Subverting PIN Encryption For Bank Cards

An anonymous reader sends in a story at Wired about the increasingly popular methods criminals are using to bypass PIN encryption and rack up millions of dollars in fraudulent withdrawals. Quoting: "According to the payment-card industry ... standards for credit card transaction security, [PINs] are supposed to be encrypted in transit, which should theoretically protect them if someone intercepts the data. The problem, however, is that a PIN must pass through multiple HSMs across multiple bank networks en route to the customer's bank. These HSMs are configured and managed differently, some by contractors not directly related to the bank. At every switching point, the PIN must be decrypted, then re-encrypted with the proper key for the next leg in its journey, which is itself encrypted under a master key that is generally stored in the module or in the module's application programming interface, or API. 'Essentially, the thief tricks the HSM into providing the encryption key,' says Sartin. 'This is possible due to poor configuration of the HSM or vulnerabilities created from having bloated functions on the device.'"

which PIN?

Are they talking about my PIN number for the ATM machine? I guess I should go RTFA article now.

Re:which PIN?

[bluesatin]

I guess I should go RTFA article now.

You're doing it wrong!

Wow

[Sir_Lewk]

Seriously? This is just incredibly stupid.

What ever happened to accessing the routing information but leaving the data encrypted? SSL really is not that complicated of a concept.

Re:Wow

[sakdoctor]

SSL was released in 1996

Banks prefer a conservative approach, using tried and tested 18th century steam punk hardware.

Re:Wow

[Cyberax]

Even over X.25 networks?

Re:Wow

[Sir_Lewk]

I'm not familar with the technical aspects of how exactly ATM machines work, but if the system preclude decent security I'd feel safe in asserting that they are doing it wrong.

Re:Wow

[Cyberax]

They are doing it wrong.

Re:Wow

[Marillion]

This isn't surpassing. Encryption is a two-edged sword. Encrypted data (including pin numbers) are useless until they are decrypted. When you have multiple vendors involved each vendor has it's own key. You can't have one key to rule them all because if that key leaks (and it would) then no data are safe.

Re:Wow

[raddan]

I think part of the problem is that ATM machines have, in the past, not used IP networks, because there was always a need to lay down a line (or a modem) that would connect to the financial network. Many financial networks predate the Internet, and many of them have stricter requirements than typical IP traffic (like QoS), and so, in many cases, you see other kinds of network architectures (like X.25). Given those conditions, strong encryption did not always make sense.

Now, there's nothing stopping you from using a higher-level protocol like SSL with other network architectures, but ATMs already have their own security mechanisms that predate SSL by a long shot, and the use of SSL, at least culturally, is tied pretty closely with TCP/IP. What surprises me, though, is that the HSMs must decrypt a message at every interchange, and re-encrypt it. I'm sure financial networks were around before asymmetric encryption was widely known or used, but they've had a long time to do this the right way now. The fact that these networks are still vulnerable to MITM attacks is pretty shocking.

Anyway, I don't know a whole lot about financial networks. Anyone care to fill us in?

Re:Wow

[Hatta]

Are you really surprised? If someone wants to drain your bank account, they don't even need to break any encryption, all the information they needed is written on your checks. They don't even need to forge a signature.

If banks were liable for fraud committed with the systems they designed, they'd design more fraud tolerant systems.

Re:Wow

[A.+B3ttik]

Banks prefer a conservative approach, using tried and tested 18th century steam punk hardware.

"I wasn't aware that boiling water could form allegiances."

But you're right.

One of the banks I go to still requires filled out deposit slips, ink signatures, and still has a "next business day before 2" in regards to processing your deposits. To that I say, "Come on, this is the digital age!"

One of the Banks I go to, the one near my college, does EVERYTHING instantaneously. You deposit money, it is now in your checking account. You can go outside to the ATM to withdraw it or go spend it at the supermarket. Pay with a debit card? It instantly deducts it from your account. Pay with the spoof "Credit Card" option? It deducts it that night.

Many banks are indeed stuck in the bygone era of paper trails and physical filing, when much faster, more convenient digital solutions are available.

Re:Wow

[superwiz]

Encryption is a two-edged sword. Encrypted data (including pin numbers) are useless until they are decrypted.

Not true. Unix passwords are never decrypted.

Re:Wow

[Thelasko]

The fact that these networks are still vulnerable to MITM attacks is pretty shocking.

Fortunately, most of these transactions aren't conducted on the public internet. If there is a MITM attack, the "Man" should be easy to find.

Re:Wow

[Ethanol-fueled]

One of the Banks I go to, the one near my college, does EVERYTHING instantaneously. You deposit money, it is now in your checking account.

Hah. I love how banks instantaneously deduct card transactions and even checks from your account, but you must wait at least few days for the portion of any deposit over $100 to kick in.

If I didn't have direct deposit I'd ask you where you bank. Citibank dosen't count because they don't have meatspace tellers anywhere.

Re:Wow

[xouumalperxe]

Not true. Unix passwords are never decrypted.

Not entirely true. You hash the password, and check it against the stored hash, sure. No decryption involved, because there's no "proper" encryption in there either. But how did the system get the password? If you're not connected to the machine locally, you're likely connected through telnet (which won't encrypt the password at all in transit, which is the matter here, or you're connected through SSH, which implies encrypting the password with the system's public key, then the server decrypts using its private key, hashes, and validates against the stored hash. (I'm probably omitting a couple of intermediate steps, but I think the gist of it is correct). Of course, sending the hash on clear text over the intertubes is as good as not having the passwords stored hashed to begin with. You can only trust a hash you calculated yourself.

Now, the real problem here, to me, is this: Sure, you need to decrypt and re-encrypt for each leg of the journey. But why is the ATM itself not encrypting the pin with the bank's public key, and then that gets routed along, with all the encrypting and decrypting, and what-have-you?

Re:Wow

[value_added]

One of the banks I go to still requires filled out deposit slips, ink signatures, and still has a "next business day before 2" in regards to processing your deposits. To that I say, "Come on, this is the digital age!"

You missed the overriding factor offered by the digital age which they use to earn interest on your money while it's on hold. By contrast, Really Important Customers (those with regularly high balances, etc.) rarely have any funds put on hold.

Compared with PayPal's 5-day period, it sucks a lot less.

Re:Wow

[u38cg]

Completely crazy, until you realise that while the money is in their possession for a couple of days they can lend it out on overnight rates. Lucrative business, trading on other people's money.

Re:Wow

[RubberDogBone]

What Hatta said.

Everyone is up in arms about protecting bank account numbers but YOU (all of you) hand over that same info every time you hold up the grocery store line while you pay for corn dogs with a check.

Every time you pay your mortgage or rent, power or gas bills, credit card bills, loan payments, even payments to the bill collectors.

If you pay by check, you have just handed your account info over to those people, and not only them, but their back office people, the clerks, and everyone else who might have access to the check.

And despite being paper, there's no paper trail over who might have seen your check, copied down the info they need, and made off with all they need to take all your money.

ATM and pin-based systems have their share of problems but the paper check system is even worse.

Would you give your scuzzy landlord access to your bank account? You do that every time you hand him your rent, even if your landlord is Mom and your apartment is Mom's Basement.

Re:Wow

[Dr_Barnowl]

To expand on the sibling poster, this isn't true, because there are a number of accepted ways of cryptographically proving that two parties both know the same information, without ever actually revealing what the information is.

The example the sibling gives of Unix password hashing works as follows ;

  * The user sets their password. A 1-way hash is stored in the password file.
  * Later, the user attempts login. The password he enters is put through the same 1-way hash and compared to the contents of the password file. If it matches, he logs in.

At no point is the password stored unencrypted, or decrypted from stored information. The most successful way of attacking this particular technique is called the Rainbow table, a precomputed list of all the possible hashes for a given range of values.

For data that was just 4-digit PIN numbers you'd not even need a table, once you'd deduced the hashing used, but there are various tricks to improve this (see article).

Re:Wow

[pha3r0]

Pretty much. My wife works at a CU doing all there ACH's, wires and such. Some of the stories she tells about running batch scripts to download files and how they have to make sure each day to delete the old files or they will just post all of yesterdays stuff again and my favorite, there bank actually has them use vanilla FTP to transfer check images...

