European Credit and Debit Card Security Broken

← Back to Stories (view on slashdot.org)

European Credit and Debit Card Security Broken

Posted by timothy on Thursday February 11, 2010 @09:52AM from the pounding-marks-for-euros dept.

Jack Spine writes "With nearly a billion users dependent on smart banking credit and debit cards, banks have refused liability for losses where an idenification number has been provided. But now, the process behind the majority of European credit and debit card transactions is fundamentally broken, according to researchers from Cambridge University. The researchers have demonstrated a man-in-the-middle attack which fooled a card reader into accepting a number of point-of-sale transactions, even though the cards were not properly authenticated. The researchers used off-the-shelf components (PDF), and a laptop running a Python script, to undermine the two-factor authentication process on European credit and debit cards, which is called Chip and PIN."

179 of 245 comments (clear)

Chip and Chip security... wait a second! by LostCluster · 2010-02-11 09:52 · Score: 3, Insightful

Seems like the problem with this system is that the problem is that the PIN is stored on the chip... and that's just as stupid as writing it on the card! The attacks are simple... either a card that always agrees the PIN given is correct, or a terminal that tries to authenticate all 10000 PINS and then learns the right one.
Payment processors have for years been wanting to have an offline secure system, but it just doesn't work. With cheap enough data systems available everywhere, it's not hard for every Wal-Mart most rural gas stations to see a satellite. Get a $20/mo. dial-up account if you have to... there's no reason for anything that does money to be off the grid.
If the PIN is stored online like traditional ATM cards, then there would be a quick way to be sure there's honest checking of the pin and alarms if somebody fails too many times. The American "contact" systems are actually reasons to not require a signature or a PIN... but those are also designed for small-dollar transactions and keeping the fast food line moving. Sure, they're open to cloning risk, but they're willing to take that downside because there's enough upside to using the system.
1. Re:Chip and Chip security... wait a second! by Annymouse+Cowherd · 2010-02-11 09:58 · Score: 1
  
  There are plenty of modern cryptographic systems that could provide offline security, perhaps in the form of a chip.
  Unfortunately, credit and debit card systems are not modern.
2. Re:Chip and Chip security... wait a second! by LostCluster · 2010-02-11 09:59 · Score: 2, Informative
  
  Citation needed... how do you verify a pin without trusting the card or having online access?
3. Re:Chip and Chip security... wait a second! by Spad · 2010-02-11 10:01 · Score: 4, Informative
  
  RTFA. The problem isn't that the PIN is "stored on the card", it's that the card doesn't send any unique data to the terminal when the correct PIN is entered, it just sends a "Correct PIN was entered" message instead.
  So, you stick something between the card and the terminal (the laptop) that intercepts the "Wrong PIN was entered" message from the card and forwards a "Correct PIN was entered" message to the terminal instead.
  TBH I'm rather surprised that any information is allowed to be pulled off the chip without the PIN authenticating the user first; if you had to provide the correct PIN before the card would provide any information it would make it much harder to carry out the fraudulent transaction.
4. Re:Chip and Chip security... wait a second! by Anonymous Coward · 2010-02-11 10:06 · Score: 2, Informative
  
  Three words: Public Key Encryption.
5. Re:Chip and Chip security... wait a second! by LostCluster · 2010-02-11 10:07 · Score: 5, Informative
  
  No. The problem is that the terminal isn't validating the PIN against anything it can trust... it's sending the entered PIN to the card and trusting the result returned, which can easily be spoofed. If the PIN was server-side, it could trust a results-only message... but that's not what's happening here.
6. Re:Chip and Chip security... wait a second! by Conorflan · 2010-02-11 10:08 · Score: 1
  
  "The American "contact" systems are actually reasons to not require a signature or a PIN" I may have misunderstood this statement, but by stating it you appear to be implying that the European system is contactless. Or is "contact" meant to mean something other than physical contact?
7. Re:Chip and Chip security... wait a second! by Spad · 2010-02-11 10:09 · Score: 3, Informative
  
  Replying to myself, if you read the PDF it details the process on page 3; the card actually does almost all of the transaction work before the PIN is entered, all the PIN enables is the "Is this transaction allowed? Yes, it's allowed. OK" part of the process.
8. Re:Chip and Chip security... wait a second! by Cryacin · 2010-02-11 10:10 · Score: 2, Funny
  
  I bet the guy that signed off on the pin being stored on the chip is the same moron who's password is 1,2,3,4,5,6 and has it written on a post it note stuck to his monitor.
  
