Chip & PIN is definitely broken

Credit Card skimming and PIN harvesting

in an EMV world
Andrea Barisani
andrea!inversepath"#om$
%aniele Bian#o
daniele!inversepath"#om$
Chip & PIN is definitely broken - v1.4 Copyright 2011 Inverse Path S.r.l.
Adam &a'rie
adam!apert'relabs"#om$
(a# )ranken
*a#!apert'relabs"#om$

+hat is EMV,
EMV stands for E'ropay- MasterCard and VI.A- the global
standard for inter/operation of integrated #ir#'it #ards 0IC #ards
or 1#hip #ards12 and IC #ard #apable point of sale 0P3.2 terminals
and a'tomated teller ma#hines 0A4Ms2- for a'thenti#ating #redit
and debit #ard transa#tions"
IC #ard systems based on EMV are being phased in a#ross the
world- 'nder names s'#h as 1IC Credit1 and 1Chip and PIN1"
.o'r#e5 +ikipedia
Copyright 2011 Inverse Path S.r.l. Chip & PIN is definitely broken - v1.4

+hy EMV,

ICC 6 smart#ard

improved se#'rity over e7isting magneti# stripe te#hnology

8offline9 #ard verifi#ation and transa#tion approval

m'ltiple appli#ations on one #ard

Copyright 2011 Inverse Path S.r.l. Chip & PIN is definitely broken - v1.4

&iability shift

liability shifts away from the mer#hant to the bank in most

#ases 0tho'gh if mer#hant does not roll EMV then liability
e7pli#itly shifts to it2

however the #ardholders are ass'med to be liable 'nless they

#an 'n:'estionably prove they were not present for the
transa#tion- did not a'thori*e the transa#tion- and did not
inadvertently assist the transa#tion thro'gh PIN dis#los're

PIN verifi#ation- with the help of EMV- in#reasingly be#omes

8proof9 of #ardholder presen#e
Copyright 2011 Inverse Path S.r.l. Chip & PIN is definitely broken - v1.4

&iability shift

VI.A (ero &iability fine print 0;.25

%oes not apply to A4M transa#tions- PIN transa#tions not pro#essed by Visa- or
#ertain #ommer#ial #ard transa#tions" Individ'al provisional #redit amo'nts are
provided on a provisional basis and may be withheld- delayed- limited- or
res#inded by yo'r iss'er based on fa#tors s'#h as gross negligen#e or fra'd-
delay in reporting 'na'thori*ed 'se- investigation and verifi#ation of #laim and
a##o'nt standing and history" <o' m'st notify yo'r finan#ial instit'tion
immediately of any 'na'thori*ed 'se" 4ransa#tion at iss'e m'st be posted to
yo'r a##o'nt before provisional #redit may be iss'ed" )or spe#ifi# restri#tions-
limitations and other details- please #ons'lt yo'r iss'er"
Copyright 2011 Inverse Path S.r.l. Chip & PIN is definitely broken - v1.4

&iability shift
Canadian Imperial Bank of Commer#e 0CIBC2 spokesman =ob
M#&eod said in relation to a >?@-ABC fra'd #ase5 8o'r re#ords
show that this was a #hip/and/PIN transa#tion" 4his means Dthe
#'stomerE personal #ard and personal PIN n'mber were 'sed
in #arrying o't this transa#tion" As a res'lt- Dthe #'stomerE is
liable for the transa#tion"9
4he Flobe and Mail- @G H'n AI@@
Copyright 2011 Inverse Path S.r.l. Chip & PIN is definitely broken - v1.4

EMV adoption

IJ6AIIC EPC Card )ra'd Prevention 4ask )or#e presentation5

8Ban of magstripe fallba#k foreseen 0date to be de#ided29

as of @I6AI@@ magstripe fallba#k is still a##epted pretty m'#h

everywhere
Copyright 2011 Inverse Path S.r.l. Chip & PIN is definitely broken - v1.4