No wonder the CU's took a billion dollar+ fraud hit this year

Re:Wow

[Cbs228]

Not true. Unix passwords are never decrypted.

The parent is, of course, referring to one way hashing (crypt, MD5, SHA-1, and the like). Unix passwords were originally stored in the /etc/passwd file for all the world to see—any user could open the file and see everyone's password hashes.

One-way hashes keep systems secure by virtue of computational complexity: an attacker must blindly try passwords (either by brute force or word list) until he finds the one that produces the correct hash. However, there are many different possible passwords. How many? If users use no more than eight letters or numbers, the total number of possible passwords is the sum from i=0 to 8 of (26+26+10)^i = 2.2192 * 10^14. Even at 10 million checks per second, it would take 256 days to check them all.

Unfortunately, I've never seen a bank that allows you any more (or less) than four digit PINs, which is only 10^4 = 1000 combinations. This makes one-way hashes less than useless for encrypted PINs: Anyone who knows how to compute the hash and possesses a list of hashed PINs could easily crack PIN numbers very, very quickly.

Re:Wow

[ToasterMonkey]

It doesn't have to do with routing, it's because each point to point connection uses a symmetric encryption key, shared in advance. That's what this boils down to, using symmetric key encryption, and needing to make several hops to the destination, instead of using PKI where you could easily share all keys with everyone and encrypt once. How else would you move encrypted data through a network with symmetric keys? You can't have every single issuer and acquirer exchanging symmetric keys with each other, it would be unwieldy. HSMs protect the keys at all times, and procedures are built around key management to ensure no one person can have all key components. The system is actually pretty sophisticated, and suggesting it could just be replaced with SSL is laughable. There's a lot more to it, especially the whole issue of how to manage trust if such a system were to go PKI. PKI only works if you're absolutely SURE you have the real public key, and this is not typically a problem when you're physically exchanging symmetric key components with the switches.

Re:Wow

[dfm3]

um... 10^4 = 10,000

Still much less than 10^14, though, so your point still stands.

Re:Wow

[compro01]

IIRC, my bank (RBC) allows up to 7 digits, though they recommend not using more than 4 due to lingering old stupid systems that won't handle more than 4 digits.

Re:Wow

[sysgeek01]

In the US, the only part of the transaction that is encrypted is the PIN number. All other information sent between the ATM and the card holders bank is sent in clear text. Some other countries require that the entire conversation between the ATM and card holders bank be encrypted, but I digress. The original encryption between the ATM and the host processing server is a 3DES private/working key system. I'm not entirely sure the encryption between processing networks (star, plus, pulse, etc) and between processing networks and banks, but there are many networks and many more banks. Having some sort of system that required the networks and banks to share working keys of 300,000+ ATM's in the US would be a major undertaking and would require some major cooperation between companies who are in reality competitors. I personally don't see that happening, unless companies like Mastercard or Visa start requiring it. Beyond that, there are other encryption systems in place for TCP/IP based ATM terminals the utilize SSL and IPSEC for communication over the Internet to a host processing server.

Re:Wow

[jayminer]

Definitely. I had applied for Mortgage in Bank A and transferred all my money from Bank B to Bank A.

It was Friday, the mortgage money would arrive on Monday so I would go and buy the house with the combined cash.

Bank B said it transferred the money already, but Bank A didn't credit my account, so I phoned the bank branch. They asked for my account number and said "Oh yeah, sorry, we are just processing your transfer and crediting your account". It was 5 minutes to end of work day.
If I hadn't called, I would have missed the 2 day interest for my own money (Yearly interest rate was 14% in my country, so it made sense).

Re:Wow

[kiwi_jackal]

That's an interesting point, and I don't know how your banks get away with it. Here in NZ, although money will sometimes be held to make sure that there's nothing wrong with the deposit (fraudulent, or not enough money in the sending account) you earn interest from the day the money is deposited, not cleared. The bank still earns money on that deposit, of course, but only as much as they would for whatever money you already have in your account - there's no incentive for them to keep your money uncleared longer than necessary for risk management.

Re:Wow

[sticky.pirate]

SSL was released in 1996

Banks prefer a conservative approach, using tried and tested 18th century steam punk hardware.

No kidding. One of the many projects I have worked on over the years is some of the infrastructure for Continuously Linked Settlement, which automates a huge chunk of foreign currency exchange. Not too long after the "Go-Live" date, I needed to exchange a sizable chunk of money between Euros and dollars that required me to go in-person to my bank.

I was really looking forward to participating in the modern 21st century economy, and seeing the high-tech whiz-bang front end the bank had wrapped around our back-end... and I was very disappointed when the whole transaction boiled down to the bank guy filling out a form and putting it in stack of other forms.

Re:Wow

[iworm]

Unix passwords are, generally, not encrypyted. They are hashed. The distinction is often lost, as here. By definition you cannot "decrypt" a hash. You can merely check that it matches or does not match some other value.

Re:Wow

[hey!]

Well, it all boils down to this: businesses maximize profits.

Sure, they'd like theft to go away, but they aren't going to spend $2 to reduce $1 of theft. That's why ATM technology has never been particularly secure. People just assume that ATMs have the kind of safeguards that are used to control the nation's nuclear launch capability, but they don't, because while that would probably reduce theft to nearly zero, it would cost more than it would save.

That's why Diebold doesn't have the expertise or technology needed to produce a decent voting machine. Good enough for an ATM is so far below good enough for a voting machine, you're far better off hiring somebody who is starting with a blank sheet of paper than somebody with ATM experience.

Now if this vulnerability proves to be a big money hole, they'll plug it. And that's all they'll do. They won't reevaluate and overhaul their entire installed based of machines and the networks that connect them, they'll do the bare minimum to plug the hole. That means there'll be another hole in a year or two. And that's OK, because it'll be a different person's problem, or if it's the same person's problem, well he fixed the last one so he can probably fix this one too. That's how they'll think about it. And they'll be "doing things right", from an economic standpoint, which is the only one that matters in this case.

If we were talking something like identity theft, there'd be a deeper moral obligation to do something about that. But they probably wouldn't unless there was a law that made them do it. Businesses don't spend $2 to save themselves $1 of expense, nor do they spend $1 to save somebody else $100,000 of expense.

Re:Wow

[Marillion]

While that is a true statement, it is true only because Unix passwords are never encrypted - SSH not withstanding. Other posters have gone on and on about hashing. Authentication systems should NEVER accepted a pre-hashed password because it then becomes a password equivalent. Password equivalents represent a common attack vector and are frequently under protected because many have the misconceived intuition that it's safe because it's "encrypted."

Re:Wow

[ToasterMonkey]

The big boys use Connect:Direct on their mainframes, and it's not very hard to figure out CD for UNIX. A little complex and clunky at first, but it does a lot more than vanilla FTP. Things like retries, execute commands before or after jobs, encryption, etc.
I think it's worth it if the business really depends on file transfers working smoothly, as in, anyone dealing with ACH files.

Re:Wow

[ToasterMonkey]

Right moron, and did you read TFGP? He suggested using SSL. I quoted it. I quote it so dumbasses like you know what the context is.

SSL.

Does SSL do anything about this situation, Mr AC?
NO, you'd still never decrypt PINS in software, it would NEVER, EVER be as secure as a HSM. HSMs are not perfect, and hard to configure, but software crypto... Good jeebus man!

Re:Wow

[ToasterMonkey]

My bad, I did forget to quote who I was replying to.

Thank you /. for your fucked up threading that makes it impossible to see who responded to what.
Thank you again for retards that wouldn't bother to try anyway.

Old becomes new

[emocomputerjock]

It's long been known that the PCI standards are nowhere near complex or secure enough to be trusted with protecting your data. Heck, they're just getting around to mandating encryption (128 bit, so as not to punish the early adopters of encryption technology). We moved too quickly to offer services without bothering to make sure we had the security in place to protect end users, and the criminal underground moves very quickly to exploit openings.

Re:Old becomes new

[__aagmrb7289]

I think, perhaps, you are a little confused (but maybe it is me). I work in this industry, so I have some exposure to these rules.

PCI stands for Payment Card Industry. PCI compliance means that you are following all the rules that have been setup by the PCI standards board. These standards apply to CREDIT CARDS. They do not apply to, for example, EFT's, etc.

