<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Thu, Oct 1, 2015 at 5:27 AM, Phillip Hallam-Baker <span dir="ltr"><<a href="mailto:phill@hallambaker.com" target="_blank">phill@hallambaker.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div>Are there any attacks against EMV that don't involve using the payment mechanisms that only require the card number?</div></div></div></div></blockquote><div><br></div><div>Yes, there is a rich history of attacks on EMV, e.g.:</div><div><br></div><div><a href="http://sec.cs.ucl.ac.uk/users/smurdoch/papers/oakland14chipandskim.pdf">http://sec.cs.ucl.ac.uk/users/smurdoch/papers/oakland14chipandskim.pdf</a></div><div><a href="http://krebsonsecurity.com/2015/04/revolution-crimeware-emv-replay-attacks/">http://krebsonsecurity.com/2015/04/revolution-crimeware-emv-replay-attacks/</a><br></div></div><div><br></div>-- <br><div class="gmail_signature">Tony Arcieri<br></div>
</div></div>