EMV Broken by Inventing Card Response

EMV user verification uses several methods, one of them is a PIN entered by the user. However, please note that this proves the user identity to the card, not to the terminal. If no-one checks the security state of the card, this is pretty pointless. They simply catch the verification request sent to by the terminal to the card, throw it away and reply with a code that means "PIN was OK".

So what now? Actually, the responsibility for a correct transaction is with the merchant, because only the merchant has at least a possibility to ensure a correct transaction: If a proper terminal is used and there is no strange cable coming out of the card (see the video on the linked page) the transaction is still good. However, the damage goes to the customer, not the merchant.

And, of course, there is a huge hole in the protocol.

There is only one way to do it properly:

• User enters PIN
• Terminal asks card to sign the transaction
• card signs the transaction if and only if it has received the correct PIN

And everything done with mutual authentication end, message confidentiality and message integrity.

Where is the problem with this? It requires chips that are a little more expensive than the most simple ones. It's called "dynamic data authentication"and "Transaction Cryptogram" in the EMV world, but unfortunately it is not used in this case.