Smart Card Vulnerability




Smart cards do make transactions safer. However, the smart card does not distinguish the difference between a POS terminal or an illegal skim from a smartphone with a card reader app. Smart cards adhere to the standards set by EMV, which included various ISO/IEC standards. Yet the standard does not include any security measures against relay attacks or skimming offenses.

Electronic pickpockets have exploited these vulnerabilities with lab tests and independent researchers also demonstrating the ease on how the smart card security can be compromised.

In real-life scenarios, electronic pickpockets use freely available mobile apps together with a smartphone posing as a credit card reader. By walking through crowded areas, they can easily skim and harvest smart chip credit or debit card information by proximity to the victim without physical contact. Personal information is exchanged without the victim's knowledge.

More sophisticated forms of electronic pickpocketing include relay attacks, whereby the attacker relays information between two legitimate parties, without them being aware of the relay. The intercepted transmission is rebroadcast and credit card information is cloned.