Academics bypass PINs for Mastercard and Maestro contactless payments

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
A team of scientists from a Swiss university has discovered a way to bypass PIN codes on contactless cards from Mastercard and Maestro.

The now-patched vulnerability would have allowed cybercriminals to use stolen Mastercard and Maestro cards to pay for expensive products without needing to provide PINs on contactless payments.
The research team said it disclosed its two PIN bypasses to both Visa and Mastercard (which also owns the Maestro brand).

Mastercard rolled out fixes to its network earlier this year, but Visa appears to have not addressed this issue.

The payments processor did not return a request for comment last year when this reporter covered the first bypass, and neither did this year, after the team’s USENIX talk.
Additional details about this attack are available in a paper titled “Card Brand Mixup Attack: Bypassing the PIN in non-Visa Cards by Using Them for Visa Transactions.”
 

Vasudev

Level 33
Verified
Nov 8, 2014
2,224
Thought of applying for new NFC contact-less credit cards with added rewards. Damn!
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top