The SCD is a card-size device that can intercept, monitor and modify the data of an EMV transaction (EMV is the protocol used in Europe for smartcard payments). This device and the associated software are the result of my MPhil project. The main goal of the SCD was to offer a trusted display for anyone using credit cards, to avoid scams such as tampered terminals which show an amount on their screen but debit the card another (usually larger) amount.
However, the final result is a more general and open EMV framework that can basically do anything a card or a terminal might do. That is, the SCD can act as both a card or a terminal (or even a CAP device), and it can relay, monitor and modify a transaction between a card and a terminal.
We have successfully tested the SCD with many CAP readers and terminals. Among the applications implemented I mention: confirmation of requested amount before authorising a transaction, log of transaction data, PIN modification. We have been able to test also the No PIN vulnerability using the SCD. There is also a French reportage on this.
