Be Prepared: The EMV Preplay Attack

The leading system for smart card-based payments worldwide, EMV (which stands for Europay, MasterCard, and Visa), is widely deployed in Europe and is starting to be introduced in the US as well. Despite this wide deployment, a series of significant vulnerabilities make EMV vulnerable to the preplay attack. Specifically, weak and defective random number generators and various protocol failures leave the system open to fraud at scale.