Do you have a source for this? The EMV spec doesn’t include encryption of any da... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		closewith on July 25, 2022 \| parent \| context \| favorite \| on: Why are McDonald’s Self Service Kiosks so hackable... Do you have a source for this? The EMV spec doesn’t include encryption of any data sent to the terminal from the card. The transaction cryptogram is signed, however.

charles_kaw on July 27, 2022 | [–]

The terminals themselves use mtls to communicate and wrap the payload , wasn't referring to the payload itself.

closewith on July 27, 2022 | | [–]

That seems like a walkback? You said:

> However, the card terminal does not see unencrypted payment data.

The card terminal does see unencrypted payment data. Hard to see your comment as ambiguous?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact