Archive for the ‘Security’ Category

It’s time for SDA and Plaintext Offline PIN to bow out gracefully

February 6, 2012 at 11:00 am

There’s no doubt that EMV is a great standard that has succeeded in providing a greater level of security for Cardholders, Merchants and Issuers alike. However, like anything that evolves there is always an element of junk DNA in the design. EMV has its fair share of junk DNA, the recent bad press (also read […]

EMV fallback scenarios to magnetic stripe

November 17, 2011 at 11:22 pm

In markets that don’t yet support EMV (such as the USA), there is no option but to process all payment cards using the magnetic stripe, even if the card is actually a chip card. Similarly, a U.S. card used in countries which have migrated to chip card technology still can be processed.  In EMV markets […]

Is the Chip and PIN Card Verification System Really Broken?

March 14, 2011 at 5:33 pm

In an address to the CanSecWest security conference this week, Inverse Path, a security research company claimed that “Chip and PIN is definitely broken”. This followed-up on concerns previously raised by Cambridge University that the international EMV standards that govern credit and debit chip card payments are flawed, which we commented on in this blog […]