Academics bypass PINs for Mastercard and Maestro contactless payments


Level 85
Thread author
Top poster
Content Creator
Malware Hunter
Aug 17, 2014
A team of scientists from a Swiss university has discovered a way to bypass PIN codes on contactless cards from Mastercard and Maestro.

The now-patched vulnerability would have allowed cybercriminals to use stolen Mastercard and Maestro cards to pay for expensive products without needing to provide PINs on contactless payments.
The research team said it disclosed its two PIN bypasses to both Visa and Mastercard (which also owns the Maestro brand).

Mastercard rolled out fixes to its network earlier this year, but Visa appears to have not addressed this issue.

The payments processor did not return a request for comment last year when this reporter covered the first bypass, and neither did this year, after the team’s USENIX talk.
Additional details about this attack are available in a paper titled “Card Brand Mixup Attack: Bypassing the PIN in non-Visa Cards by Using Them for Visa Transactions.”


Level 32
Nov 8, 2014
Thought of applying for new NFC contact-less credit cards with added rewards. Damn!