However, the rules governing EFTs are actually WAY behind the PCI compliance rules. These are created by a group called NACHA. They recently came up with an update that puts them only ten years behind the PCI rules, instead of thirty.

I believe the PIN transfer information is referring to PINs - not "card codes" (the little, usually three digit, numbers that are at the end of the credit card number on the back of the credit card). PINs, on the other hand, are used with debit cards, and are usually four digits, and chosen by the user. These are NOT governed by PCI rules.

Re:Old becomes new

[emocomputerjock]

You reply just as I'm about to go home! I don't think they're talking about the card verification code. I'm positive they're talking about PINs aquired through PIN input devices, which are most certainly covered under PCI standards. All primary accounts, debit or credit, must be stored and properly protected through the PCI Data Security Standard , and all PIN Entry Devices are covered under the PCI PED Security Requirements. The PCI SSC is going to be testing all HSMs from here on out as well to ensure PINs are cryptographically protected as they should be.

Re:Old becomes new

[__aagmrb7289]

Did a little research, and you are correct. Color me mistaken! Thanks!

Doesn't a PIN Require the Physical Card?

[A.+B3ttik]

First, doesn't using a PIN require the physical debit/credit card? I didn't there was any way to use them on their own.

I've seen a lot of my friend's and family's PINs by pure happenstance. They usually make absolutely no effort to hide it, and most of their PINs are absolutely trivial 1-2-3-4 sort of thing.

I think whoever's taking these is going about it the hard way... any Supermarket Cashier with a pad of sticky notes could theoretically have hundreds of PINs.

The problem, I would think, is "How are they getting the physical cards to use them?" Or am I missing something fundamental?

Re:Doesn't a PIN Require the Physical Card?

[emocomputerjock]

Copying a physical card is trivial. They already have the number and personal information even.

Re:Doesn't a PIN Require the Physical Card?

[jez9999]

Obvious things like 1-2-3-4 are not allowed.

Re:Doesn't a PIN Require the Physical Card?

[mc1138]

Obvious things like 1-2-3-4 are not allowed.

That's the combination to my luggage!

Re:Doesn't a PIN Require the Physical Card?

[piripiri]

Obvious things like 1-2-3-4 are not allowed.

That's the combination to my luggage!

And that's my computer account password too! That's surprisin #@&%*! NO CARRIER

Re:Doesn't a PIN Require the Physical Card?

Not if you own the ATM, or just have some computer that is hacked into the ATM network pretending to be an ATM.

Re:Doesn't a PIN Require the Physical Card?

[oldspewey]

Depends on the institution. In fact at least one card I can think of was delivered - via regular postal mail - with a default PIN set to 1234.

Re:Doesn't a PIN Require the Physical Card?

Really? By disallowing some numbers they are just reducing the keyspace, making it easier for bad guys to brute force a PIN.

Re:Doesn't a PIN Require the Physical Card?

[Skadet]

Too late to be seen, but I just noticed the other day that all it takes to transfer money online from my bank account to another account at the same bank is the pin number and the online login for my account. Granted, if a thief had my online login, there's whole other mess happening, but holy crap.

Re:Doesn't a PIN Require the Physical Card?

[GypC]

I've had a cashier manually type my card number in when it refused to scan, so I guess you don't really need the card.

Re:Doesn't a PIN Require the Physical Card?

[rackserverdeals]

Obvious things like 1-2-3-4 are not allowed.

That's the combination to my luggage!

And that's my computer account password too! That's surprisin #@&%*! NO CARRIER

That's my slashdot password.

Re:Doesn't a PIN Require the Physical Card?

[rackserverdeals]

Obvious things like 1-2-3-4 are not allowed.

That's the combination to my luggage!

And that's my computer account password too! That's surprisin #@&%*! NO CARRIER

That's my slashdot password.

Wow. He wasn't joking.

Re:Doesn't a PIN Require the Physical Card?

[maxume]

The difference between 900 and 1000 available PINS doesn't really make me worry a whole lot.

Re:Doesn't a PIN Require the Physical Card?

[u38cg]

You need the sort code, account number, card number and PIN. The first three can be got by photographing the card, or swiping it through your personal data collector. PINs are trickier, but as anyone who has worked a cash desk for a while will tell you, it's quite often fairly easy to read people's PINs from their hand movements. Once you've got that, you need a mag-stripe programmer for a few hundred quid and you're good to go. Most ATMs do not require a chip, as chips have a ~1% failure rate annually, so the mag-stripe is used as the backup.

If you work in a high traffic environment you could clone several hundred cards a day. The trickier part is using them effectively, but there are ways round that, too.

Re:Doesn't a PIN Require the Physical Card?

[Tony+Hoyle]

Even then.. you type in a pin, into what? It's a keypad.. looks vaguely pin machine shaped, but they're all different - it could be doing *anything* with that number, including printing it out along with your other details in an office in a back room.

As there's no verification (the ATM/Pin machine never supplies any information to you to verify that it's legit) there's no real security - MITM is possible right there at the till.

Re:Doesn't a PIN Require the Physical Card?

[KDR_11k]

They usually make absolutely no effort to hide it, and most of their PINs are absolutely trivial 1-2-3-4 sort of thing.

They let you pick your own PIN? Over here we get the PIN issued by the bank.

Re:Doesn't a PIN Require the Physical Card?

[Fnord666]

...just have some computer that is hacked into the ATM network pretending to be an ATM.

And then what? You'll maliciously transfer funds between accounts? Unless your fictional ATM can spit out non-fictional money, there doesn't seem to be a point.

Solvable

[TheCarp]

Seems that we have encryption/signing protocols that don't require decryption for all operations... seems we also have public key encryption....

We already have onion routing... where we have end to end and point to point encryption in layers....

Seems the bankers should take a look at other technologies and consider some updates in how they handle it.

-Steve

Re:Solvable

[Qzukk]

Seems the bankers should take a look at other technologies and consider some updates in how they handle it.

As long as the bankers can force everyone else to pay for the fraud the bankers' incompetence causes, they have absolutely no incentive to get their house in order.

That said, the problem with the obvious solution is that in order to encrypt card information immediately with the destination bank's public key you'd need to update all of the card swipe machinery and software with either a comprehensive database of keys or some way of securely identifying the correct bank and retrieving that key.

Re:Solvable

[e4g4]

some way of securely identifying the correct bank and retrieving that key

The destination bank prints the cards - can't they put their public key on the magnetic stripe?

Re:Solvable

[Rich0]

NO!!!!

Put the keys in a chip on the card itself and have the card both sign the transaction and encrypt it for the bank.

I don't know why we keep designing systems that trust that the terminal you swipe your card on and enter a PIN into are secure. The display and PIN pad should be be integrated into the card itself. Then the bank knows it is talking to your card (which the bank issued). The only way to forge or intercept a transaction is to attack the chip on the card itself (which is both hard and requires physical possession of the card for a significant period of time).

As was pointed out, however, banks have no incentive to fix the problem when they're not liable for security lapses.

It ain't that easy

[Opportunist]

Have you ever tried to get, say, three competing companies to agree to a standard? Well, now try the same with a few hundred. Also, get international and you might get an idea what the problem could be.

Here something we dubbed the "St. Florian principle" strikes (from the old German saying "Holy St. Florian, you saint with the water bucket, spare our houses and burn down others"): As long as it only affects our competitors, why should we agree to increase the overall security?

Besides, even if they could agree that something has to be done, things like that tend to be quite expensive. And banks currently definitly have other problems than losing a few million dollars, they're loosing billions every day.

Re:It ain't that easy

[emocomputerjock]

There's the expense, the lack of technological expertise, the competing standards, and worst of all - the lack of any need for them to institute a set of security standards. Only recently have institutions within the payment card industry been held accountable for lax security. The most notable incident is the infamous TJX hack, in which wireless routers with default passwords and no encryption were exploited to steal thousands of user's data. In order to square things with the end users TJX shelled out millions of dollars and promised to take things more seriously. Escalating security breaches have gotten the vendors to start instituting security standards, but it's far too little too late. They're going to have to rebuild their systems from scratch with security baked in to solve the problem.

Re:It ain't that easy

[drinkypoo]

It's not actually that complicated in most cases; you can usually take advantage of some unused or underused part of a spec to signal a change to a different protocol, and support multiple protocols.

