Your selected question
Are there any vulnerabilities related to contactless chip settings and transaction counters?
Transaction counters will be dynamically managed to reflect cardholder usage where possible; this may include taking into account volume of contactless transactions, cumulative value of contactless transactions, and/or a random element. To make fraud more difficult there is purposefully no industry standard.
The card issuer manages the counters during an authorisation when a PIN is entered. This could be during a standard chip and PIN transaction (when purchasing goods over £15); when using an ATM; or when asked to revert to chip and PIN during a contactless transaction.
The counters and chip settings are all protected by the application and programming on the card. The card issuer can only alter the counters during an exchange of secure messages when the card is used in an online transaction at a normal chip and PIN terminal or a cash machine. The chip settings are set in manufacture whilst the card is being personalised for each customer and cannot be altered after this.
How useful did you find the answer given?Not at all Very useful