The EMV global standard for electronic payments is widely used for
inter-operation between chip equipped credit/debit cards, Point of Sales
devices and ATMs.
Following the trail of the serious vulnerabilities published by Murdoch and
Drimer's team at Cambridge University regarding the usage of stolen cards, we
explore the feasibility of skimming and cloning in the context of POS usage.
We will analyze in detail EMV flaws in PIN protection and illustrate skimming
prototypes that can be covertly used to harvest credit card information as well
as PIN numbers regardless the type/configuration of the card.
The attacks are believed to be unreleased so far to the public (which however
does not mean fraudster are not exploiting them) and are effective in bypassing
existing protections and mode of operations.
As usual cool gear and videos are going to be featured in order to maximize the
presentation.