols, but I felt there were a few ambiguities which I would appreciate help with: Is the chip used in EMV Contactless capable of performing the same ...
- 121
1 vote
1 answer
2k views
Are there any contactless (RFID/NFC) card vulnerabilities that are still unsolved? even minor ones
The title is pretty self explanatory. The market is pretty secretive about these kinds of matter since companies won't give out vulnerabilities for attackers to abuse and will give out vulnerabilities ...
- 25
2 votes
1 answer
2k views
Manually sending PIN Change/Unblock Command to IC card
In the EMV documentation (EMV Book 3 Section 6.5.10), the PIN Change/Unblock command provides the option to change or unblock a card's PIN, and also handles resetting the PIN Try Counter (EMV tag ...
- 121
4 votes
1 answer
3k views
Guessing PIN code of smartcard using brute force and offline reader
I came across this question Offline brute-forcing of a bank card PIN, which was asked 7 years ago. I'm currently exploring vulnerabilities in EMV protocol, and I wanted to double check if an idea I ...
- 121
1 vote
1 answer
758 views
Are wedge attacks on EMV cards still viable?
I was looking around to see if wedge attacks on EMV cards are still viable or a solution has been implemented, and if so, have attackers found another way around the solution? The latest literature or ...
- 25
2 votes
1 answer
2k views
How does debit/credit card shimming work?
Correct me if I'm wrong, but before EMV cards were introduced in the U.S., thieves would use card skimmers on ATMs and point-of-sale (POS) terminals (such as gas pumps) to steal the CVV1, which would ...
- 31
1 vote
1 answer
3k views
Does having 2 or more RFID-enabled cards in a wallet prevent all attacks?
I've heard about RFID-shielding wallets and even individual card sleeves, but my wallet has multiple RFID cards in it (credit card, bus card, building entry card), and if I tap my whole wallet on a ...
user230890
0 votes
1 answer
134 views
PIN transfer between payment schemes
I am wondering, if it should be possible to transfer PIN in case of migrating between different payment schemes like Mastercard or VISA. For example, when I have a card issued by Mastercard, and it ...
- 1,129
1 vote
2 answers
314 views
EMV Transactions vs Magnetic Stripe [closed]
In Mag stripe transactions, I've worked on solutions by which you get an initial small value Authorization and then can capture a full amount later using the transaction_id. E.g. The payment gateways ...
- 113
0 votes
1 answer
318 views
PCI-DSS scope: Using P2PE Compliant devices
We use EMV card readers to automate the payments at the entry and exit to our services. These card readers and the unattended payment terminals are fully PTS complaint and use P2PE encryption. Also, ...
- 61
0 votes
0 answers
501 views
EMV card secret key + PIN to generate HOTP key
The Open Authentication HOTP algorithm is considered very reliable when using a 160 bits long secret key. Suppose I have this idea to generate such a 160 bits long key without requiring any further ...
- 113