Source publication: [ARP13]
Tag: security
Bank cards (debit cards) are smart cards used for payment systems. Most smart cards issued by banks or credit cards companies adhere to the EMV (Europay-MasterCard-Visa) protocol standard [EMVCo], which is defined on top of ISO/IEC 7816 [ISOIEC7816]. In [ARP13], LearnLib and some simple abstraction techniques were used to learn Mealy machine models of EMV applications on bank cards issued by several Dutch banks (ABN AMRO, ING, Rabobank), one German bank (Volksbank), and one MasterCard credit cards issued by Dutch and Swedish banks (SEB, ABN AMRO, ING) and of one UK Visa Debit card (Barclays). These models provide a useful insight into decisions (or indeed mistakes) made in the design and implementation, and would be useful as part of security evaluations – not just for bank cards but for smart card applications in general – as they can show unexpected additional functionality that is easily missed in conformance tests.