IC card systems based on the EMV specification are being phased in across the world, under names such as "IC Credit" and "Chip and PIN".
•
Cambridge University researchers Steven Murdoch and Saar Drimer demonstrated in a February 2008 BBC Newsnight programme one example attack, to illustrate that Chip and PIN is not secure enough to justify passing the liability to prove fraud from the banks onto customers.
•
The use of a PIN and cryptographic algorithms such as DES, Triple-DES, RSA and SHA provide authentication of the card to the processing terminal and the card issuer's host system.
•
For more details of this (specifically, the system being implemented in the UK) see Chip and PIN.
In 2008, after Kamkar's restriction from computers was lifted, he demonstrated weaknesses in Visa, MasterCard and Europay credit cards with Near field communication (NFC) and Radio-frequency identification (RFID) chips built in and released software demonstrating the ability to steal credit card information, including name, credit card number, and expiration date, wirelessly from these cards.
The electronic payment industry uses Triple DES and continues to develop and promulgate standards based upon it (e.g. EMV).
EMV |
In 2010, a highly portable Contactless Kernel was developed for Near field communication (NFC) enabled devices and embedded systems, completing the EMV product range.
He is also known for discovering several vulnerabilities in the EMV bank chipcard payment system (Chip and PIN).