Slashdot Mirror
Possible Serious Security Flaw In ATMs
sfjoe writes "According to a story at MSNBC.com, researchers at Algorithmic Research (ARX) have shown it may be possible for 'someone with access to the ATM network to attack the special computers that transmit bank account numbers and PIN codes, called hardware security modules'. Using these methods, an attacker could trick the security modules into exposing a PIN. It has long been considered impossible to access PINs as they are traveling through the ATM network without the encryption key used by the card-issuing bank. If PINs can be compromised, the almost 8 billion transactions per year they handle may be in danger. Not to mention all the transaction at retail stores."
*Looks left and right*
Stop reading my tones!
You can't talk about Wikipedia's flaws on Wikipedia
Getting a bigger mattress to store my cash in.
All your PINs are belong to us.
Why does the bank send the PIN at all, I thought the point of chip and pin cards was one-way encryption handled by the card?
Shameless plugs and inaccessible site design FTW! - www.mistletoestreetmusic.com
I saw a news report the other day of a guy that hooked his a device (it may have been an iPod) to the back of an ATM where the phone line comes out, and intercepted the signal transmitting the information.
He was able to get credit card numbers, pins, and all of the other information transmitted, and stole a lot of money before being caught. And he wasn't caught by bank security or software, he was caught because a clerk was paying attention, IIRC.
Lose Weight and Feel Great with Isagenix
First one to refer to "ATM Machines" or "PIN numbers" gets slapped.
Was it just me, or did I read "ATM network" and thought that it meant Asyncronous Transfer Mode network?
I am surprised this has not surfaced before. Every piece of technology can be hacked if given enough time and access. The only way to remain secure is to stay ahead of the hackers. FTFA: The attack theory is significant because it has long been considered impossible to access PINs as they are traveling through the ATM network without the encryption key used by the card-issuing bank. I am really quite surprised that it was considered "impossible" to hack for so long.
Great webhosting, cheap rates! Enter code SlashdotDiscount
Since PINs are usually just 4 digits, aren't 8e9/1e4 = 800,000 transactions per year already in danger?
Every bank I know of with back-end offices here in NYC requires everyone passing through their building doors to use onetime password cards (usually RSA keycards) for access. Yet those banks all make us run around broadcasting our PINs to whichever fly-by-night ATM dispenses $100 latenight when we're drunk.
The cost of chipcards that generate onetime passwords, to protect from replay attacks, is minimal. Especially compared with fraud and theft. What's taking them so long?
--
make install -not war
"...the almost 8 billion transactions per year they handle may be in danger."
It was as if the entire NCC had suddenly received the news, and the voices of NCC staffers across the country had cried out as one. We could only look at each other in stunned silence, afraid to speak, as if any utterance would risk making our greatest fear become real, and the terror would come out of the cold dark depths...t'would come for us - the KRACKEN!!!
It would be easier to simply use a video camera over the shoulder of an ATM visitor, and just as effective.
Using the information directly at an ATM to get a couple of hundred dollars would be too much effort, too high risk, and too little return. More likely, the PIN would be used to obtain larger sums of cash via other methods - calling in a bank transfer or something to that effect.
While on the surface it seems unlikely that somebody would go through the hassle, if one gained access to the ATM network, and had means to unencrypt the traffic at least in part, there is a great deal more potential for crime than simply obtaining an ATM PIN number.
Banks shouldn't be reliant on security at the switches either - all it takes is one bad employee to reduce the effectiveness of on site security to nothing, and I imagine with the pay rates they are kicking out, there are more than a few employees vulnerable to trouble of one sort or another.
So if someone cracks the system do they become "The Lord of the PINS?"
Sorry, obvious pun joke. Had to make it. Any others?
I realize this topic is mostly meant for using a card at an atm to take out cash and the like, but whenever I use my debit card to actually buy something, I make sure to use it as credit, even though most stores' touch-and-swipe pads love to default to a keypad to enter a pin. I just hit 'cancel' then 'credit' and sign the screen. No pin gets transferred, so I don't have to worry about anyone stealing it. Usually, they ask for an id because my signature is so awful (added security for me). I get points for my purchases, which I may be able to redeem within the next decade. And best of all, if anyone does decide to defraud me this way, Visa and my bank will give me the stolen funds back (my bank covers the $50 or so 'deductible' that Visa normally wants). To quote Micheal Scott, it's a win-win-win. I'm safer, my money's safer, and Sam Walton gets less profits because he now has to pay Visa processing fees.
