Payment Wiki

PIN-OK attack
Short description: PIN OK is the group of attacks on EMV/chip card-present transactions. The idea is to bypass PIN checks using the "Offline PIN" cardholder verification methods. In order to do so, hackers need to implement the man-in-the-middle attack which will tamper the response from the card from "63c2" (PIN verification failed, 2 tries left) to "9000" (PIN was correct). After that the terminal will request an online cryptogram and the card will provide it.

Cryptogram Replay
Short description: As long as hackers know all cryptogram's input (amount, currency, date, etc.), they can precalculate the cryptogram in advance and use it without having an actual card. The ATC (Application Transaction Counter) field was implemented to mitigate this risk.