Abstract: Ten years ago, European countries started replaced mag-strip bank
cards with chip cards. They're finally coming to the USA too. What can we expect? In this talk I'll describe the European experience. "The attacks we expected mostly didn't happen, but others did. Terminals that were supposed to be tamper-resistant weren't, and the same happened with random number generators; in fact the whole certification system turned out to be a sham. A major protocol flaw still allows thieves to use stolen cards in merchant terminals without knowing the PIN; another allows malware in terminals to debit a series of transactions to the customer's card rather than just one. In fact, EMV is not so much a payment protocol, as a toolkit with which banks can build quite secure systems - or shockingly insecure ones. The latter seem to dominate, because the incentives are skewed. America may be no different; although fraud costs several billion dollars a year, interchange fees earn the banks tens of billions, so implementations may optimise for the latter rather than the former.