2^4 * 3 * 20929
Windows as a lot Security Flaws in why can't they keep using os2 or why can't ibm come with os2 for atm's?
Some of us do not have a bank right on our corner. It would likely be a three hour ride on two different transit systems for me to get to my home branch. (Hey, I used to bank in an entirely different city 200+km from where I live). Since I only need to go to the branch once or twice every five years, it is not worth the hassle of switching. Internet and ATM is the way to go.
When our name is on the back of your car, we're behind you all the way!
OK, so let's say you've either hacked the ATMs or some other aspect of the electronic banking system so you can make any ATM dispense as much cash to you tell it to dispense (limited only by the amount of cash the ATM contains). Let's also say you want to be rich - not just rich enough to pay for your retirement ($50,000 per year for 20 year for a total of $1 million) but you actually want to be able to eat at expensive restaurants and hire attractive women to be nice to you.
To be precise, you want to be able to spend $100 an hour 24/7 for the next 50 years (attractive women cost at least that much). That's $100/hour * 24 hours/day * 365 days/year * 50 years or $43.8 million. So let's say you want to collect $44 million worth of cash from your hacked ATMs over the course of one year (if you keep hacking the ATMs any longer you risk getting caught). You're willing to work 40 hour weeks collecting the cash but you want two week vacation. That means you have to collect $44 million in 2,000 hours. That's $22,000 every hour. Assuming you can visit one ATM every 10 minutes, you have to withdraw $3,666 (183 $20 bills) from each ATM without attracting attention.
The bottom line is that if you want to be rich, the electronic hacking is not the hard part. It's actually collecting all that cash.
Come on, post specifics. With Christmas around the corner we need all the help we can get. Have you seen the prices the new Elmo and P3s go for!
This higlights the danger in not using the open industry standard for telecommunications: the INTERNET PROTOCOL! Granted, ATMs and banking networks have been around longer than the last 20 years when Internet adoption exploded. But all they need to do is update their networks to use an IP layer, and then encrypt the traffic with IPsec or TLS. Then you have end-to-end security on any communication channel, whatever the traffic flows. Problem solved?
There is the assumption that the PIN is transmitted "in the clear" across the internal ATM/Pinpad network. I only know about pinpads, but in pinpads the PIN is encrypted in hardware using a key that changes each time. I would assume ATMs are equally secure. In some countries, I understand the entire transaction (PIN, amount, account number) are encrypted in hardware, so trying to replay the encrypted packet is a wasted effort. Any lack of security is caused by the same forces at play everywhere, the desire to use the cheapest "almost competent" programmers. In all fields "Point of Sale" related, I'm guessing 99.9% is now good enough rather than 99.9999%. I assume ATM's will follow.
I knew something smelt rotten the moment the first windows dialog box flashed on as I was entering my pin. Looking into it I found that a lot of ATMs nowadays run on Windows, some ATM software supplied by Diebold. It wouldn't surprise me in the least to find out that the ATM network is about as secure as Joe Six Pack's passwordless WLAN, XP SP1 ridden, all users admins, very own home network.
May the Maths Be with you!
Breaking News: Republican Congress rushes Vote-by-ATM bill through committee.
microsoftword.mp3 - it doesn't care that they're not words...
I worked for a developer that did bank card software and the parent is right about physical security. The banks have thought long and hard about security regarding their card payment operations and they are generally well thought out and practical. Implementation is excellent at the facilities I have been to.
The cost of chipcards that generate onetime passwords, to protect from replay attacks, is minimal.
Not even close. Everything about the change is gigantic considering they would need to somehow interoperate with what's out there now.
More importantly:
1. Security is not a "feature" the vast majority of consumers of anything use when deciding to buy something.
1a. Merchants absorb all of the fraud costs of using plastic, so no consumer cares.
1b. Much like the way automobile safety features were forced onto the auto manufacturers, there would be a great deal of FUD from the banks if more security was regulated into their business. Banks certainly don't want to spend *more* money on the customer.
If it's a big issue for you, you should probably stop using payment cards.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
I have seen several ATM's in the last year that have had:
1. Mouse pointer hanging out somewhere on the screen
2. error dialog box on the screen
3. debug message/status code at the bottom of the screen
4. Windows Login dialog flash by as the ATM is rebooting
I never remember any UI issues in the years past, and as a Q/A Engineer makes me worried/mad that stuff gets out into public... How many millions $ do banks pay for this stuff?