  --
  Science advances one funeral at a time- Max Planck
9. Re:Chip and Chip security... wait a second! by postbigbang · 2010-02-11 10:14 · Score: 1
  
  Mod parent up. He actually RTFA and surmised the problem.
  And given the MitM attack, there's no fixing this one easily at all. 2600 ought to have the details shortly.
  
  --
  ---- Teach Peace. It's Cheaper Than War.
10. Re:Chip and Chip security... wait a second! by LostCluster · 2010-02-11 10:15 · Score: 1
  
  Yep. That was a typo... I was referring to the "contactless" systems like Blink and the such where you waive your card at a designated point and your card number is read.
11. Re:Chip and Chip security... wait a second! by shentino · 2010-02-11 10:25 · Score: 1
  
  Far better would be for the card to not give out the card number without a correct pin.
12. Re:Chip and Chip security... wait a second! by brainiac+ghost1991 · 2010-02-11 10:31 · Score: 1
  
  They have that in the UK too, visa paywave, my debit card has it. Though I do have to enter my PIN one in ~ every 10 attempts!
13. Re:Chip and Chip security... wait a second! by LostCluster · 2010-02-11 10:31 · Score: 1
  
  Yep... and the "attack" is that anybody, the chip or anybody else can send the in-the-clear "OK" message and the terminal goes through with the transaction. Essentially, the PIN check is a "feel good" level of security that doesn't protect against much.
14. Re:Chip and Chip security... wait a second! by MobyDisk · 2010-02-11 10:35 · Score: 1
  
  The reply about public key encryption is right. But to expand on it, I've seen this called the "digital cash problem" and it is also the same thing as the offline verified voting problem. There's a whole series of problems that boil down to offline verification of something unique. It can be done, but it requires a public key infrastructure and good use of encryption. It's not trivial to do, but it could be done. It's just that... no commercial company so far has had any desire to do it.
15. Re:Chip and Chip security... wait a second! by spun · 2010-02-11 10:37 · Score: 4, Insightful
  
  It seems this system was designed expressly to limit bank's liability by providing the illusion of security. "Oh, fraudulent charges, are they? But you entered your PIN... Can you prove your PIN was compromised? no? Tough then, pay up."
  
  --
  - None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
16. Re:Chip and Chip security... wait a second! by Anonymous Coward · 2010-02-11 10:38 · Score: 1, Interesting
  
  Wouldn't this be simple to fix by making the terminal send first wrong pin and then entered one? If you have something sending "OK" answer in the middle to both requests, the terminal can fail the transaction. Or did I misunderstand something...?
17. Re:Chip and Chip security... wait a second! by jandoedel · 2010-02-11 10:42 · Score: 1
  
  and what if people clone the card? then they have a card with the same Key...
18. Re:Chip and Chip security... wait a second! by LostCluster · 2010-02-11 10:47 · Score: 3, Insightful
  
  MitM would just learn this and deny once and then accept whatever is sent the second time.
  I call the scheme you're promoting as "hut-hut-HIKE" security. Jump offsides on a false call and you're in trouble. If there's a random number of fakes before the real one comes through, then you've got something.
19. Re:Chip and Chip security... wait a second! by LostCluster · 2010-02-11 10:50 · Score: 2, Insightful
  
  I think voting has been more or less "solved" with paper ballots, and a person and machine that will help you mark a paper ballot should you need assistance.
20. Re:Chip and Chip security... wait a second! by mlts · 2010-02-11 10:59 · Score: 2, Interesting
  
  How about storing the PIN similar to how TrueCrypt validates a hash? One value is a random salt, which is decrypted by the PIN the user types in, and that is compared to the second value. Add in a number of rounds to help deter brute forcing.
  However, what really is needed is for the smart card to either delay access with an exponentially increasing time, or after 3-5 bad guesses, the card blocks access to the PIN, until released by the provider, similar to how GSM SIM cards work.
  Best of all worlds is if the European banks just went with a true smart card system in the first place, where offline transactions were signed/decrypted on chip by the card, and the card readers presented the transaction to be signed or declined.
21. Re:Chip and Chip security... wait a second! by DotNM · 2010-02-11 11:07 · Score: 1
  
