Despite the advanced capabilities of the chip-enabled, debit and credit 
cards, fraud in payment transactions has not diminished - it has shifted. The 
reason lies in the lack of a trusted communication path between the smartcard 
and the cardholder. More explicitly, because users have no means of verifying 
the authenticity of the Point-of-Sales (POS) terminal, they do not know how 
much they are about to pay nor to whom. We propose to use the camera-enabled 
mobile phone and a previously shared secret to create a two-way, secure 
communication channel. Messages from the card are displayed by the POS 
terminal as visual codes, then captured and decoded by the phone. Messages 
from the card- holder are computed by the phone and manually typed in as 
one-time PINs. We extend the EMV payment protocol to provide explicit 
verification and confirmation of the transaction amount. In the process 
we also improve cardholder authentication, protect against stolen PIN 
and cards, and eliminate the POS terminal from the trust chain altogether. The 
implementation requires minimal software updates and no hardware modifications.