EMV is broken

." H" M'rdo#h- ." %rimer- =" Anderson- M" Bond- 8Chip and PIN
is Broken9 / ;niversity of Cambridge

the e7#ellent gro'p of resear#hers from Cambridge proved

that stolen #ards #an be s'##essf'lly 'sed witho't knowing the
PIN

the ind'stry #laims diffi#'lt pra#ti#ality of the atta#ks- at least

one bank rolled o't dete#tion6blo#king pro#ed'res
Copyright 2011 Inverse Path S.r.l. Chip & PIN is definitely broken - v1.4

.kimming- Cloning and PIN harvesting

skimmer5 hidden ele#troni# devi#e that inter#epts #ard $

terminal #omm'ni#ation and #olle#ts available data

we analy*e the pra#ti#ality of #redit #ard information

skimming- #loning and PIN harvesting on P3. terminals

we intentionally ignore magstripe skimming 0whi#h is still

effe#tive and widely 'sed2 and fo#'s on the #hip interfa#e
Copyright 2011 Inverse Path S.r.l. Chip & PIN is definitely broken - v1.4

A4M skimmers
Copyright 2011 Inverse Path S.r.l. Chip & PIN is definitely broken - v1.4

EMV skimmers

we predi#t that skimming the #hip will be#ome an e7tremely

appealing target to fra'dsters

the #hip interfa#e is inherently a##essible

it be#omes impossible for the 'ser to verify if the terminal has

been tampered as the #hip interfa#e is not visible 0'nlike most
magstripe one for P3. terminals2

an EMV skimmer #o'ld go 'ndete#ted for a very long time

and re:'ires little installation effort
Copyright 2011 Inverse Path S.r.l. Chip & PIN is definitely broken - v1.4

Copyright 2011 Inverse Path S.r.l. Chip & PIN is definitely broken - v1.4

Copyright 2011 Inverse Path S.r.l. Chip & PIN is definitely broken - v1.4

EMV skimmer

trivial installation by 8hooking9 with a spe#ial #ard

powered by the P3. itself

data #an be downloaded with a spe#ial #ard re#ogni*ed by the

skimmer

little development effort K #heap

Copyright 2011 Inverse Path S.r.l. Chip & PIN is definitely broken - v1.4

EMV smart#ards

information is stored on a filesystem organi*ed in appli#ations-

files and re#ords

the terminal talks to the #ard via AP%; messages for reading
re#ords and iss'ing #ommands
Examples:
00A404000E315041592E5359532E4444463031 <- Select '1PAY.SYS.DDF01'
0020008008246666FFFFFFFFFF <- e!"#$ P%& ''6666'(

the EMV skimmer #an inter#ept- read- man/in/the middle every

part of the terminal $ ICC e7#hange
Copyright 2011 Inverse Path S.r.l. Chip & PIN is definitely broken - v1.4

4erminal $ ICC e7#hange
@ L initiate appli#ation pro#essing
A L read appli#ation data
J L offline data a'thenti#ation 0if indi#ated in the AIP2
G L #ardholder verifi#ation 0if indi#ated in the AIP2
M L iss'er s#ript pro#essing
Copyright 2011 Inverse Path S.r.l. Chip & PIN is definitely broken - v1.4

=ead appli#ation data

stored with BE=/4&V templates and read by the terminal- some

e7amples5

ta) *ame
----+----------------------------------------
4# Appl"cat",* %-e*t"#"e! '%SA(
5#2- .a*)/a)e P!e#e!e*ce '"te*#!-e(
9#1# 0!ac1 1 D"sc!et",*a!$ Data
52 0!ac1 2 E3/"4ale*t Data
5#25 Appl"cat",* E##ect"4e Date
5#24 Appl"cat",* Exp"!at",* Date
5a Appl"cat",* PA& 'c!e-"t ca!- */m5e!(
8e 6a!-7,l-e! e!"#"cat",* 8et7,- '68( ."st
5#20 6a!-7,l-e! &ame
9#36 Appl"cat",* 0!a*sact",* 6,/*te! 'A06(
9#12 P%& 0!$ 6,/*te!
Copyright 2011 Inverse Path S.r.l. Chip & PIN is definitely broken - v1.4

