This doesn't work in the US because we don't have smart cards.<p>Edit: My point stands that <i>this particular attack</i> does not exist in the US and people don't need to worry about it. Existing precautions against magstripe card skimming are adequate.
From my understanding of smart cards, I don't see how this is possible.<p>Communication between the card and the reader is typically done using encryption with a Diffie-Hellman key exchange with a man-in-the-middle resistant protocol. You would need to attack whatever encryption algorithm is being used, which is non-trivial even with physical access. You would need to either perform differential power analysis attack or a timing attack or attack a weakness in the algorithm.<p>Seeing as how one of the primary purposes of smart cards was to eliminate skimming and similar attacks, I can't fathom why any reader would ever be created that didn't support session encryption. Why use a chip if it's basically the same as a magnetic stripe? I'll plead ignorance on the workings of the European debit system as I'm Canadian and we're just getting smart cards now.<p>Does anyone have a better source than the linked article?<p>EDIT: Nevermind, apparently the security was broken a while ago:<p><a href="http://www.cl.cam.ac.uk/research/security/banking/nopin/oakland10chipbroken.pdf" rel="nofollow">http://www.cl.cam.ac.uk/research/security/banking/nopin/oakl...</a>