Of corse people here in the Phoenix area have been using older technology to steal ATM's... they have been pulling up with trucks/forklifts and just ripping the whole machine out of the walls...
As long as the ATMs in Chicago are secure I'll be fine ;-)
You can lead a horse to water, but you can't make it dissolve.
"an attacker could trick the security modules into exposing a PIN."
Damn, and all these years I thought computers were all about logic.
Now I come to find out that we can trick the damn things into doing our evil bidding.
Crap... all those wasted years.
it may be possible for 'someone with access to the ATM network to attack the special computers that transmit bank account numbers and PIN codes
Holy crap! People with access to a network can attack it? Next you're going to tell me that the only secure computer is one that's turned off, locked in a safe, and dropped to the bottom of the Marianas Trench.
https://www.eff.org/https-everywhere
Really, "If PINs can be compromised, the almost 8 billion transactions per year they handle may be in danger. Not to mention all the transaction at retail stores." take a breath and calm down. It's not like any kid off the street with basic knowledge of a computer is going to be able to walk into radio shack and hack his way into your bank account. This isn't the movies, it's reality in order to pull this off you would have to have someone working in a bank and monitoring the transactions who would leak, reroute, or copy this information. All activities which would almost instantly flag him or at least have him arrested the next day.
Hay guess what, that 16 year old who helped you in the washington mutual, when she pulled up your account info she had access to see how much funds you have, the type of accounts you have, and even your personal information like address and SS# - you want to know why she doesn't steal your info and cash? Cause she'd get found out very quickly arrested.
Ave Molech Setting
I'm sure it's just a coincidence that Algorithmic Research (ARX) is a vendor of security solutions, including HSMs , and that ARX has been losing market share in that space for years and has a tiny market share (nCipher dominates the HSM market worldwide, Safenet, through acquisitions, has the next-largest market share, and then you start getting to competitors with very small market shares). I'm sure the researchers at ARX had no idea that almost all banks in the world use HSMs made by competitors of ARX and just wrote this paper to expose a very real security flaw, one that something tells me ARX HSMs don't allow...
FWIW, ARX was actually something of a leader and had some cool ideas... several years ago. I'm not sure whether it was because of financial trouble, incompetent management, neither, or both, but they were lapped by players like nCipher, Luna (now part of SafeNet), Utimaco, even Thales, which focuses on serving the credit card transaction market but doesn't have things like Diffie-Hellman key exchange because VISA and Mastercard don't require them, and yes, even the old low-cost option, Eracom (bought by Safenet in order to do away with a pesky competitor).
"It is nice to know that the computer understands the problem. But I would like to understand it too." --Eugene Wigner
A spokesman pointed out that you'd have to be on the same LAN segment as the Hardware Security Module to launch this attack. Considering that a technician with an infected laptop once put viruses onto ATMs, this is less comforting than it might be.
(Still trying to wrap my head around every "switch" (router?) in the network decrypting and re-encrypting the PIN block. These being systems outside the control of the data owner).
'msnbc' should instantly give you a clue that this is fear mongering... what else can you expect?
I work at a 'switch' that the article describes. It would be REALLY hard to do what they are describing, even having inside access. Not to say it couldn't be done, but the person doing it would have to have some serious clearance to get access to the HSM and the system it is on. If they do have that kind of access, it is pretty unlikely that they have the technical know-how to go about doing what the article describes.
Usually the people that have the technical know-how don't have userid's or passwords to the production system, never mind the HSM.
I would be much more worried about someone with a hidden camera getting your PIN in a gas station than this. Alot cheaper and easier to pull off.
There's another lesson about allowing too many options in your crypto protocols:
The problem appears to be fact that intermediaries in the network have to decrypt and reencrypt the PIN and related information.
It is generally considered safer to do end-to-end encryption. The first ATM encrypts all the information and the intermediaries just pass through a collection of bytes (without needing to know what the bytes mean), once the bytes reach the target bank, the information is decrypted, verified and the response is send back (possibly encrypted as well). This way all tempering at intermediary hops is eleminated (assuming the encrytion has no flaws).
They're supposed to check your signature, but not your ID.
