Vulnerabilities in the EMV protocol allow payments without PIN

The contactless payment protocol for EMV bank cards, named after its founders Europay, Mastercard and Visa, contains several security flaws that allow criminals to make payments without using the PIN code for amounts greater than the established limit, currently of € 50.

This discovery, the result of research by David Basin, Ralf Sasse and Jorge Toro, belonging to the Federal Polytechnic School of Zurich, shows that anyone who gets a Visa card, or even if they place an NFC phone at their On the other hand, you could make contactless payments exceeding the established limit, by modifying the transaction data.

Another vulnerability discovered allows payments to be made offline, tricking the payment terminal into accepting false transactions and not charging the user.