Re:It ain't that easy

[Red+Flayer]

Besides, even if they could agree that something has to be done, things like that tend to be quite expensive. And banks currently definitly have other problems than losing a few million dollars, they're loosing billions every day.

The biggest cause of the economic crisis is the credit crunch because banks are NOT loosing money, they are tightening lending.

/deliberately obtuse

Re:It ain't that easy

[Opportunist]

No can do in this case. It has to be an internationally accepted standard. ORRRR are you banks engaging in some kinda activity that you do not want auditors to see, HMMMMMM?

Realize that this is not a technical problem. It's one of protocols, but in a non-technical way.

Re:It ain't that easy

[drinkypoo]

My point is that you can use the fancier protocol where available, so you can get a coalition of banks together to develop a new standard, and then roll it out as is possible. It's not necessary to suddenly get everyone on board at once to make an improvement.

Re:It ain't that easy

[Opportunist]

I cannot answer that without opening myself to some costy lawsuits. But there is a good reason why banks don't take security more serious.

Ponder for one moment why it could be beneficial for a bank if money is missing and nobody is really able to find out how much...

Re:It ain't that easy

[superwiz]

Have you ever tried to get, say, three competing companies to agree to a standard? Well, now try the same with a few hundred. Also, get international and you might get an idea what the problem could be.

Actually, I have a game-theoretic proof that there is a strategy for forming consensus in such a way that the O-function of players who will not agree to consensus is lower than O(n). As a matter of fact, I can present a strategy where that number will be O(n^{1/m}), where m is arbitrary positive integer. In practice that means, that if you do it right, than the greater your number of players, the smaller percentage of "disagreeables" you should expect.

Re:It ain't that easy

[Opportunist]

Actually it is necessary. At the very least you'd have to get some friggin' huge players on board, else nobody is going to dare create a new standard. What if the big ones don't follow your standard? What if they eventually develop their own and you're sitting there on a pile of expensive crap that you have to dump again? Nobody is going to take that risk, unless some really huge cheeses are going to.

They, in turn, have no reason to do so. Implementing something like that costs billions for a bank that operates globally, far, far more than the risk warrants.

Re:It ain't that easy

[emocomputerjock]

Actually, it is. The reason this article is written is because thieves are attacking yet another part of an incredibly weak and out-dated network. You *have* to get everyone from the owner of the gas station to the credit card provider to the Head of the Board at of Deutsche Bank to agree that something has to be done. There have to be tangible policies set down with real penalties to enforce them. This problem is massive and pervasive and financial crooks will attack every exposed system they possibly can to exploit the network. For instance, that little swipey thing? Until the release of PCI 1.2 standards that interface to the cash register wasn't even required to be encrypted. You could hang a dongle off of the serial port on the thing and record all data right there at the register. That's just one tiny, tiny part of a standard that has to be implemented across an entire industry. This problem is technical in nature, yes, but it's not a matter of a protocol not being in place. It's a result of a security policy not even existing.

Re:It ain't that easy

[Hatta]

Have you ever tried to get, say, three competing companies to agree to a standard?

Who is asking them to agree? Let's force them.

Also, if you made banks financially liable for their pitiful security, they would agree on a secure standard very quickly.

Re:It ain't that easy

Ponder for one moment why it could be beneficial for a bank if money is missing and nobody is really able to find out how much...

If the operate in the USA, that line of thinking is one internal memo or whistleblower statement away from some serious Sarbanes-Oaxely issues for the top executives. Given the generally low opinion financial institutions currently have, prosecutors have plenty of motivation to make high profile examples of greedy bank executives. I'm not saying it won't or doesn't happen, but this has to be the most risky time in the history of US finance to willfully use unethical accounting.

capthca = "deterred"

Re:It ain't that easy

[Estanislao+Mart�nez]

Ponder for one moment why it could be beneficial for a bank if money is missing and nobody is really able to find out how much...

I kind of suspect that you're not thinking very clearly here about how banks work. Banks are popularly described as places where one "stores money"; but really, a bank is an aggregate of debts and credits: it owes money to its depositors, and its creditors owe it money, and it holds some cash reserves. What would count as a bank "losing" some of its depositors' money? Well, it would be that the bank's record of how much money it owes to its depositors is incorrect, and the error is in the bank's favor; the bank's ratio of credits to obligations goes up.

However, lax transactional security doesn't cause this to happen. Lax transactional security causes fraudulent transactions to be recorded and processed against depositor accounts, and the corresponding amounts to be paid out to other parties. This reduces the bank's obligations to the depositors (and hence the depositors have "lost" money), but it also reduces the bank's assets by a corresponding amount.

From the point of view of the bank, customer transactions are a zero-sum game; the bank doesn't stand to either gain or lose from them. Which goes a long way to explain a bank's lack of enthusiasm for strict security in this regard, without having to invoke this malicious and fallacious idea of yours, where the bank somehow gains money when it pays a third party unauthorized sums out of your account...

Re:It ain't that easy

[Tarsir]

From the point of view of the bank, customer transactions are a zero-sum game; the bank doesn't stand to either gain or lose from them.

I don't think that term means what you think it means. Zero-sum game refers to a game between two parties in which a gain for one player is offset by an equal loss by the other player. You seem to be talking about a game between three players, in which two players (the customer and fraudster) are 'exchanging' funds, and the third player (the bank) is not affected.

Re:It ain't that easy

[Estanislao+Mart�nez]

Zero-sum game refers to a game between two parties in which a gain for one player is offset by an equal loss by the other player. You seem to be talking about a game between three players, in which two players (the customer and fraudster) are 'exchanging' funds, and the third player (the bank) is not affected.

No, a zero-sum game is a game, with any number of participants, where the sum of outcomes is always zero. So in a three player zero-sum game, for example, a valid outcome might be -600, -400, 1000.

I do agree on further thought that the reference to "zero-sum" is confusing in this context. The point, however, is that in this three-player game, the outcome for the bank is always zero in the long run.

Re:It ain't that easy

[TheCarp]

Your assessment sounds spot on to me... if we make the assumption that "the bank" is a single entity with a single purpose and logically gaurds its own interests.

However, when we put people into the equation, we have a bank as a collection of actors, whose job it is to act in the best interest. However, each of them has his own interests, and may or may not act within the overall institutions best interest, and may or may not be caught doing so (and may or may not have a good handle on how they may or may not be caught, which would influence that likelyhood by directing their actions)

So the zero sum game for the bank, is true, however, its actually not a single zero sum game, but a very large zero sum game, with a large number of players. Sure, many of the players have a vested interest in the bank staying in business and being profitable. However, that doesn't mean they have a vested interest in the best possible outcome for the bank, merely avoiding ones so bad that they lose their own salaries.

Otherwise I do think game theory based assessments are among the best, but its important to recognize what games the individual players are playing.

-Steve

Re:It ain't that easy

[TheCarp]

Interesting. However, that isn't enough information to determine if thats relevant. Sure, we can build consensus but on what? First we need consensus that there is a problem, then that it actually needs to be solved, then on a solution. Whats to say you wont end up building consensus around a solution that doesn't actually work? What if the consensus is "this doesn't cost us enough to be worth working together, lets go get lunch"?

-Steve

Re:It ain't that easy

[superwiz]

Well, I am using a plain agree/disagree as possible decisions. So you got me there. So it's only relevant if an issue can be identified as being of the highest priority. The way I was reading the post to which gp replied was that bickering would forestall consensus even after an issue had been identified as being the highest priority. I am not sure that security can be evaluated by past performance. "Hasn't cost us much yet" doesn't seem like a good indication of whether it will continue to cost more in the future. It is, after all, similar to saying that a predator won't do much damage to a prey which doesn't have natural defenses based on how little damage such a predator has done so far.

Re:It ain't that easy

[Opportunist]

They are already liable for it. But it's the same as with dumping oil in the oceans: Chance of disaster (getting caught or getting hacked) and the fine are too small combined to offset the cost of doing it the "right" way.

Companies do what is cheaper. Not what is right or legal. If it's cheaper to do something illegal and get caught, they'll go with illegal.

