To the horror of their customers, it’s been revealed Visa contactless cards are as hackable as online transactions. Not only can PIN verifications be bypassed by fraudsters, but they can also hack payment points to process payments that far exceed contactless limits, meaning criminals could process hundreds of euros worth of fraudulent transactions on stolen smart cards.
‘The EMV Standard: Break, Fix, Verify’ study, published on 31st August 2020, has highlighted a serious security risk in Visa’s contactless debit and credit card chips after discovering an authorisation flaw. The study reveals how easily criminals can override card readers by bypassing PIN verification at payment points, processing high-value fraudulent payments that can exceed set contactless limits without arousing suspicion.
Limitless? How the Visa PIN bypass works
The researchers from ETH Zurich University originally aimed to understand the weaknesses of the EMV (named after founders Europay, Mastercard and Visa), the smart chip which can be found on smartcards.
After analysing the processes of authentication for contactless cards, the team discovered startling flaws which leave contactless users open to limitless criminal attacks. To demonstrate the gravity of the security risk, which allows fraudsters to override set limits by providers when making fraudulent payments, the researches created their own cryptogram app:
