Name of the Vulnerable Software and Affected Versions MasterCard, Visa, American Express (affected versions not specified) Apple Pay (affected versions not specified) Samsung Pay (affected versions not specified) GPay (affected versions not specified)

Description The issue is related to insufficient authorization of ARQC cryptograms generated by mobile wallets. This could allow an attacker to use AAC cryptograms on tokenization services, which are generated by mobile wallets in cases where a transaction is declined by the wallet or payment terminal.

Recommendations For MasterCard, Visa, American Express, consider implementing additional authorization checks for ARQC cryptograms to prevent unauthorized use. For Apple Pay, Samsung Pay, GPay, restrict the generation of AAC cryptograms to only cases where a transaction is declined, and ensure proper authorization mechanisms are in place for ARQC cryptograms. At the moment, there is no information about a newer version that contains a fix for this vulnerability.