EMV appli#ation data / magstripe #lone
Copyright 2011 Inverse Path S.r.l.
4he CVV 0AA?2 mat#hes the magstripe one only for #ards that do
not 'se iCVV 0a different stored val'e to prote#t against this
atta#k- introd'#ed in Han'ary AII? b't not present on all #ards2
Chip & PIN is definitely broken - v1.4

EMV appli#ation data / magstripe #lone

while the servi#e #ode on the magstripe might indi#ate that

the #hip m'st be 'sed- inserting a #ard witho't a readable
#hip will trigger magstripe fallba#k on all tested terminals

EMV skimmers #annot #lone s'##essf'lly to magstripe if iCVV

is 'sed

however it is fair to say that the possibility of massive

harvesting K being prote#ted by a J digits #ode is not a
#omforting s#enario
Copyright 2011 Inverse Path S.r.l. Chip & PIN is definitely broken - v1.4

EMV appli#ation data / online 'sage

appli#ation data #an be 'sed to perform Card Not Present

transa#tions 0online- phone- """2 with parties that do not #he#k
Card .e#'rity Code 0CVV- CVVA- """2 and do not employ J/%
se#'re 0Verified by Visa- MasterCard .e#'reCode also known
as phishing heaven2

if yo' think that the amo'nt of websites that do not #he#k the
se#'rity #ode is negligible"""think again

ironi#ally one of the a'thors has been defra'ded on s'#h sites

while this presentation was being written"""
Copyright 2011 Inverse Path S.r.l. Chip & PIN is definitely broken - v1.4

Copyright 2011 Inverse Path S.r.l.
optional se#'rity #ode
Chip & PIN is definitely broken - v1.4

Copyright 2011 Inverse Path S.r.l.
Ama*on 0"#om6"#o"'k6"it2
Chip & PIN is definitely broken - v1.4

3ffline data a'thenti#ation

depending on the #hip te#hnology three methods are

available5 .tati# %ata A'thenti#ation 0.%A2- %ynami# %ata
A'thenti#ation 0%%A2- Combined %ata A'thenti#ation 0C%A2

'sed by the terminal to validate the a'thenti#ity of the #ard

enables offline transa#tions where s'pported

never 'sed by A4M 0always online2

Visa and MasterCard mandate all #ards iss'ed after AI@@ to

'se %%A
Copyright 2011 Inverse Path S.r.l. Chip & PIN is definitely broken - v1.4

.tati# %ata A'thenti#ation 0.%A2 #ards

#heapest and most widely 'sed te#hnology

sele#ted re#ords 0advertised by the #ard and #'stomi*ed by

the iss'er2 are signed with a stati# signat're

symmetri# key is 'sed for online transa#tions

offline PIN verifi#ation is always #learte7t

8#: 6e!t"#"cate A/t7,!"t$ P/5l"c 9e$ %*-ex 'P9%(
90: %ss/e! P9 6e!t"#"cate
9#32: %ss/e! P9 Exp,*e*t
92: %ss/e! P9 :ema"*-e!
93: S")*e- Stat"c Appl"cat",* Data
Copyright 2011 Inverse Path S.r.l. Chip & PIN is definitely broken - v1.4