Remember those Visa Check Card commercials from a few years back, where some easily recognizable celebrity would walk into a store without his ID, try to pay for something with a check, and be frustrated when the clerk couldn't recognize him? The point was you don't need ID when you pay with Visa, you just need your signature. In fact, it's against Visa's merchant rules for a store to require ID with a purchase: they can ask, but if you refuse, they still have to go through with the transaction. (If they won't let you pay without ID, call (800) VISA-911 and file a complaint.)
Visual IRC: Fast. Powerful. Free.
The saddest of all this is that the ATM implementation as it is used in the US suffers from quite a lot of security concerns, whereas one of the very first multibank banking systems was able to a much better job at security earlier on. Take for example BANCONTACT (BankSys in Belgium). They engineered the system to avoid transmitting the PIN, and to avoid requiring banks to actually record the PIN anywhere in their system. While a lot of the finer details are not really public, the core of the design revolves around building a concatenation of the account/card number, the PIN, and some other numeric identifiers that specify things like country code, bank code, etc... That number conveniently ends up being just enough digits to fill a 56-bit register, that with appropriate padding, turns into a 64-bit input entity for a DES-based encryption module. It isn't pure DES, and the key for the encryption is a combination of keys submitted by the participating banks. The result is what gets sent across the wire, and the banks (and BankSys) only uses that encrypted result as identifier. As such, there is no need to know the user's PIN (and in fact, it is really not stored). Of course, changes have been made to this design over the years (this was early 90s), but the back design goals remained the same: security!
Compare that to US banks that commonly can *mail* (through the US Postal Service) user's the PIN for their ATM card. I had that happen to me multiple times. Same with credit cards... All those notes in the mail to tell me what my PIN is... Plain stupid and very insecure.
It just shows how you can take a pretty well designed (and secure) system, even visit the designers and implementors to learn from it, and then to go back home and screw it up in various ways to make it less secure. Why? I honestly don't know.
I personally have experience configuring the HSM's and implementing the types of security referred to in this article. To understand how unlikely this hack is, I would have to go into a deep conversation with regard to how these HSM's are supposed to be configures and implemented. The brief version: Typically, PIN's are stored by your card issuer ONLY in their encrypted format. The keys that do the encryption are stored in the HSM and SHOULDN'T be exportable. When enter your PIN at a POS or ATM, it is 3DES encrypted and sent over the wire as an encrypted pin block (EPB). When an inbound EPB is fed into the HSM, the originating bank pulls an encrypted version of your PIN and feeds that into the HSM. The HSM _should_ be a black box and decrypts both in inside of protected memory, makes a comparison of the two PIN's, and returns TRUE or FALSE. PIN's are stored by the card issuer in encrypted form and are NEVER reversible to people. When you forget/lose your PIN, the card issuer will typically issue a new PIN. That's because they CAN'T read a PIN. The PIN is DES encrypted by a symetric 128-bit key that is encrypted by another key which is NEVER NEVER known to any human. If this hack is proposing to repeatedly "guess" EPB's until they get one right, or do EPB->EPB translation until they get something that makes sense.... you would be better off buying lottery tickets. LOL
Diebold: No, really, your honor! We weren't rigging your election, we're just incompetent! *Points to insecure ATMs*
:).
Sorry if that sounds a little trollish, but it really is what I first thought of when I read the headline
I've worked developing infosystems, often secure ones, for many banks, for over a decade. US, Canadian, European. Familiar depositors, commercial, credit corps, insurance, brokers, interbanks. Banks are a bizarre world of risk-averse analysis and dizzying unnecessary risk taking.
The cost of chipcards, and the key infrastructure, is minimal compared to the profits the banks make off of us. And compared to the costs of losses in security. And the costs of losing customers. What about the ATM thefts we're discussing in this story?
If security isn't a selling feature, why do I see several bank ads a day pitching their ID theft services?
If you think merchants absorb the costs of losses due to insecure cards, you don't know where merchants get their money from to pay their bills.
Currently banks do leave consumers paying the time, effort and risk costs of ID theft. That would be a good basis for consumer protection security requirement laws, because the banks haven't made the changes themselves, despite their self interest in doing so.
Just because banks are too lazy and complacent making vast, unprecedented profits despite their security problems and losses, as well as customer churn when burned by ID theft and fraud, doesn't mean that consumers should be unprotected. You know that banks didn't protect themselves from the overextensions that the 1929 Crash caused, right? Not even by 1934, when the Congress finally reformed banking. Though the 1895 Panic had a similar lesson to teach. And previous collapses, for hundreds of years.
