PT-2021-04: AAC/ARQC cryptogram confusion

When an AAC cryptogram is requested, it can be substituted and presented to the tokeniser as an ARQC cryptogram. Moreover, when mobile phone declines the transaction due to risk management, some mobile wallets provide the AAC cryptogram and ATC, which can be used to authorise transactions. That...

CVE-2020-5943

In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, when a BIG-IP object is created or listed through the REST interface, the protected fields are obfuscated in the REST response, not protected via a SecureVault cryptogram as TMSH does. One example of protected fields is the GTM monitor password...

RBKmoney: Apple Pay cryptogram replay and amount tampering

During Apple Pay in-app or on-site payments the device generates a payment cryptogram, which contains a transaction ID, encrypted payment data, etc. This is an example of the cryptogram which the phone passes to the internet acquiring service on api.transferwise.com: "token": "paymentData":...

New PIN Verification Bypass Flaw Affects Visa Contactless Payments

Even as Visa issued a warning about a new JavaScript web skimmer known as Baka, cybersecurity researchers have uncovered an authentication flaw in the company's EMV enabled payment cards that permits cybercriminals to obtain funds and defraud cardholders as well as merchants illicitly. The...