%ynami# %ata A'thenti#ation 0%%A2 #ards

#hip is more e7pensive- rare 'sage as of AI@@

stati# data validation 0against hash within #ertifi#ate2

dynami# data validation- terminal asks the #ard to sign data K

random n'mber with ICC PN

ICC PN embeds PAN 0limiting private key 'sage to this #ard2

offline PIN verifi#ation #an be #learte7t or en#iphered

8#: 6e!t"#"cate A/t7,!"t$ P/5l"c 9e$ %*-ex 'P9%(
90: %ss/e! P9 6e!t"#"cate 9#46: %66 P9 6e!t"#"cate
9#32: %ss/e! P9 Exp,*e*t 9#42: %66 P9 Exp,*e*t
92: %ss/e! P9 :ema"*-e! 9#48: %66 P9 :ema"*-e!
9#49: D$*am"c Data A/t7e*t"cat",* Data ;5<ect ."st 'DD;.(
Copyright 2011 Inverse Path S.r.l. Chip & PIN is definitely broken - v1.4

Chip #loning

.%A #ards #an be #loned and 'sed witho't PIN for offline
transa#tions only 08<es9 #ard2

%%A #ards #lone ineffe#tive for offline and online transa#tions-

however a valid %%A #ard #an be 'sed to pass offline
a'thenti#ation and perform fake offline transa#tion 0not tied
to the a'thenti#ation2

offline transa#tions are rare in E;

Copyright 2011 Inverse Path S.r.l. Chip & PIN is definitely broken - v1.4

4hreats

data stealing5 we dis#'ssed EMV skimming 'sage for

magstripe #loning and online 'sage

#ard stealing5 Cambridge resear#h shows that stolen #ards #an

be 'sed witho't PIN- hopef'lly this atta#k will be fi7ed

does state of the art EMV 'sage really prote#t against PIN
harvesting and therefore the 'se of stolen #ards,
Copyright 2011 Inverse Path S.r.l. Chip & PIN is definitely broken - v1.4

Cardholder verifi#ation

the #ard advertises to the terminal the #ardholder verifi#ation

method preferen#e via the CVM &ist 0tag ?E2
Cardholder Verification Method (CVM) Condition Codes
-----------------------------------------------------------------------------------------------------------------------------
="ts 8ea*"*) al/e
8 2 6 5 4 3 2 1
0 :F> &?A
0 Fa"l ca!-7,l-e! 4e!"#"cat",* "# t7"s 68 "s /*s/ccess#/l &?A
1 Appl$ s/ccee-"*) 6 !/le "# t7"s 68 "s /*s/ccess#/l &?A
0 0 0 0 0 0 Fa"l 68 p!,cess"*) 00 ,! 40
0 0 0 0 0 1 Pla"*text P%& 4e!"#"cat",* pe!#,!me- 5$ %66 01 ,! 41
0 0 0 0 1 0 E*c"p7e!e- P%& 4e!"#"e- ,*l"*e 02 ,! 42
0 0 0 0 1 1 Pla"*text P%& 4e!"#"cat",* 5$ %66 a*- s")*at/!e 'pape!( 03 ,! 43
0 0 0 1 0 0 E*c"p7e!e- P%& 4e!"#"cat",* 5$ %66 04 ,! 44
0 0 0 1 0 1 E*c"p7e!e- P%& 4e!"#"cat",* 5$ %66 a*- s")*at/!e 'pape!( 05 ,! 45
0 0 0 1 0 1 E*c"p7e!e- P%& 4e!"#"cat",* 5$ %66 a*- s")*at/!e 'pape!( 05 ,! 45
0 x x x x x al/es "* !a*)e 000110 @ 011101 !ese!4e- #,! #/t/!e /se 06-1D?16-5D
0 1 1 1 1 0 S")*at/!e 'pape!( 1E ,! 5E
0 1 1 1 1 1 &, 68 !e3/"!e- 1F ,! 5F
1 0 x x x x al/es "* !a*)e 100000 @ 101111 !ese!4e- #,! #/t/!e /se 20-2F?60-6F
1 1 x x x x al/es "* !a*)e 110000 @ 111110 !ese!4e- #,! #/t/!e /se 30-3E?20-2E
1 1 1 1 1 1 &,t a4a"la5le 3F ,! 2F
Copyright 2011 Inverse Path S.r.l. Chip & PIN is definitely broken - v1.4