Re:It ain't that easy

[TheCarp]

> I am not sure that security can be evaluated by past performance. "Hasn't cost us much yet" doesn't seem like a good indication of whether it
> will continue to cost more in the future. It is, after all, similar to saying that a predator won't do much damage to a prey which doesn't
> have natural defenses based on how little damage such a predator has done so far.

Ahh but whats to say we should expect an increase in the future, and not a decrease?

That would require that we know how the number of predators have changed, and their relationship with whatever population we are concerned about.

Its the old "80/20 rule". If we are worried about tiger attacks, we can institute a new protection every time an attack happens.... but do you continue that policy past the point of diminishing returns? What if the next level of "tiger protection" involves everyone smearing themselves in the dung of some animal which we have determined repels tigers? At what point do you say "Oh shit, you mean this is getting too costly to stop the 1 attack a year we still have?"

Take it to air travel... how many flights are hijacked as a percentage of flights flown? Ill give you a hint, its very very small.

-Steve

Re:It ain't that easy

[superwiz]

But the assumption of predators roaming freely is tantamount to the assumption that predator behavior can be automated. That is the cost of someone becoming the next predator is incomparably small in relation to their reward. Under these circumstances, it's free lunch for predators. To assume that they won't take advantage of it is counter-intuitive.

outdated banking systems

[roman_mir]

According to the payment-card industry, or PCI, standards for credit card transaction security, PIN numbers are supposed to be encrypted in transit, which should theoretically protect them if someone intercepts the data. The problem, however, is that a PIN must pass through multiple HSMs (hardware security module) across multiple bank networks en route to the customer's bank. These HSMs are configured and managed differently, some by contractors not directly related to the bank. At every switching point, the PIN must be decrypted, then re-encrypted with the proper key for the next leg in its journey, which is itself encrypted under a master key that is generally stored in the module or in the module's application programming interface, or API.

"Essentially, the thief tricks the HSM into providing the encryption key," says Sartin. "This is possible due to poor configuration of the HSM or vulnerabilities created from having bloated functions on the device."

Sartin says HSMs need to be able to serve many types of customers in many countries where processing standards may be different from the U.S. As a result, the devices come with enabled functions that aren't needed and can be exploited by an intruder into working to defeat the device's security measures. Once a thief captures and decrypts one PIN block, it becomes trivial to decrypt others on a network.

- seems that one part of a problem is the requirement itself to decrypt/re-encrypt PINs in every HSM.

Other kinds of attacks occur against PINs after they arrive at the card-issuing bank Once encrypted PINs arrive at the HSM at the issuing bank, the HSM communicates with the bank's mainframe system to decrypt the PIN and the customer's 16-digit account number for a brief period to authorize the transaction.

During that period, the data is briefly held in the system's memory in unencrypted form.

Sartin says some attackers have created malware that scrapes the memory to capture the data.

- this is another problem in itself, there shouldn't be a need to decrypt PIN if a correct hash function is used, compare the hash instead, this way PINs don't need to be unencrypted anywhere.

--

This shows that some banking systems are outdated when it comes to security. Another problem that is identified is that there are too many ways for thieves to access and install unauthorized software on these systems.

"Memory scrapers are in as much as a third of all cases we're seeing, or utilities that scrape data from unallocated space," Sartin says. "This is a huge vulnerability."

He says the stolen data is often stored in a file right on the hacked system.

"These victims don't see it," Sartin says. "They rely almost purely on anti-virus to detect things that show up on systems that aren't supposed to be there. But they're not looking for a 30-gig file growing on a system."

- it is not clear what exactly types of systems are mentioned here? If it's the mainframe, where unencoded PINs are compared, then what anti-virus is he talking about? So it's not mainframes, then what, the HMS? Why should a virus be able to cross from a machine that can be affected by a virus to such a device?

Does anyone here know whether these so called 'HMS' machines are in actuality windows 95 boxes connected to the web or something?

Seriously though, the banks need to retrofit.

Also it seems that holding money in a bank is becoming quite troublesome.

Re:outdated banking systems

[SharpFang]

Considering the PIN is usually 4-8 digit number (about 30 bits of data) brute-forcing a hash you intercept instead of the PIN doesn't sound like much of a challenge.

Re:outdated banking systems

[Chatterton]

- this is another problem in itself, there shouldn't be a need to decrypt PIN if a correct hash function is used, compare the hash instead, this way PINs don't need to be unencrypted anywhere.

--

This shows that some banking systems are outdated when it comes to security. Another problem that is identified is that there are too many ways for thieves to access and install unauthorized software on these systems.

The PIN keyspace is so small (10000 possibility) that hashing it or doing nothing is nearly the same. You can hash all the 10000 possibility and then do a reverse lookup.

- it is not clear what exactly types of systems are mentioned here? If it's the mainframe, where unencoded PINs are compared, then what anti-virus is he talking about? So it's not mainframes, then what, the HMS? Why should a virus be able to cross from a machine that can be affected by a virus to such a device?

Does anyone here know whether these so called 'HMS' machines are in actuality windows 95 boxes connected to the web or something?

Seriously though, the banks need to retrofit.

Also it seems that holding money in a bank is becoming quite troublesome.

These HMS are for the most part Win-NT machines

Re:outdated banking systems

[roman_mir]

there shouldn't be a need to decrypt PIN if a correct hash function is used

- isn't this what I wrote?

Shouldn't there be extra salt added at some point to the PIN before final hash is created?

In any case, I said 'correct hash function'. I don't mean to solve this problem for the banks for free right now, if they want to, they can contact me, then I'll deal with it, wouldn't be the first time.

Re:outdated banking systems

[quietwalker]

As someone who works in the FI-tech industry, I can say that HSM's are effectively sealed, low power, dedicated chipsets. Physically, they resemble a small metal box with spots for inputs. They're supposed to be physically difficult to open and muck around with.

They add about 10-12k USD to the price of an ATM, despite that being nowhere near the unit production cost.

From someone involved on the technical level, it appears that this is the real scam job, but I'm not the one agreeing to follow certain inter-bank standards, so perhaps I'm a bit out of the loop here.

Re:outdated banking systems

[roman_mir]

The PIN keyspace is so small (10000 possibility) that hashing it or doing nothing is nearly the same. You can hash all the 10000 possibility and then do a reverse lookup.

- I already replied to this here.

These HMS are for the most part Win-NT machines

- aren't these HMSs older than that?

Re:outdated banking systems

[JesseMcDonald]

The PIN keyspace is so small (10000 possibility) that hashing it or doing nothing is nearly the same.

So just include a large "salt" field on the card itself. That way brute-forcing becomes impractical, and you need both the PIN and the data from the card to construct the hash.

Re:outdated banking systems

[hankwang]

Shouldn't there be extra salt added at some point to the PIN before final hash is created?

The idea of a salt is that the salt is not very secret, but makes it infeasible to construct a dictionary of hashed keys. You don't need to construct a dictionary of hashes for PIN numbers since they are only 14 bits; trying the hash function for the whole key space with the known salt takes only a fraction of a second. If you want to keep the salt secret, then it isn't really a salt anymore but rather a private encryption key and you have to design a way to securely distribute those private keys from all possible bank systems to all the ATMs over the world. There are ways to do that, but you can't really call it a salt anymore.

Re:outdated banking systems

PIN management systems use DES almost exclusively. Now, if your card is issued by Bank A and you use Bank B's ATM, your PIN is encrypted twice: once by the ATM, where it then goes to a big switch; there the HSM (Host Security Module) decrypts the PIN from the ATM key owned by Bank B and re-encrypts it with the key used by Bank A.

When the encrypted PIN arrives at Bank A it's verified inside Bank A's HSM, which only returns a yes/no.

A properly designed PIN management system NEVER exposes the PIN outside the HSM, EVER.

PINs are formatted into 8-byte blocks (for DES), and the PIN is combined with other data (salts or the PAN) to prevent dictionary attacks.

HSMs have supported these methods for years. The only reason for compromise is rogue insiders or sloppiness.

DPM

Re:outdated banking systems

[Fnord666]

So just include a large "salt" field on the card itself. That way brute-forcing becomes impractical, and you need both the PIN and the data from the card to construct the hash.

