Sniffing real world EMV payment card protocol transaction

emv_sniffing_simtrace

Abstract
The objective of this report is to observe and describe a real world online transaction made between a debit card issued by an Estonian bank and a payment terminal issued by a Estonian bank. In this process we can learn how the EMV protocol works and which protocol features are used in a Chip-and-PIN card issued by an Estonian bank.

The transaction analyzed in this report was captured using a terminal from a friendly merchant in Tartu and using a Visa Electron debit card issued by SEB Estonia. The amount of transaction was 0.99 EUR. The transaction was performed in September, 2014. The full output (all requests and responses) with annotation can be found from the appendix.

The report has been published for UT course “Research Seminar in Cryptography (MTAT.07.022)”.

Links:
https://courses.cs.ut.ee/2014/cryptoseminar/fall/uploads/Main/mart-report-f14.pdf

One thought on “Sniffing real world EMV payment card protocol transaction

  1. mrtn

    APDU trace is OK, interpretation is not correct. The whole section 2.3 is wrong, that’s exactly how T=0 works (which is the only protocol supported by simtrace)

    Reply

Leave a Reply

Your email address will not be published.