Visa’s EMV enabled payment cards have an authentication flaw that permits cybercriminals to obtain funds and defraud cardholders as well as merchants illicitly. The flaw is a PIN bypass attack that allows the adversaries to leverage a victim’s stolen or lost credit card for making high-value purchases without knowledge of the card’s PIN. A second vulnerability involves offline contactless transactions carried out by either a Visa or an old Mastercard card, allowing the attacker to alter a specific piece of data called “Application Cryptogram” before it is delivered to the terminal.
Source: https://thehackernews.com/2020/09/emv-payment-card-pin-hacking.html