EMV's new vulnerabilities laid bare

There is mounting evidence that chip-and-PIN, or EMV, won't save retailers from data breaches. A new report from the Security Group at the University of Cambridge Computer Laboratory analyzed the EMV protocol and found it still had serious vulnerabilities.

The group has previously reported that cards can be used without knowing the correct PIN and card details can be intercepted as a result of flawed tamper-protection. This new paper, "Chip and Skim: cloning EMV cards with the pre-play attack," shows how it's possible to create clone chip cards which normal bank procedures will not be able to distinguish from the real card. Story