A new vulnerability has been identified that can enable hackers to bypass the PIN codes on Mastercard”™s contactless credit and debit cards.
The technology trade journal Cybersecurity News reported on a study by cybersecurity researchers at the Swiss Higher Technical School of Zurich that detailed a so-called “Man in the Middle” attack involving two Android smartphones, a custom Android application installed on both devices and a stolen Mastercard branded card.
In this attack, one Android device acts as a point-of-sale terminal emulator and is placed next to the stolen card while the second Android device works as a card emulator that would enable the transfer of modified transaction data into a real point-of-sale terminal.
According to the researchers, the attack can also occur on the Maestro branded cards issued by Mastercard. While incidents of this type of attack have been relatively limited, the researchers warned it could be expanded whenever new defects in contactless payment protocols are identified.
The Purchase-headquartered Mastercard did not publicly comment on the report.
