ETH Zurich researchers have disclosed a novel attack that could allow criminals to trick a point of sale terminal into transacting with a victim’s Mastercard contactless card while believing it to be a Visa card. The attack, dubbed “card brand mixup,” takes advantage of the fact that these AIDs are not authenticated to the payment terminal, thus making it possible to deceive a terminal into activating a flawed EMV contactless kernel. The attacker then simultaneously performs a Visa transaction with the terminal and a Mastercard transaction. Mastercard has added countermeasures to thwart such attacks.
Source: https://thehackernews.com/2021/02/new-hack-lets-attackers-bypass.html