undefined | Better HN

0 pointsnoodlesUK2y ago0 comments

The image shows the skimmer gadget sitting on top of the pin pad and the bottom card insertion slot (the one that takes a chip). On these card readers the magstripe reader is on the right hand side iirc. I’m wondering what you can do having connected to the EMV contacts and recorded the PIN. I suppose you could make a transaction, but it would have to presumably happen at the same time as the legit transaction (which would then immediately get flagged as fraudulent)

0 comments

throwaway429682y ago

Not much. The chip doesn't transmit any credit card numbers. What's really happening in an EMV transaction is the amount due is transmitted along with some identifying information from the host to the card reader. The reader then authenticates with the chip card using asymmetric cryptography. Once this authentication is done, the reader sends an amount due and the chip card checks its authorization rules, and responds with some encrypted data that represents the transaction amount and that depends on a private key embedded in the card. You could replay the transaction at the exact same time as it is happening, but you'd have to use the same amount due. And there are other identifiers for EG the terminal that you'd have to know. If you're curious, EMVco makes the specification available online in documents titled Book 1, Book 2, Book 3, and so on: https://www.emvco.com/specifications/

j / k navigate · click thread line to collapse

0 pointsnoodlesUK2y ago0 comments

0 comments

throwaway429682y ago

j / k navigate · click thread line to collapse