Download now Free registration required
PIN Entry Devices (PEDs) are critical security components in EMV smartcard payment systems as they receive a customer's card and PIN. Their approval is subject to an extensive suite of evaluation and certification procedures. In this paper, the authors demonstrate that the tamper proofing of PEDs is unsatisfactory, as is the certification process. They have implemented practical low-cost attacks on two certified, widely-deployed PEDs - the Ingenico i3300 and the Dione Xtreme. By tapping inadequately protected smartcard communications, an attacker with basic technical skills can expose card details and PINs, leaving cardholders open to fraud.
- Format: PDF
- Size: 1167.36 KB