Comment Re: Chip and PIN (Score 1) 132
It's doubtful that offline mode could be enabled in firmware, certainly not without some serious work. But shimming the terminal 1. Intercepts the chip data stream, 2. Triggers an apparent non chip card insertion, 3. Captures the chip data and if the cracker is good, acts like a terminal and decodes data, 4. Sends stripe data as expected, 5. Terminal received the auth and is happy happy happy.
The shim stands in to intercept the chip data, fill the terminal intro accepting the card as a mag stripe, and doors leave the chip unsynched, which will either kill the chip or force a re sync and raise some innocuous alarms. Ask we care about if that it is possible to circumvent the chip.
IF the terminal permits swipe insertions. Many in EU will not, but if the cracker has modified the terminal firmware, all is lost. That is generally very difficult, checksums and signing and all that.