Hacker News new | past | comments | ask | show | jobs | submit login

If you read the linked paper, this vulnerability is not limited to offline transactions.

Edit: clarification, there are sort of three types of transactions--

  offline - vulnerable to this (and a simpler attack)
  online w/ offline pin - vulnerable
  online w/ online pin - not vulnerable



Well, this article only applies to point of sale transactions, so it is either online or offline.

Offline transaction, meaning "authorized within the acquirer domain (at acceptance device, or at the acquirer host)". In other words, the transaction does not hit the issuer's system.

Edit: Even in an online transaction, offline pin is still performed, but the online would fail.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: