Subverting PIN Encryption For Bank Cards

An anonymous reader sends in a story at Wired about the increasingly popular methods criminals are using to bypass PIN encryption and rack up millions of dollars in fraudulent withdrawals. Quoting: "According to the payment-card industry ... standards for credit card transaction security, [PINs] are supposed to be encrypted in transit, which should theoretically protect them if someone intercepts the data. The problem, however, is that a PIN must pass through multiple HSMs across multiple bank networks en route to the customer's bank. These HSMs are configured and managed differently, some by contractors not directly related to the bank. At every switching point, the PIN must be decrypted, then re-encrypted with the proper key for the next leg in its journey, which is itself encrypted under a master key that is generally stored in the module or in the module's application programming interface, or API. 'Essentially, the thief tricks the HSM into providing the encryption key,' says Sartin. 'This is possible due to poor configuration of the HSM or vulnerabilities created from having bloated functions on the device.'"

Wow

[Sir_Lewk]

Seriously? This is just incredibly stupid.

What ever happened to accessing the routing information but leaving the data encrypted? SSL really is not that complicated of a concept.

Re:Wow

[sakdoctor]

SSL was released in 1996

Banks prefer a conservative approach, using tried and tested 18th century steam punk hardware.

Re:Wow

[raddan]

I think part of the problem is that ATM machines have, in the past, not used IP networks, because there was always a need to lay down a line (or a modem) that would connect to the financial network. Many financial networks predate the Internet, and many of them have stricter requirements than typical IP traffic (like QoS), and so, in many cases, you see other kinds of network architectures (like X.25). Given those conditions, strong encryption did not always make sense.

Now, there's nothing stopping you from using a higher-level protocol like SSL with other network architectures, but ATMs already have their own security mechanisms that predate SSL by a long shot, and the use of SSL, at least culturally, is tied pretty closely with TCP/IP. What surprises me, though, is that the HSMs must decrypt a message at every interchange, and re-encrypt it. I'm sure financial networks were around before asymmetric encryption was widely known or used, but they've had a long time to do this the right way now. The fact that these networks are still vulnerable to MITM attacks is pretty shocking.

Anyway, I don't know a whole lot about financial networks. Anyone care to fill us in?

Re:Wow

[Hatta]

Are you really surprised? If someone wants to drain your bank account, they don't even need to break any encryption, all the information they needed is written on your checks. They don't even need to forge a signature.

If banks were liable for fraud committed with the systems they designed, they'd design more fraud tolerant systems.

Re:Wow

[value_added]

One of the banks I go to still requires filled out deposit slips, ink signatures, and still has a "next business day before 2" in regards to processing your deposits. To that I say, "Come on, this is the digital age!"

You missed the overriding factor offered by the digital age which they use to earn interest on your money while it's on hold. By contrast, Really Important Customers (those with regularly high balances, etc.) rarely have any funds put on hold.

Compared with PayPal's 5-day period, it sucks a lot less.

Re:Wow

[u38cg]

Completely crazy, until you realise that while the money is in their possession for a couple of days they can lend it out on overnight rates. Lucrative business, trading on other people's money.

Old becomes new

[emocomputerjock]

It's long been known that the PCI standards are nowhere near complex or secure enough to be trusted with protecting your data. Heck, they're just getting around to mandating encryption (128 bit, so as not to punish the early adopters of encryption technology). We moved too quickly to offer services without bothering to make sure we had the security in place to protect end users, and the criminal underground moves very quickly to exploit openings.

Solvable

[TheCarp]

Seems that we have encryption/signing protocols that don't require decryption for all operations... seems we also have public key encryption....

We already have onion routing... where we have end to end and point to point encryption in layers....

Seems the bankers should take a look at other technologies and consider some updates in how they handle it.

-Steve

Re:Solvable

[Qzukk]

Seems the bankers should take a look at other technologies and consider some updates in how they handle it.

As long as the bankers can force everyone else to pay for the fraud the bankers' incompetence causes, they have absolutely no incentive to get their house in order.

That said, the problem with the obvious solution is that in order to encrypt card information immediately with the destination bank's public key you'd need to update all of the card swipe machinery and software with either a comprehensive database of keys or some way of securely identifying the correct bank and retrieving that key.

It ain't that easy

[Opportunist]

Have you ever tried to get, say, three competing companies to agree to a standard? Well, now try the same with a few hundred. Also, get international and you might get an idea what the problem could be.

Here something we dubbed the "St. Florian principle" strikes (from the old German saying "Holy St. Florian, you saint with the water bucket, spare our houses and burn down others"): As long as it only affects our competitors, why should we agree to increase the overall security?

Besides, even if they could agree that something has to be done, things like that tend to be quite expensive. And banks currently definitly have other problems than losing a few million dollars, they're loosing billions every day.

Re:It ain't that easy

[Opportunist]

I cannot answer that without opening myself to some costy lawsuits. But there is a good reason why banks don't take security more serious.

Ponder for one moment why it could be beneficial for a bank if money is missing and nobody is really able to find out how much...

outdated banking systems

[roman_mir]

According to the payment-card industry, or PCI, standards for credit card transaction security, PIN numbers are supposed to be encrypted in transit, which should theoretically protect them if someone intercepts the data. The problem, however, is that a PIN must pass through multiple HSMs (hardware security module) across multiple bank networks en route to the customer's bank. These HSMs are configured and managed differently, some by contractors not directly related to the bank. At every switching point, the PIN must be decrypted, then re-encrypted with the proper key for the next leg in its journey, which is itself encrypted under a master key that is generally stored in the module or in the module's application programming interface, or API.

"Essentially, the thief tricks the HSM into providing the encryption key," says Sartin. "This is possible due to poor configuration of the HSM or vulnerabilities created from having bloated functions on the device."

Sartin says HSMs need to be able to serve many types of customers in many countries where processing standards may be different from the U.S. As a result, the devices come with enabled functions that aren't needed and can be exploited by an intruder into working to defeat the device's security measures. Once a thief captures and decrypts one PIN block, it becomes trivial to decrypt others on a network.

- seems that one part of a problem is the requirement itself to decrypt/re-encrypt PINs in every HSM.

Other kinds of attacks occur against PINs after they arrive at the card-issuing bank Once encrypted PINs arrive at the HSM at the issuing bank, the HSM communicates with the bank's mainframe system to decrypt the PIN and the customer's 16-digit account number for a brief period to authorize the transaction.

During that period, the data is briefly held in the system's memory in unencrypted form.

Sartin says some attackers have created malware that scrapes the memory to capture the data.

- this is another problem in itself, there shouldn't be a need to decrypt PIN if a correct hash function is used, compare the hash instead, this way PINs don't need to be unencrypted anywhere.

--

This shows that some banking systems are outdated when it comes to security. Another problem that is identified is that there are too many ways for thieves to access and install unauthorized software on these systems.

"Memory scrapers are in as much as a third of all cases we're seeing, or utilities that scrape data from unallocated space," Sartin says. "This is a huge vulnerability."

He says the stolen data is often stored in a file right on the hacked system.

"These victims don't see it," Sartin says. "They rely almost purely on anti-virus to detect things that show up on systems that aren't supposed to be there. But they're not looking for a 30-gig file growing on a system."

- it is not clear what exactly types of systems are mentioned here? If it's the mainframe, where unencoded PINs are compared, then what anti-virus is he talking about? So it's not mainframes, then what, the HMS? Why should a virus be able to cross from a machine that can be affected by a virus to such a device?

Does anyone here know whether these so called 'HMS' machines are in actuality windows 95 boxes connected to the web or something?

Seriously though, the banks need to retrofit.

Also it seems that holding money in a bank is becoming quite troublesome.

Re:Why I Hate Debit Cards

Personally I insist on paying in cold, hard, gold. I'll also only accept payment in gold, silver, or a promissory note signed personally by a gentleman in good standing. I know some people who insist on bartering for goods and services, but they really should come into the 19th century as we have!

Curious

[neokushan]

Strangely enough, about 2 weeks ago I got a call from my bank saying they had noticed some "odd" transactions on my debit card (which is a chip and pin deal).
Very small amounts of money, somewhere between £1.40 and £1.70 had been transferred from my account to various accounts in America, via this card. The strange thing was that this was a brand new card, I had to get my old card replaced just after christmas as an unfortunate wallet incident had cracked the old one in half.
Between January and March, I had bought nearly nothing with the card, certainly nothing out of the ordinary and until now, I was slightly perplexed as to how my card could have been compromised.
I'm glad my bank were on the ball, I've only lost somewhere around £4, which is lucky considering I had a few hundred pounds in my account at the time.

Re:So this is what my $2.00 buys me?

[emocomputerjock]

That's not "free money", that's a Chief Scamming Officer's bonus.

Re:So this is what my $2.00 buys me?

That's not free money. ATM's cost in upwards of $30k (for a Diebold Opteva) - then there is circuit cost, depreciation, loading money in the machines (that doesn't earn interest in the financial institution's overnight account), supplies, maintenance, etc. Unless you're in a high traffic or tourist area, making a couple $100 in PROFIT after all expenses on an ATM is good.

Mostly they lose money. It's a cost-center.

Speaking (as AC) as someone who has 12+ years experience in financial institution back-office operations and data processing.

Re:Doesn't a PIN Require the Physical Card?

[rackserverdeals]

Obvious things like 1-2-3-4 are not allowed.

That's the combination to my luggage!

And that's my computer account password too! That's surprisin #@&%*! NO CARRIER

That's my slashdot password.

Wow. He wasn't joking.

Not in my experience

[FadedTimes]

I work for a Electronic Payments/ATM/Point of Sale/Card Issuer company. If the PIN is in the clear after being decrypted at the bank/card issuer then that is the bank/card issuers issue and not the payment industries fault. The bank/card issuer needs to look at their software vendor who is not secure, as the PIn should never be in the clear. If the HSM device is giving up the key, then that HSM vendor is not secure. How is the hacker getting access to even itneract with the HSM device. These are usually held in a secure environment network and physical access. If the HSM device is not in a secure area then some one has to be responsible for over looking this. These HSM devices are set to self destruct if tampered with. The article calls for a radical change to the payment industry, but all these issues can be resolved with regulation and I belive these rules are already in place. The PCI auditors should be catching these items.

Don't enter your PIN

[Authoritative+Douche]

I never use the Debit Option when using my bank card in a transaction. I always choose credit for two reasons: A) When you use credit, the store pays the transaction fee, if any. I don't know if it's true anymore but last I checked, using a debit card and entering a PIN resulted in a small fee charged to the customer for the transaction. B) The purchase and fraud protections granted by Visa (even on check cards) are reduced or even disappear when you use the Debit option and enter your PIN. If you don't transmit the PIN, you don't need to worry about a MITM decrypting it.

Re:Bank deposit latency

Apparently they forgot to mention another benefit of this system: fraud prevention. We scan any check over a certain amount (I don't know how much, I didn't write the policy). If it's a bad check, we know right away, before the merchandise walks out the door.