Security Loophole Renders PIN Code Ineffective
(ETH Zurich, September 01, 2020)
A team of ETH researchers recently discovered a serious security loophole in a protocol used by credit card company Visa, which would enable fraudsters to obtain funds from cards that have been lost or stolen, despite the fact that the amounts should be validated by entering a PIN code. Although the researchers were able to demonstrate that this fraud scheme works with debit and credit cards issued in different countries in a range of currencies, they have already alerted Visa to the vulnerability and proposed three changes that could be made to the protocol with minimal effort to solve this problem.