Banks are like any protected upper-tier global corporate entitlement class. They spend their time shooting fish in a barrel, plucking the lowest hanging fruit. The only hard stuff is rigging the system to perpetuate their power to make ever more money. Depositors aren't important, except when they're regulated, or cause large losses in massive numbers - very rarely. And history shows that they don't change to reflect those savage lessons.
If you think the solution is for me not to use payment cards, rather than urge better security for people like me (most of us), then you deserve a corner office at a bank.
--
make install -not war
My thoughts exactly.
There must be some reason (I hope) but the security model that they're describing in TFA seems horribly flawed. It depends purely on the security of some black-box hardware modules embedded at different points in the system.
Basically, what they're saying is that there's no end-to-end encryption of your "PIN block" (PIN+Account number, don't ask me why they're transmitted together instead of separately with some random transaction identifier). Instead, the ATM encrypts it for the next machine in the network, where it's decrypted and re-encrypted inside an (assumedly secure) hardware module. Then it's passed to the next link in the chain, ad infinium.
This wouldn't be bad, if the ATM first encrypted the PIN block using the public key of the eventual destination bank -- after all, the intermediate machines have no reason to actually know your information, they're just shuffling bits. However, to just use this transmission-level wrapper without actually encrypting the data seems horrifically stupid. It's nothing but 'security through inconvenience.' (It's not exactly even obscurity, since people seem to know how the system works, they just make it inconvenient to intercept the information by making the places where it's unencrypted relatively small.) From a crypto perspective, it's a broken system.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
I've read a lot about encryption exploits and this has to be one of the simplest. No compute power, no tricky timing, nothing. I'm amazed it's taken this long for such a simple exploit to surface. To address most of the comments by class:
Why are the banks so stupid, they should encrypt end-to-end, use better protocols, etc
The system is 30 years old and evolved from different networks that were glued together over time. The fundamental assumption being that only the physically sealed HSM boxes handle decryption/encryption, and that any snooping/forging of data between HSMs is not a threat. Which has been proven wrong.
It would be easy to catch perps
Maybe in the West it would. But not so easy when someone is pulling cash from the Middle East or the ex-Soviet block countries for example. No encryption keys are assumed known. The actual ATM time required is only 100 transactions with incorrect pins and arbitrary account numbers. A fair number of HSM transactions are required, but this can be automated from an infected machine within a bank or waypoint. No HSM or encryption hacking itself is required.
The data is encrypted and so it's one in a billion to crack it
The encryption is never broken here. The point is that a very limited number of plaintexts are exploited (10,000) via attacking the least secure PIN transport format, in combination with a practically constant "transport" key, resulting in the ability to directly compare encrypted output against a table to determine the PIN that is within an arbitrary EPB that is reformatted to the insecure format (a standard operation for the HSM).
They can fix the protocol
Not without overhauling a lot of infrastructure that's been built up for 30 years, belonging to a lot of different entities in a lot of countries. Who's gonna pay for all that?
You never could trust dodgy ATMs, tellers, etc
True, but they also stand a much greater chance of being caught. They are the endpoints, which were always an issue. Now anyone with access to the data going in and out of an intermediate HSM can steal your pin, which is a much more anonymous situation.
The net effect of this is that you should watch your bank account for withdrawals you didn't make (duh). Especially if you are pulling money in foreign countries. The banks are going to need to roll out fixes to this, probably starting with more direct routes from ATMs to the host bank. We may see "trusted" ATMs popping up in the interim (i.e. "this ATM is certified, and has a direct link to Wells Fargo").
... they automatically "downplay" it. Its pure psychology.
Do they really think we are that stupid?
Thank you, israeli researchers, but it seems you missed the 2003 paper of Cambridge, UK researchers, which describes exactly the same kind of attack:0 .pdf
http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-56
If i understand how smart credit card function the pin is just used to identify yourself to the card,
so these problems seems unexistant in country using smart card instead simple magnetic bands.
The use of smartcards won't make a difference as the authorization code still has to travel across the network. As this article points out it is this security system that is open to being hacked. As such all pins, data are exposed.