CVM &ist

the CVM &ist is nowadays signed on all #ards- therefore it is

believed to be tamper proof

if the preferred a'thenti#ation method is S")*at/!e 'pape!(-

E*c"p7e!e- P%& 4e!"#"e- ,*l"*e or E*c"p7e!e- P%&
4e!"#"cat",* 5$ %66 then the PIN is not sent by the terminal
to the #ard

it is believed that only when Pla"*text P%& 4e!"#"cat",*

pe!#,!me- 5$ %66 is present and sele#ted from the CVM &ist
the PIN #an be harvested by the EMV skimmer
Copyright 2011 Inverse Path S.r.l. Chip & PIN is definitely broken - v1.4

A#tion Codes

ass'ming a s#enario with %%A only #ards and a 8se#'re9 CVM

&ist #an we still harvest the PIN ,

Iss'er A#tion Codes 0#ard2 and 4erminal A#tion Codes

0terminal2 spe#ify poli#ies for a##epting or reOe#ting
transa#tions 0'sing 4V= spe#ifi#ations2

Iss'er A#tion Codes and 4erminal A#tion Codes are 3=Ped

three kinds5 %enial- 3nline- %efa'ltQ the 3nline A#tion Codes

spe#ify whi#h fail're #onditions trigger online transa#tions
Copyright 2011 Inverse Path S.r.l. Chip & PIN is definitely broken - v1.4

A#tion Codes E7ample
9#0e %ss/e! Act",* 6,-e - De*"al '5 5$tes(: 00 00 00 00 00
9#0# %ss/e! Act",* 6,-e - ;*l"*e '5 5$tes(: #0 28 #c #8 00
9#0- %ss/e! Act",* 6,-e @ De#a/lt '5 5$tes(: #0 28 #c a0 00

translation5 8do not deny a transa#tion witho't attempting to

go online- if offline .%A fails transmit the transa#tion online9

in all tested terminals 6 #ards we were able to manip'late the

a#tion #odes 0when ne#essary2 so that tampering with the
CVM &ist wo'ld not res'lt in offline reOe#tion
Copyright 2011 Inverse Path S.r.l. Chip & PIN is definitely broken - v1.4

Copyright 2011 Inverse Path S.r.l.
CVM &ist downgrade

the modified CVM &ist is hono'red by the terminal whi#h

means that Pla"*text P%& 4e!"#"cat",* pe!#,!me- 5$ %66 #an
be presented enabling PIN harvesting for .%A6%%A #ards
Chip & PIN is definitely broken - v1.4

Copyright 2011 Inverse Path S.r.l.
transa#tion log5 #ard with online PIN verifi#ation
00a4040002a0000000031010 Select A%D '%SA(
00c0000022 Aet a--"t",*al -ata
80a80000028300 Aet p!,cess"*) ,pt",*s
00c0000010 Aet a--"t",*al -ata
0052010c00 :ea- -ata #"les...
0052010c40
0052011400
00520114c3
0052021400
0052021452
0052011c00
0052011c52
0052021c00
0052021c45
80ae80001-... Ae*e!ate A6 ',*l"*e t!a*sact",*(
...
Chip & PIN is definitely broken - v1.4

Copyright 2011 Inverse Path S.r.l.
transa#tion log5 same #ard with tampered CVM
00a4040002a0000000031010 Select A%D '%SA(
00c0000022 Aet a--"t",*al -ata
80a80000028300 Aet p!,cess"*) ,pt",*s
00c0000010 Aet a--"t",*al -ata
0052010c00 :ea- -ata #"les...
0052010c40
0052011400
00520114c3
0052021400
0052021452
0052011c00
0052011c52
0052021c00
0052021c45
80ca9#1200 Aet P%& t!$ c,/*te! '/*1*,B* le*)t7(
80ca9#1204 Aet P%& t!$ c,/*te! 'c,!!ecte- le*)t7(
0020008008241234ffffffffff Verify PIN (1234)
80ae80001-... Ae*e!ate A6 ',*l"*e t!a*sact",*(
...
Chip & PIN is definitely broken - v1.4