  In Canada, the MasterCard version is called PayPass and I do have one of these PayPass-enabled cards and haven't had any problems with PayPass specifically (although my MasterCard was compromised just before Christmas but the bank reversed all the fraudulent transactions)
  
  --
  There's no place like localhost
22. Re:Chip and Chip security... wait a second! by jonbryce · 2010-02-11 11:16 · Score: 1
  
  The information isn't being pulled off the chip. That's the point. You have something that simulates a chip saying the PIN was correct, regardless of what you enter.
23. Re:Chip and Chip security... wait a second! by socceroos · 2010-02-11 11:33 · Score: 1
  
  uh, 11 characters.
24. Re:Chip and Chip security... wait a second! by shentino · 2010-02-11 11:44 · Score: 4, Interesting
  
  The problem is that the server storing your account information is trusting the terminal.
  If the terminal can get away with trusting the signal it's getting from the card, then it's actually possible for a counterfeit terminal to rob you without even having the card.
25. Re:Chip and Chip security... wait a second! by shentino · 2010-02-11 11:46 · Score: 1
  
  The pin should be used to encrypt everything else.
26. Re:Chip and Chip security... wait a second! by shentino · 2010-02-11 11:48 · Score: 1
  
  And you're stuck with 50 dollars no matter what, thanks to the banks lobbying.
  I will never ever use a debit or credit card again, thanks to what I have found out today.
27. Re:Chip and Chip security... wait a second! by bangthegong · 2010-02-11 11:48 · Score: 1
  
  I wish I had mod points for you. It's buried at the end of the first page of the article but you're exactly right - they clearly state that the pin you enter is compared to the pin on the card... These researchers didn't even break that comparison mechanism, they just impersonate the chip to tell the payment processor "yup all is well, pin is verified!"
28. Re:Chip and Chip security... wait a second! by tomtomtom · 2010-02-11 12:13 · Score: 1
  
  Given that it's trivial for people to shoulder-surf your PIN anyway (especially for people with "inside" access like security camera operators), the system is fundamentally broken.
  The more interesting question is how hard it is to duplicate a Chip and PIN card; without this, criminals would need to physically steal the card (which of course can and does also happen, often without the victim realising for a few hours). At the moment, (at least from my understanding), the most common form of fraud involves them taking your card away, copying down the details including the CVV2 number then using it online.
29. Re:Chip and Chip security... wait a second! by click2005 · 2010-02-11 12:34 · Score: 1
  
  Chip and Pin in the UK doesn't need a signature.
  You just type your pin into the keypad.
  
  --
  I am a free slashdotter. I will not be modded, blogged, DRM'd, patented, podcasted or RFID'd. My life is my own.
30. Re:Chip and Chip security... wait a second! by CrashandDie · 2010-02-11 12:48 · Score: 1
  
  You can't clone a chip's contents. The keys are generated on the card itself considering there is no need for escrow, so the keys never even leave the card.
31. Re:Chip and Chip security... wait a second! by gnud · 2010-02-11 12:50 · Score: 1
  
  Just like offline money is solved with... well, cash.
32. Re:Chip and Chip security... wait a second! by JackHoffman · 2010-02-11 13:02 · Score: 1
  
  No, the payment processor is made to believe that PIN authentication isn't used. The false PIN-OK message is between the MITM and the terminal. The PIN entered is not actually compared to the PIN on the card. The MITM handles the card according to the "chip and signature" protocol and the terminal according to the "chip and PIN" protocol.
33. Re:Chip and Chip security... wait a second! by JackHoffman · 2010-02-11 13:12 · Score: 1
  
  It's either/or. You can authenticate with the chip and your signature, then the merchant eats the damage if the signature turns out to be fake. Or you can authenticate with the chip and your PIN, then the usual assumption is that the customer didn't keep the PIN a secret. The attack works by pretending to the terminal that the card performs PIN authentication. The card, and by extension the bank, are made to believe that the customer wants to use signature authentication.
34. Re:Chip and Chip security... wait a second! by RichardJenkins · 2010-02-11 13:28 · Score: 1
  
  The chip and pin cards still have the card data in a magnetic strip
35. Re:Chip and Chip security... wait a second! by Ironsides · 2010-02-11 13:43 · Score: 1
  
  But how does that stand up to a man in the middle attack? Terminal starts session with MitM and MitM starts session with Card. MitM is simultaneously encrypting/decrypting the data to send it between the terminal and card and seeing everything all the time. Unless you have a pre-shared key, which is defeat-able in the case, what you describe is still subject to a MitM attack.
  
  --
  Fly me to the moon Let me sing among those stars Let me see what spring is like On jupiter and mars
36. Re:Chip and Chip security... wait a second! by lgw · 2010-02-11 13:46 · Score: 2, Interesting
  
  To actually be secure, the card and the terminal would need to generate a shared secret in a way immune to a MitM attack, which can only reasonably be done with a certificate and a certificate authority (or other public key infrastructure), just as is done with HTTPS. Even then the terminal would need to be occasionally online to get cert updates, so it's not a perfect solution (plus there are still cert and CA based attacks possible).
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
37. Re:Chip and Chip security... wait a second! by JackHoffman · 2010-02-11 13:52 · Score: 1
  
  No, the whole protocol is designed such that the important information is exchanged in authenticated packets between the chip on the card and the issuer's servers, with the terminal acting as a dumb relay. The terminal could not perform any transactions without a genuine card if there had not been the 2010 mishap: That caused the mag-stripe authentication to be reactivated. Once that problem is solved and the non-chip authentication methods are finally disabled, a transaction will require a genuine card, no matter what an attacker does to the terminal.
  The problem described in the paper is that the terminal (and by extension the merchant) can't tell that the card performed a "chip and signature" authentication instead of the negotiated "chip and PIN" authentication.
38. Re:Chip and Chip security... wait a second! by tg123 · 2010-02-11 14:12 · Score: 1
  
  RTFA. The problem isn't that the PIN is "stored on the card", it's that the card doesn't send any unique data to the terminal when the correct PIN is entered, it just sends a "Correct PIN was entered" message instead.
  So, you stick something between the card and the terminal (the laptop) that intercepts the "Wrong PIN was entered" message from the card and forwards a "Correct PIN was entered" message to the terminal instead..............
  Please mod this up this is the point the article is trying to make.
  All that needs to happen is the message Pin Verified or a similar message is sent to the EFTPOS terminal and the transaction goes through.
39. Re:Chip and Chip security... wait a second! by cduffy · 2010-02-11 14:30 · Score: 1
  
  Umm. I wouldn't call paper ballots alone a "solution" to the issue of voting security.
  There are means for generating cryptographically secured paper ballots -- see PunchScan, for instance, which allows you to take a (paper) receipt with you which you can use to prove that your vote was correctly recorded, but which can't be used to prove how you voted to others.
  I think there's no question that a paper voting system which incorporates those features is better than one that does not, so claiming that using paper ballots on its own causes the problem to be "solved" is fallacious.
40. Re:Chip and Chip security... wait a second! by BrokenHalo · 2010-02-11 15:09 · Score: 1
  
  Incidentally, lots of banks don't allow commas or any other punctuation characters in internet banking passwords. I can't think of a single valid reason why, so the policy seems totally craniorectal to me.
41. Re:Chip and Chip security... wait a second! by ppanon · 2010-02-11 15:44 · Score: 2, Funny
  
  That's OK. The TSA already drilled out the lock the last time you flew anyways
  
  --
  Laissez lire, et laissez danser; ces deux amusements ne feront jamais de mal au monde. - Voltaire
42. Re:Chip and Chip security... wait a second! by Cassius+Corodes · 2010-02-11 17:39 · Score: 1
  
  You think that is bad - my superannuation fund's security is a ID number, date of birth and a 9 digit password (digit - as in only numerals). WTF
  
  --
  Control is an illusion, order our comforting lie. From chaos, through chaos, into chaos we fly
43. Re:Chip and Chip security... wait a second! by Rophuine · 2010-02-11 18:10 · Score: 1
  
  The problem is that the MitM can spoof the "correct PIN was entered" response, and this isn't a part of the transaction MAC (basically an encrypted summary of what happened). If the card used the PIN verification result in the MAC the card issuer could detect this attack trivially. Unfortunately, this is an implementation detail which each bank would have to manage separately. New cards need to be rolled out.
  And the consumer still has no idea if his card is safe or not.
44. Re:Chip and Chip security... wait a second! by Rophuine · 2010-02-11 18:19 · Score: 1
  
