(Traditional and New Recipes for Attacking EMV)

This paper surveys existing and new security issues aect- ing the EMV electronic payments protocol. We first introduce a new price/eort point for the cost of deploying eavesdropping and relay at- tacks - a microcontroller-based interceptor costing less than $100. We look next at EMV protocol failures in the back-end security API, where we describe two new attacks based on chosen-plaintext CBC weaknesses, and on key separation failues. We then consider future modes of attack, specifically looking at combining the phenomenon of phishing (sending unsolicited messages by email, post or phone to trick users into divulging their account details) with chip card sabotage. Our proposed attacks ex- ploit covert channels through the payments network to allow sabotaged cards to signal back their PINS. We hope these new recipes will enliven the debate about the pros and cons of Chip and PIN at both technical and commercial levels.