Copyright 2011 Inverse Path S.r.l.
Ba#kend dete#tion / 4erminal %ata
8 2 6 5 4 3 2 1 ="ts
---------------------------------------------------------------------
Terinal Verification !es"lts (#yte 1 of $)

1 x x x x x x x ;##l"*e -ata p!,cess"*) Bas *,t pe!#,!me-
x 1 x x x x x x SDA #a"le-
x x 1 x x x x x %66 -ata m"ss"*)
x x x 1 x x x x 6a!- */m5e! appea!s ,* 7,tl"st
x x x x 1 x x x DDA #a"le-
x x x x x 1 x x 6DA #a"le-
---------------------------------------------------------------------
CVM !es"lts (#yte 3 of 3)
0 0 0 0 0 0 0 0 /*1*,B*
0 0 0 0 0 0 0 1 Fa"le-
0 0 0 0 0 0 1 0 S/ccess#/l
68 :es/lts 5$te 1: c,-e ,# 68 Pe!#,!me-
68 :es/lts 5$te 2: c,-e ,# 68 6,*-"t",*
Chip & PIN is definitely broken - v1.4

Copyright 2011 Inverse Path S.r.l.
Ba#kend dete#tion / Card %ata
8 2 6 5 4 3 2 1 ="ts
---------------------------------------------------------------------
Cardholder Verification !es"lts (#ytes 1%2 of 4)
Coon Payent A&&lication '&ecification forat
0 0 x x x x x x AA6 !et/!*e- "* sec,*- AE&E:A0E A6
0 1 x x x x x x 06 !et/!*e- "* sec,*- AE&E:A0E A6
1 0 x x x x x x Sec,*- AE&E:A0E A6 *,t !e3/este-
x x 0 0 x x x x AA6 !et/!*e- "* #"!st AE&E:A0E A6
x x 0 1 x x x x 06 !et/!*e- "* #"!st AE&E:A0E A6
x x 1 0 x x x x A:C6 !et/!*e- "* #"!st AE&E:A0E A6
x x x x 1 x x x 6DA pe!#,!me-
x x x x x 1 x x ;##l"*e DDA pe!#,!me-
x x x x x x 1 x %ss/e! A/t7e*t"cat",* *,t pe!#,!me-
x x x x x x x 1 %ss/e! A/t7e*t"cat",* #a"le-
x x x x 1 x x x ;##l"*e P%& e!"#"cat",* Pe!#,!me-
x x x x x 1 x x ;##l"*e P%& e!"#"cat",* Pe!#,!me- a*- Fa"le-
x x x x x x 1 x P%& 0!$ ."m"t Excee-e-
x x x x x x x 1 .ast ;*l"*e 0!a*sact",* &,t 6,mplete-
Chip & PIN is definitely broken - v1.4

Ba#kend dete#tion

the atta#k e7e#'tion might be dete#ted by the ba#kend 0via

the 4V=- CVM =es'lts and CV= advertising failed data
a'thenti#ation and #learte7t CVM2 b't blo#king a #ard solely
on this information does not feel like a realisti# sol'tion

a downgraded CVM &ist with offline PIN K fallba#k to online

PIN might be 'sed to 8hide9 #learte7t CVM =es'lts and CV= by
answering in#orre#t PIN offline verifi#ation to the terminal
0witho't passing the #ommand to the #ard2- #'stomer wo'ld
be prompted twi#e for the PIN
Copyright 2011 Inverse Path S.r.l. Chip & PIN is definitely broken - v1.4