  The PIN storage or retry delay is not the issue. Cards ALREADY block access to the PIN after several failed attempts. The problem is that the bank is not able to detect that the card was never presented the PIN in the first place. The terminal thinks the PIN was verified, but it never gets passed on to the card.
45. Re:Chip and Chip security... wait a second! by Rophuine · 2010-02-11 18:23 · Score: 1
  
  As I did work in banking security for years...
  This makes things worse. Before, the evidence trail was clear and understandable, and the consumer was well-protected. Signatures don't match? Consumer not liable.
  Now, the system is still very breakable, but the evidence is complicated and often makes it look like the consumer was at fault. Consumer liable for transactions they never authorized.
46. Re:Chip and Chip security... wait a second! by lindseyp · 2010-02-11 19:10 · Score: 1
  
  I've lost a significant amount of money to a "man in the middle" attack involving regular signed cards.
  My cards were raped to the max, with forged signatures, and returned to my person so I didn't find out about the charges until months later.
  Credit card co's response? "You signed. Even if you *claim* those are not your signatures, you admit you were at the establishment, you were drinking (I was) and you let the cards out of your sight, you're negligent.. cough up."
  I'm talking AMEX gold, here, for several tens of thousands of dollars. I know very many people to whom the same thing has happened.
  Their publicity over 'liability' is bunk. If you can't *prove* a crime was committed, they don't have to pay.
  Be VERY careful with your credit cards. It could happen to you.
  
  --
  j'ai découvert une démonstration vraiment admirable (de ce théorème général) que cette si
47. Re:Chip and Chip security... wait a second! by mlts · 2010-02-11 20:09 · Score: 1
  
  That is why I wished the banks took the high road and went with on-chip signing and validating. This way, a terminal could tell if the request for a transaction was actually signed, versus not, and deal with that.
  Any other method than the tried and true public key standards is just asking for trouble. Had these banks took the time and trouble to do a PKI-based transaction process, the blackhats would be attacking the physical cards for the keys one by one, as opposed to cracking the whole system wide open.
48. Re:Chip and Chip security... wait a second! by maevius · 2010-02-11 20:28 · Score: 1
  
  Actually in the EMV specifications the terminal has to authenticate the card via a key exchange, however this is not used to encrypt the communication between the card and the terminal.
  
  On the bright side this attack can only work on offline transactions which must be below a bank specified floor limit (the upper limit that the transaction can be authorized on the floor). For online transactions the PIN is also sent to the bank so this will fail. In practice some banks have a zero floor limit so all transactions have to be authorized online. Even if the floor limit is not zero, it never is over about 10 euro or something like that
49. Re:Chip and Chip security... wait a second! by vtcodger · 2010-02-11 20:36 · Score: 1
  
  ***I can't think of a single valid reason why***
  Probably a fear that someone will find a bug that causes the password or information appended to it treated as a command to some subsystem. Isn't that sort of "no problem, it's just data, it can't do any harm" thinking, the fulcrum for a lot of attacks?
  
  --
  You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
50. Re:Chip and Chip security... wait a second! by JasterBobaMereel · 2010-02-11 20:57 · Score: 1
  
  If the terminal needs updates then so does the card... and it gets them from .. the terminal!
  
  --
  Puteulanus fenestra mortis
51. Re:Chip and Chip security... wait a second! by maevius · 2010-02-11 21:05 · Score: 1
  
  If you can't *prove* a crime was committed, they don't have to pay.
  If they can't prove a transaction was initiated by you then you don't have to pay
  
  In case of a dispute of a transaction with a magnetic card (and sometimes with EMV cards), in order for the bank to prove that the transaction is legitimate the receipt must have a signature that matches the signature on your ID. If the signature is not the same according to law you have no obligation of paying up and if the amount is big enough you can sue the bank or just don't pay the amount and wait to get sued by the bank.
  
  The main reason magnetic cards were replaced by EMV cards is that the fraud costs had to be covered by the bank and by the merchant (because they did not check an ID). With EMV cards if a signature is not required and somehow someone makes a transaction with your card, you are screwed
52. Re:Chip and Chip security... wait a second! by maevius · 2010-02-11 21:12 · Score: 1
  
  In order for the transaction to be authorized by the server, the PIN is encrypted and sent by the terminal using a symmetric key that the bank gives the terminal vendor. So no this is not possible
53. Re:Chip and Chip security... wait a second! by jimicus · 2010-02-11 21:26 · Score: 1
  