They already do this. It's called an ANSI pin block and combines digits from the card number, not including the check digit which is deterministic, with the clear PIN block before encrypting it. The result is encrypted using 3DES and the current working key. This is all done inside a tamper resistant encryption module that is a part of the pin pad. The encrypted pin block is then handed to the host application on the ATM to be sent to the switch. Oh and by the way, modern ATMs use public key cryptography to receive the randomly generated working key from the processing system that drives it. They also use digital signatures to validate who sent it.

Re:outdated banking systems

[Fnord666]

HSMs have supported these methods for years. The only reason for compromise is rogue insiders or sloppiness.

HSM handling protocols are also designed to prevent this sort of thing. The protocols are designed so that a compromise requires the collusion of several individuals. The information or data kept by a single participant is useless without the other components. Every operation that is performed on the unit requires at least dual control. Many operations require three or more independent people. These operations have to be performed on a dedicated terminal that is kept in an access controlled environment.

Re:outdated banking systems

[JesseMcDonald]

The problem is that they're using encryption when they should be using a one-way hash function. It shouldn't be possible to reverse the data received from the pin pad to get the PIN itself, short of brute-forcing a very large search space. If you add in a challenge block you can protect against replay attacks as well, all without any need for encryption or digital signatures.

(Naturally you would want to encrypt and sign the actual transaction data, but that's a separate issue from authentication. I would also question whether the card number alone--about 50 bits if uniformly distributed, less otherwise--is enough to thwart a serious brute-force attack. Combined with the PIN, that's only about the equivalent of an unsalted 10-character alphanumeric password.)

It's nice to know that they're using 3DES, PK crypto, and digital signatures, but sometimes the ways in which they're used make them seem more like a checklist intended to impress people than any real attempt at end-to-end security.

Re:Why I Hate Debit Cards

Personally I insist on paying in cold, hard, gold. I'll also only accept payment in gold, silver, or a promissory note signed personally by a gentleman in good standing. I know some people who insist on bartering for goods and services, but they really should come into the 19th century as we have!

Bad HSM

[deKernel]

If at any one point, there is an HSM that allows the keys to be brought out of the HSM, then that HSM should NOT be used.

Plus if the "hacker" has that level of access to the transaction network meaning talk to the HSM directly, you are hosed to be honest.

Curious

[neokushan]

Strangely enough, about 2 weeks ago I got a call from my bank saying they had noticed some "odd" transactions on my debit card (which is a chip and pin deal).
Very small amounts of money, somewhere between £1.40 and £1.70 had been transferred from my account to various accounts in America, via this card. The strange thing was that this was a brand new card, I had to get my old card replaced just after christmas as an unfortunate wallet incident had cracked the old one in half.
Between January and March, I had bought nearly nothing with the card, certainly nothing out of the ordinary and until now, I was slightly perplexed as to how my card could have been compromised.
I'm glad my bank were on the ball, I've only lost somewhere around £4, which is lucky considering I had a few hundred pounds in my account at the time.

Re:Curious

So your bank somehow compromised your account, aren't refunding the money stolen, and you're grateful?

Re:Curious

[GrumblyStuff]

A skimmer perchance?

http://consumerist.com/5200818/reader-finds-card-skimmer-on-bank-atm

Re:Curious

[neokushan]

Where did I say they weren't refunding it?
It's not feasible to assume that security is foolproof, so I'm glad to see my bank is on top of things for when their security eventually gets broken.

Re:Curious

[neokushan]

Sadly, it's a relatively small bank in Northern Ireland known as First Trust. They're part of Allied Irish Banks, I have no idea if they're part of a larger international group, but considering recent reports indicate that Irish banks may be ready to pull an Iceland, I'd be careful about moving to them just yet.

Re:Curious

[neokushan]

Very possible and it was indeed my first thought, in fact it's the most likely cause. The troubling part is that it would have to have been done by one of my local ATMs that I use quite regularly. I didn't notice any changes to them recently, so if it was a skimmer, it was very well hidden. Or perhaps I really just didn't notice it.

So this is what my $2.00 buys me?

[Bjaardker]

It's ridiculous that we are even having this conversation. With all of the "free money" banks are getting from ATM transaction fees, securing the transaction should never be a concern.

Re:So this is what my $2.00 buys me?

[emocomputerjock]

That's not "free money", that's a Chief Scamming Officer's bonus.

Re:So this is what my $2.00 buys me?

That's not free money. ATM's cost in upwards of $30k (for a Diebold Opteva) - then there is circuit cost, depreciation, loading money in the machines (that doesn't earn interest in the financial institution's overnight account), supplies, maintenance, etc. Unless you're in a high traffic or tourist area, making a couple $100 in PROFIT after all expenses on an ATM is good.

Mostly they lose money. It's a cost-center.

Speaking (as AC) as someone who has 12+ years experience in financial institution back-office operations and data processing.

Re:So this is what my $2.00 buys me?

That's not free money. ATM's cost in upwards of $30k (for a Diebold Opteva) - then there is circuit cost, depreciation, loading money in the machines (that doesn't earn interest in the financial institution's overnight account), supplies, maintenance, etc. Unless you're in a high traffic or tourist area, making a couple $100 in PROFIT after all expenses on an ATM is good.

Mostly they lose money. It's a cost-center.

As a retail bank, if you don't allow your customers to deposit & withdraw money, you won't have much of a business.

The alternative is paying for a bank teller's salary & training, which is probably more than $30k annually. ATMs are much cheaper than the alternative.

Re:So this is what my $2.00 buys me?

[FooAtWFU]

It's a "convenience charge" that they can charge you because you didn't feel like going through the effort of getting a bank that doesn't charge the stupid fees. (A number of banks do that, mostly the smaller ones and online ones. Charles Schwab and E*Trade's banking units, for instance, will refund ATM withdrawal fees at ANY atm.)

Re:So this is what my $2.00 buys me?

[memco]

AHA! There's the problem-diebold is making these things. They can't even reliably tell which button you press.

Seriously, the banking system is way overcomplicated and ineffective. My IM conversations are more secure than this.

Opensource Financial anyone?

Re:So this is what my $2.00 buys me?

[Dr_Barnowl]

Most of the UK banks no longer charge for ATM services.

Some of them started charging for using competitors ATMs, but the resulting hoohah quickly stopped that.

One of the few upsides to my current bank is that I can literally use any ATM in the UK to get cash, and as long as it's a bank ATM, for no charge.

About the only ATMs that charge for transactions in the UK now are the non-bank ones that crop up in convenience stores and motorway service stations.

Re:Why I Hate Debit Cards

[jDeepbeep]

More importantly I can tell the CC company to bugger off where as the bank is not going to put cash back into my account.

My account was compromised a few months back, by fraudulent use of a bank/debit/check card of mine. Interestingly enough, the bank (once made aware (less than 8 hours later) that a string of fraudulent purchases had been made) did provide a credit back to my account for each one that cleared, and then personally took up issue with the individual corporations' fraud departments (Yahoo Personals, Samsclub.com, etc etc). Process-wise, I did have to sign an affadavit for each individual instance and throw them back in the mail.

4 digit codes are useless

[thogard]

Assume you can hack a major supermarket chain's pin pads. On the 1st day you try everyones code with 0001. On average you will lockout a small number of customers (who lock them selves out all the time anyway). Yet you have one in 10000 odds of hitting any given card and considering that 10,000 to a few million cards have gone through in a day, thats not bad odds. If you don't use 0001, 0002 and use things more people are likely to take like 1074 (oct 74) or 4321 you will find that your hit rate is far higher.

Re:4 digit codes are useless

[deKernel]

Not necessarily true. There are two scenarios that could be in play here.

1) With the data from an older transaction, AND access to the HSM, they could in theory, re-encrypt a PIN block with new keys which would would allow a transaction to be authorized without ever seeing the PIN in the clear

2) They actually get some of the clear keys that would allow them to break the PIN buffer

In either case, the attack would not be considered brute-force which would turn off a card by hitting the max PIN verifications within a certain time period.

Re:4 digit codes are useless

[blueg3]

That's a bold assumption. Hack to do what? If you get to assume you have complete control over their card readers, you really should just capture there PIN while you're there, rather than guessing.

Re:4 digit codes are useless

[Estanislao+Mart�nez]

On the 1st day you try everyones code with 0001.

Nah, you might as well skip 0001. Nobody would use that as their PIN; it's not a random number!