Ba#kend dete#tion

0'ntested2 it wo'ld be also possible for the skimmer to advertise

relevant offline a'thenti#ation re#ords from a stored valid .%A #ard
with a #onvenient CVM &ist for the a'thenti#ation phase- and 'se
the real #ard for the transa#tion- this wo'ld res'lt in 8#lean9 4V=-
CVM =es'lts and CV=

4erminal Capabilities 0RfJJ2- when re:'ested by the #ard via

C%3&@6C%3&A and sent by the terminal via FENE=A4E AC- #an be
inter#epted and rewritten to advertise only .%A #apability in #ase of
%%A #ard skimming

C%A is designed to prote#t against this b't it sho'ld still be

possible for the skimmer to for#e 'sage as an .%A #ard
Copyright 2011 Inverse Path S.r.l. Chip & PIN is definitely broken - v1.4

.'mmary

an EMV skimmer poses a serio's threat d'e to ease of

installation and diffi#'lt dete#tion

EMV data allows fra'd'lent 'sage on websites that perform

ins'ffi#ient validation 0as well as magstripe #lone for #ards that
do not 'se iCVV2

the PIN #an be always inter#epted despite #ard type 0.%A or

%%A2 and CVM 6 Iss'er A#tion Codes #onfig'ration

stealing an EMV #hip & pin #ard that was previo'sly skimmed
enables f'll 'sage and raises serio's liability #onsiderations
Copyright 2011 Inverse Path S.r.l. Chip & PIN is definitely broken - v1.4

Vendor =esponse

EMVCo anno'n#ed that the hole will not be fi7ed saying that
8when the f'll payment pro#ess is taken into a##o'nt- s'itable
#o'ntermeas'res are available9

MasterCard spokesman Han &'nde:'ist 0head of #hip prod'#t

management2 said in an interview that the EMV system is
simply too #omple7 for an easy fi7

In the Netherlands the hole has been reportedly #losed by

'pdating P3. firmware with a version whi#h apparently
disables plainte7t PIN verifi#ation for domesti# #ards 0believed
to be @IIS %%A2
Copyright 2011 Inverse Path S.r.l. Chip & PIN is definitely broken - v1.4

=e#ommendations

despite ind'stry #laims abo't red'#ed fra'd levels in o'r

opinion EMV is inade:'ate and overly #omple7- it sho'ld be
repla#ed with a simpler and #leaner sol'tion

#orre#tly implemented #rypto sho'ld be performed between

#ard $ ba#kend 0online2 or #ard $ terminal 0offline2 for
do'ble a'thenti#ation and preventing inter#eption6man/in/
the/middle atta#ks for every single step of the transa#tion

terminals #annot be tr'sted- PIN inp't and verifi#ation sho'ld

be #onfined on the #ard itself 0e/ink s#rambled to'#hpad2
Copyright 2011 Inverse Path S.r.l. Chip & PIN is definitely broken - v1.4

=e#ommendations

8pat#hing9 EMV is possible by disabling plainte7t PIN

verifi#ation on P3. and A4M firmwares preventing the
downgrade atta#k

despite some vendor response #laiming otherwise this wo'ld

play ni#ely with every #ard type as on/line PIN verifi#ation #an
be 'sed for .%A

a#t'ally on/line PIN verifi#ation #o'ld be 'sed all the time-

both North Ameri#a and E'ropean banks have reportedly little
'se for the whole off/line verifi#ation mess p'shed by EMV
and #o'ld do everything on/line"""
Copyright 2011 Inverse Path S.r.l. Chip & PIN is definitely broken - v1.4

#hip skimmer installations dated AII? have been reported in the
wild by law enfor#ement a'thorities after this presentation was
made available
Copyright 2011 Inverse Path S.r.l. Chip & PIN is definitely broken - v1.4

http566www"inversepath"#om
http566www"apert'relabs"#om
Copyright 2011 Inverse Path S.r.l. Chip & PIN is definitely broken - v1.4