Reply to post: And when the payment is actually sought?

You can't always trust those mobile payment gadgets as far as you can throw them – bugs found by infosec duo

Anonymous Coward
Anonymous Coward

And when the payment is actually sought?

What then? When the card's cryptogram (generated with a value of 100) fails to match the cryptogram generated by the issuer (with a value of 123), the issuer just declines the transaction. So either the transaction is declined 'online' and the cardholder walks away empty handed, or the transaction is accepted by the merchant 'offline' and later rejected by the issuer after the customer has already walked away with the loot.

So it's more a potential attack by a cardholder on the merchant than it is that of a dodgy merchant against unsuspecting cardholders.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019