Re:Why I Hate Debit Cards

[superwiz]

Pfff, wait until latter 20th century when all trade will be conducted in oil promissory notes.

Not in my experience

[FadedTimes]

I work for a Electronic Payments/ATM/Point of Sale/Card Issuer company. If the PIN is in the clear after being decrypted at the bank/card issuer then that is the bank/card issuers issue and not the payment industries fault. The bank/card issuer needs to look at their software vendor who is not secure, as the PIn should never be in the clear. If the HSM device is giving up the key, then that HSM vendor is not secure. How is the hacker getting access to even itneract with the HSM device. These are usually held in a secure environment network and physical access. If the HSM device is not in a secure area then some one has to be responsible for over looking this. These HSM devices are set to self destruct if tampered with. The article calls for a radical change to the payment industry, but all these issues can be resolved with regulation and I belive these rules are already in place. The PCI auditors should be catching these items.

Re:Not in my experience

[Peter+Simpson]

If I knew how to do it, I'd mod you up.

The article makes no sense. There should never be, as you say, any reason to decrypt and re-encrypt the encrypted PIN. Those who believe that there is, need only to look at the way passwords are stored in classical UNIX.

The person writing the original article apparently pasted together a bunch of quotes and theories. I'm not buying that someone has figured out how to reverse the PIN encryption. As far as I know, the banks are still using triple-DES which is secure unless you have a Beowulf cluster working on it, and even then, regular key changes should keep the cluster busy. // still using my card confidently

Avoidance Measures?

[Marrow]

Do we know if it is safer to use the ATM at your bank branch office?

What about CC. CC often have a pin to get cash. If they can copy cards, what is to stop them from brute-forcing the pin?

Is plastic dead?

Re:Avoidance Measures?

[Aqualung812]

Do we know if it is safer to use the ATM at your bank branch office?

Typically, no.
Most banks and credit unions have a 3rd party card processor handle the PINs. Even that ATM in the branch goes out to a card processor and back again.
Sounds stupid at first, but that does require less security for the bank, as the card processor now has to protect the PIN.

and if you're lucky

[dblackshell]

you may find the PIN in 3 tries, instead of 15 http://www.theregister.co.uk/2003/02/21/how_to_get_an_atm/

Don't enter your PIN

[Authoritative+Douche]

I never use the Debit Option when using my bank card in a transaction. I always choose credit for two reasons: A) When you use credit, the store pays the transaction fee, if any. I don't know if it's true anymore but last I checked, using a debit card and entering a PIN resulted in a small fee charged to the customer for the transaction. B) The purchase and fraud protections granted by Visa (even on check cards) are reduced or even disappear when you use the Debit option and enter your PIN. If you don't transmit the PIN, you don't need to worry about a MITM decrypting it.

Re:Don't enter your PIN

[Cumanes-alpha]

Yes, but all of the information needed to perform transactions is being transmitted in clear text. So it's even easier to clone a credit card than to clone a debit card... stop doing that! (unless visa, or your bank pays all when your card info has been compromised).

Re:Don't enter your PIN

[Authoritative+Douche]

Interesting point on the cleartext transmission. My bank and/or Visa does indeed pay all when my card is compromised. I guess that's the one remaining benefit to sticking with BoA.

Re:Don't enter your PIN

[PCM2]

(unless visa, or your bank pays all when your card info has been compromised).

Which they do. Your total liability for credit card fraud in the U.S. is $50, and I've never heard of anyone actually being charged that. I once had a fraudulent $600+ charge on my account and all I did was call the credit card company and calmly ask them to remove it, which they did immediately. They sent me a form to fill out and sign to attest that I had been the victim of fraud, which I sent back at my leisure. And that was the end of that -- no $50 charge, no nothing.

And, in fact, the same is true for debit cards. The only difference is that you have to report the fraud within two days to limit your liability to $50, otherwise you might owe as much as $500. But, again, it's at the company's discretion whether they want to charge you or not. If you have good credit, maybe they'd rather keep your business.

The real victim in credit fraud cases is the retailer. If someone "buys" a $1,000 television using my credit card number and then I report the charge as fraudulent, I don't pay the bill, the credit card company doesn't pay the bill, and the retailer doesn't get the TV back. The retailer is out $1,000.

Re:Don't enter your PIN

[Cumanes-alpha]

Yes, well, another reason may be that if your money is stolen using a debit card it is stolen directly from your account, and if the bank delays a lot giving your money back, that could be a huge inconvenience for you. If there are laws that force the bank to respond quick after a "debit" fraud happens, it's ok. If the money is stolen in the form of a charge to your credit card THAT MONEY EVEN WASN'T YOURS...so your money in your account isn't touched. I was pointing (or trying to point) in my previous comment, that the underlying reason you exposed for use more frequently credit cards it wasn't as safe as you thought. But for your convenience, sure, is better that the thief carries away credit that you don't have to pay, that money you need to buy your stuff.

Very Simple Solution

[kilodelta]

Until the banks get their collective shit together, why not legislatively fix this.

Make it so debit cards have the exact same protections as credit cards.

Re:Very Simple Solution

[emocomputerjock]

You want the people that think the Internets is a series of tubes and that it has a giant off switch to come up with a way to protect against banking fraud? For fucks sake, the CTO of the White House outsourced IT for the city of DC to Google, and that guy got a promotion! The only thing worse than an inept banking and credit industry is politicans.

Re:Very Simple Solution

[kilodelta]

I understand that, but this is an issue that's so simple that even a politician could understand it.

FACT: The banking and credit systems as they currently exist are insecure and our criminally negligent.

FACT: A debit card and credit card are two sides ot the same coin. They traverse the same networks, banks, etc.

I know my congressional delegation understands those two facts.

Re:Very Simple Solution

[emocomputerjock]

While you might be right, they'll solve it by giving themselves a pay raise and appointing a Federal Cyber Homeland Banking Czar who'll immediately institute a tax on all bank transactions. Hey, the criminals won't want to steal your money if they have to pay a tax on it, right?

Re:Very Simple Solution

[Alpha830RulZ]

A debit card and credit card are two sides ot the same coin. They traverse the same networks, banks, etc.

Well, only sort of. They may (or may not) navigate the same phone line/connection out of the store, but the transactions are routed to and run by completely separate systems.

Re:Very Simple Solution

[Cumanes-alpha]

Hey that's a way to make things happen!, and I'm not being ironic here. Here we have laws that practically obliges banks to pay almost any fraud claim to the customers, and we have laws and resolutions that forces the banks to increase the security of the electronic financial channels (POS, ATMs, etc.) with very specific measures. So if anyone have to lost money, they'll be the Bank.

Seems like a bad idea...

[shellster_dude]

To decrypt the information at each interchange. I think I a better solution would be to just re-encrypt the encrypted data at each exchange as well as the key to decrypt the previous encryption round. That way, when the data finally gets to the end of the line, the machines can just unpeal the layers of encryption.

This should be over any time

[daem0n1x]

This is an incredibly stupid problem. But it should be over when all bank cards are smart cards. With smart cards, the PIN is required to make the card work, and a secure (encrypted and MACed) session is established between the card and the Visa (or whatever) server using session keys. No PIN is in transit ever.

Just ditch the old magnetic stripe cards and get yourself smart cards.

Both my debit and credit cards are smart cards. So, no problem for me.

Re:This should be over any time

[Cumanes-alpha]

only problem is the time it takes to deploy a world based on smart cards and what we do in the interim??? there are some studies that have figured ways to produce fake cards from the data stored in a smartcard. There are some data components of the chip that are customizable by the Banks or whatever company issues smart cards, and there can be foolish and stupid things people could do, as for example, copy the data of the magnetic stripe on the chip (don't ask me what for, but they have!). So I won't be so at ease if I were you...MUHUHOHOHAHA... even so, yes...smart cards are WAY more secure than magnetic stripes (pretty obvious isn't?).

This problem is simpler than that!