"a fundamental weakness in the system that banks use to keep debit card PIN codes secret while they are transported across bank networks"
was Re:Not possible with smart cards
davecb5620@gmail.com
This was stored as an image for some reason
a cking_bankc.html
"At the STM, the information is combined into a format called a PIN block, scrambled, then passed along the network. The intermediate steps are called switches, and these are rarely owned by the cardholder's bank. So at each step, the PIN block is unscrambled and rescrambled with a new key i a machine called a hardware security module (HSM). It's at these intermediate points where hackers could trick the machines into divulging PINs, Israeli researchers say."
Actually a UK security researcher published a method of getting the HSM to divulge the master key. These are delivered to the bank and require two people to enter unique keys to program for use. The method involved successively entering these keys the results from which the master key can be deduced. The original URL seems to have disappeared.
http://www.schneier.com/blog/archives/2006/11/att
On another note, does anyone remember when phantom withdrawals were a regular occurrence here in the UK. Well later on it was discovered that the staff at the card issuing facility had discovered a way of producing ATM cards with the same three PINs. They then sold on the PINs to the criminal fraternity. That URL has also disappeared.
davecb5620@gmail.com
There are only a handful of organizations that host ATM networks. They frequently publish and impose audits to ensure the money is safe. As we all know, technology and its conveniences make life a lot smoother for us. Thus, I will continue to use electronic mediums to transact business to prevent standing in a bank line...As one individual posted, let enough people get ripped off and you will see the situation addressed (paraphrased). Of course, you can count on one thing for sure, if an official in Washington is a victim of electronic fraud through the use of an ATM, you can bet, ATMs will become more regulated. However, a word of caution, I'd rather have private corporations ensure ATM networks are secure for electronic exchanges instead of the government. History shows that more penetration comes from within their (government's) confines instead of the general public overall.
If security isn't a selling feature, why do I see several bank ads a day pitching their ID theft services?
Because this is easier and more profitable than going to a proper microprocessor smart card. More importantly, the banks get to promote the perception that they are running a tight ship.
I entirely agree with your comments regarding the history and profile of banking. In the U.S. anyway, it seems policy/regulation is not preventative. Sadly, I think another massive failure will be required.
Your comments show you do indeed have first-hand experience in banking. How would individuals go about starting a competitor to the current banking system? Seriously, what would it look like? I want to hear your ideas. mpapet(nospam)@-stillnospam-yahoo.com
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
your primary deposit account. Or, simply open a checking and savings account and disabled that stupid auto-replenish checking account from savings account option. Just remember to transfer money into your savings when you deposit money into the account. Now I don't remember for sure if you can access your savings account via the ATM (might be possible).
My checking account and savings accounts are held at different institutions for financial reasons (good APR). This has a nice side effect of letting anyone jack my checking account but leave my real savings safe.
I don't hold with any of this newfangled ATM hacking, either. Why back in my day we had to hack into banks with guns and dynamite and we liked it! Everyone at the branch would give you all the cash you wanted and they'd never ask you a lot of nosy questions, neither.
I think the best way for consumers to take these matters into our own hands is to start with controlling our own client HW/SW, including these bankcards. I mentioned elsewhere in these subthreads that I'd like my smartcard to keep transaction histories for multiple bank accounts in multiple banks. With an interface, maybe Bluetooth, for using my mobile phone as the GUI. The next step to making the smartcard encrypt the transactions for transmissions thru a transparent ATM that's merely the gateway to the bank WAN would be very short. It wouldn't be hard for people to pressure a small bank among the account maintainers to go with the end-to-end encrypted system with OTP. Maybe a credit union, or a large corporation/association's health insurance claims. Then the others would hurry up to compete, even before understanding the specific benefits.
In other words, consumers must sieze control of our transactions, and level the playing field for all the account maintainers. Then raise the bar on one institution, and watch the others follow. The economics do work, but they must be applied.
This will probably happen naturally in the US within 15 years. I just want to cut our losses now.
--
make install -not war
I'd like my smartcard to keep transaction histories for multiple bank accounts in multiple banks.
Better e-purses already do this. They don't do multiple bank accounts though. That would require either multiple e-purses or "one purse to rule them all..."
encrypt the transactions for transmissions
Better epurses do something like this now. Essentially mutual authentication followed by password. From there the entire transaction is encrypted between the terminal and the card. The beauty of a proper smart card is to handle all of the transaction on-terminal. Eliminates most of the PIN database problems. Most of the rest of the world is moving quickly to this kind of banking. I'm not sure what will happen with U.S. being the *last* one.
bluetooth
Make this last on your list. This is *much* harder than it sounds.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html