Researchers at the Swiss Federal Institute of Technology in Zurich have discovered a flaw in the Europay MasterCard Visa standard, a standard that must protect the security of more than 9 billion cards. As reported by our colleagues at Numérama, the researchers exploited the flaw to show that an attack could make any payment without having the pin code of the card.
The amount of contactless card payments is usually limited to 50 euros. Once this amount is exceeded, the user must enter his card into a machine and enter his PIN code there in order to be able to make contactless payments again.
The researchers used two Android smartphones to carry out the “attack”.
If the attack could be reproduced by a criminal, it would be enough for him to steal a VISA card to settle any payment, without limit of amount. Scientists have insisted on the fact that this attack did not require an “elaborate hack”. Visa would have been warned of the breach.