[Cumanes-alpha]

If you think is easy to "trick the devices into giving the master key", then you know nothing about really bad procedures and the threat they are to information security. Until about two years ago in my country every ATM of every and each of the Banks were used to have a static DES key to encrypt the PIN. This key was trivial as hell AND EVERYONE KNEW IT!. Decrypting the PIN was a matter of ... NOTHING, just walk away with your track2 info + DES encrypted PIN and start manufacturing fake cards. Here that's not a problem anymore. PLEASE BANKS, you have to change the scheme to a dynamic and ever changing and unique-for-each-ATM 3DES (at least) key. This 'technical' approach mitigates a little the procedures flaws like giving such a critical information to some unconscious technician. But that is only a part of the problem, what about credit cards? (which usually doesn't use a PIN). In the article they mention that the Master Key is stored in several modules. In my experience that's not true (anymore, maybe 4 or more years ago it was true), the keys are used to be stored in a special tamper-proof memory which is located in the keypad of the ATMs (EPP, Encrypted Pin Pad) and in "encryption boxes" placed in the bank, secure enough if you ask me. The flaw here, again, has been a thing of really stinking procedures and lack of vision of future (nobody asks what-if anymore???). Other thing is that the ATMs providers KNOWS THAT ALREADY (and since 2 years ago at least) and they seems to do nothing about spreading the word and proposing solutions to their customers around the world. That's an amazing business oportunity!!!. If anyone would like to give me a job to help solve this scheme...I'm more than pleased to help!!! Sorry for the long comment guys...

HSM,..

[ConceptJunkie]

"HSM" sounds like a character from a conspiracy-oriented TV show, like a cross between "HRG" and "CSM".

Re:HSM,..

[Em+Ellel]

"HSM" sounds like a character from a conspiracy-oriented TV show, like a cross between "HRG" and "CSM".

Hardware Security Module - a device whose whole purpose in life is to make EXACTLY what the article describes impossible. YOU ARE NOT SUPPOSED TO BE ABLE TO GET THE KEYS OUT OF IT.

Just goes to show, no hardware or software security is a match to IBM (Idiot Behind the Machine)

-Em

Bank deposit latency

[Jay+L]

One of the banks I go to still requires filled out deposit slips, ink signatures, and still has a "next business day before 2" in regards to processing your deposits.

I recently saw a presentation from a Rhode Island bank. They were going to allow their business customers to install on-site check scanners, the same kind you see in the banks. One of the touted features was that these scanned deposits would be credited instantly, instead of on the next business day.

In exchange for saving them manual labor (their tellers currently have to scan the checks), they would charge you only $75/month for having the scanner! And just think of the extra interest from that day of deposit. They genuinely believed that this was a financial technology revolution, on par with the ATM.

(I did the math; assuming 5% APR, which nobody gets anymore, you'd have to be doing about $550,000 in daily deposits to make back the $75/month.)

Re:Bank deposit latency

Apparently they forgot to mention another benefit of this system: fraud prevention. We scan any check over a certain amount (I don't know how much, I didn't write the policy). If it's a bad check, we know right away, before the merchandise walks out the door.

Re:Bank deposit latency

[dwye]

> (I did the math; assuming 5% APR, which nobody gets anymore,
> you'd have to be doing about $550,000 in daily deposits to
> make back the $75/month.)

You forget not having to pay for someone to securely schlep the checks to the bank, once or more a day. At minimum wage, and a 20-30 minute round trip each day, it would become a bit more economical.

But, yes, this sounds like the bank is drinking its own kool-aid, on the scanner rate, unless they are supplying a very nice scanner.

Re:Bank deposit latency

[oasisbob]

I recently saw a presentation from a Rhode Island bank. They were going to allow their business customers to install on-site check scanners [...]

Yup, Check 21 now allows images to substitute for paper in the check clearing process. This can happen just about anywhere: at the retailer, at the bank branch, at their HQ, at the central processor... Pretty nifty legal hack.

It's too bad ACH and EFT and check clearing networks can't just go away in favor of a simpler system.

Re:Bank deposit latency

[Jay+L]

At minimum wage, and a 20-30 minute round trip each day

They made the exact same point at the presentation - playing up how that 20 minutes "turns into an hour", because of course there's a 10-minute line at the bank, and they stop for coffee on the way back, and what business can afford an hour of lost productivity each day?

Maybe it's because my only retail job was working in a mall, but I assumed that most businesses did what we did - they used a nearby bank, and people swung by the night depository on their way home. Total time: three minutes, including deceleration and activating the hazard flashers.

The government will do it *so* much better nt

[bradley13]

ny

Re:Why I Hate Debit Cards

[CastrTroy]

It really depends on which bank you go with. I had my debit card duped, and there was a single invalid transaction ($500 withdrawal, in some town far away from me). My bank called me less than 24 hours after it happened, and I walked into a bank and got a new card instantly. Money was refunded in about a day. Pretty painless for the most part. Things like this shouldn't be able to happen in the first place (when is chip and pin going to be required). However, I'm happy knowing that banks are getting better at handling these situations. I pity anybody who's with one of those bad banks that doesn't handle this stuff as well.

Credit option is better?

[QuincyDurant]

Notwithstanding other issues, Authoritative Douche's advice is good, is it not?

Federal reserve

[g0es]

The Federal reserve banks should be pushing for a standardized way to handle the communication between all the competing banks, much like how they handle checks with Check21.

Re:Federal reserve

[Opportunist]

And why should a Japanese bank care? Or continue to do meaningful business with US banks? Why should a Swiss bank heed the FedReserve standards? Worse, why should US banks heed it outside of the US? Nothing's easier for an international business (and banks usually are) than to ignore national standards.

You can only force a standard on others if you have control over them.

Re:HSM ?

[slashnik]

From TFA "hardware security module"

Don't you guys have chip and pin yet

better to just use credit cards

[mattstorer]

I got rid of my debit card and replaced it with an ATM card (for getting cash directly from my bank) and credit cards (for everything else) for reasons related to this, but more generally referred to as rational paranoia.

it goes something like this:

1. I don't like entering my bank account's PIN in the local Try-N-Save. it just feels like a bad idea. now, according to the very brief amount I've read on this here, it is;

2. debit cards are linked directly to your bank account. someone uses it even as a Visa card (no PIN necessary!), not even as a debit card, and that money comes straight from your bank account, not from a credit card buffer (which you can contest, and for which you aren't necessarily liable). and I don't know about you, but I'd rather contest a charge on my credit card than get a call from my bank telling me that my mortgage payment failed due to insufficient funds;

3. I prefer using credit cards instead of debit cards anyway as it helps improve my credit rating, and I get perks like discount airline tickets (AMEX's Blue Sky card is pretty sweet). all you gotta do is remember to pay your bill every month and you're good to go.

My ATM Card Is Guaranteed 100% Secure

[kudBwrong]

Due to the financial crisis, I have no cash left to steal.

See Graham Steel's paper for a good description

[kudBwrong]

Many /. posters have described various aspects of this issue. The paper by Graham Steel: http://blog.wired.com/27bstroke6/files/Steel-tcs06.pdf/ provides a more thorough explanation of how the scheme works. This is a relatively new attack, so I expect we will see efforts to harden this network, but there are obstacles, as Steel describes. It's not that banks are just careless. For example, there is a business analytics software company with over $2 billion in annual revenue. One of their largest customers is a (big) bank, who retains them to run massive, nonstop analytical scans looking for suspicious transactions. It's a very costly effort. There is security on many layers, some will inevitably be compromised, and the bad guys are relentless.

Re:See Graham Steel's paper for a good description

[kudBwrong]

Corrected URL: http://blog.wired.com/27bstroke6/files/Steel-tcs06.pdf

Re: Financial Networks

[Douglas+Goodall]

I did work with ATM machines long ago, and they were heavily dependent on the Data Encryption Scheme. As I remember the important transactional packets were encrypted at least three times (not triple des) and packets traveled over SNA networks using SDLC which is a synchronous method (a long stream of bits without obvious boundaries and zero insertion to protect flags. I thought at the time that this was very secure and never heard otherwise until much later when massive horsepower became available to anyone. DES was still in use as recently as a decade ago, although triple-des was an improvement. SInce then NIST has made significant progress on better encryption methods. What is true is that in the old days, those packets traveled over point to point leased lines, and not a packet switched network, and that was by definition more secure.

Netcraft doesn't do PVC!

[freaker_TuC]

Is plastic dead?

Netcraft can't confirm, they're not up to plastic yet ....

Re:Netcraft doesn't do PVC!

[Marrow]

Good point. I dont really like reading the -is it dead yet- comments either.