  If they can't prove a transaction was initiated by you then you don't have to pay
  In case of a dispute of a transaction with a magnetic card (and sometimes with EMV cards), in order for the bank to prove that the transaction is legitimate the receipt must have a signature that matches the signature on your ID. If the signature is not the same according to law you have no obligation of paying up and if the amount is big enough you can sue the bank or just don't pay the amount and wait to get sued by the bank.
  There are actually instances of customers doing something very like that - and the bank taking the view "We still believe you did it, so we're going to report you to the police for fraud".
  Yes, I know all the "innocent until proven guilty" stuff - but for a lot of people just the accusation of fraud would be very damaging indeed.
54. Re:Chip and Chip security... wait a second! by AVee · 2010-02-11 21:28 · Score: 3, Insightful
  
  I'm fairly certain that's at least a risky thing to do. Assuming the chips in the UK behave pretty much the same as those in the Netherlands, the chip will lock up and refuse to authorize anything after 3 failed attempts in a row. Up to the point where you have to go to your bank and request a new card, it won't (and hopefully can't) be reset.
  Now imagine mistakenly using the PIN from your other card in a terminal which decides to pre-test with 2 random PINs.
  
  Regardless, even though this attack is not technically extremely complex, it isn't that easy to pull it of in practice. You need to steel a card, and use a fake cards with wires dangling from it in a shop. You also need to buy something which isn't registered to your name in any way, which is easy to convert to cash, valuable enough to make it worth the risk and effort and preferably sold somewhere without CCTV.
  It sure isn't impossible, but it's probably easier to earn your illegal cash some other way.
55. Re:Chip and Chip security... wait a second! by j_sp_r · 2010-02-11 21:29 · Score: 1
  
  Except if A) the user entered the wrong PIN and B) the fake was the true PIN. Would happen a lot with only 10000 possible PIN numbers.
56. Re:Chip and Chip security... wait a second! by jimicus · 2010-02-11 21:30 · Score: 1
  
  You assume the bank is trying to achieve absolute security.
  This, I fear, is mistaken.
  There will always be a certain level of fraud and the banks are well aware of this. What they're trying to do is raise the bar so the amount of fraud drops and/or limit their liability so the person who suffers as a result isn't them. If a more sophisticated chip will cost a few pence more (multiplied by every card they issue with that chip....) but won't actually reduce their liability any further, why bother?
57. Re:Chip and Chip security... wait a second! by AVee · 2010-02-11 21:40 · Score: 1
  
  That would:
  - Be a lousy key for any sort of encryption.
  - Hurt especially bad because the protocol is bound to generate 'known plaintext'.
  - Actually make it really easy to recover the pin from just sniffing a valid transaction.
  
  The GP is wrong, it's not faking a no-PIN transaction in any way. It faking the 'Yeah this PIN is correct' response from the card when the request to verify the PIN is send. The real problem is that no verification is do to check that this response is actually send by the correct card.
58. Re:Chip and Chip security... wait a second! by maevius · 2010-02-11 21:46 · Score: 1
  
  If things go that way, you will end up in court (and probably win). I have never heard of a case that went to court but I know many cases that the bank (or the merchant) just paid up. But if you just accept the bullshit a low management bank employee tells you, you are screwed anyway. Nevertheless if the bank is determined not to pay it is gonna get ugly
59. Re:Chip and Chip security... wait a second! by AVee · 2010-02-11 21:47 · Score: 1
  
  Wrong. The attack works by faking the 'This PIN is correct' response from the card. The terminal will assume (wrongly) that the response came from the real card and tell the bank that the PIN was validated. The bank's logs will show a normal PIN authenticated transaction.
60. Re:Chip and Chip security... wait a second! by AVee · 2010-02-11 21:49 · Score: 1
  
  I will never ever use a debit or credit card again, thanks to what I have found out today.
  Smart move. Nevermind this attack will never hurt you when you are using your card, but only when you loose it. If you know where your card is and report it to your bank as soon as it's stolen your fine.
61. Re:Chip and Chip security... wait a second! by AVee · 2010-02-11 22:07 · Score: 1
  
  No, the payment processor is made to believe that PIN authentication isn't used. The false PIN-OK message is between the MITM and the terminal. The PIN entered is not actually compared to the PIN on the card. The MITM handles the card according to the "chip and signature" protocol and the terminal according to the "chip and PIN" protocol.
  And since the terminal is handled according to the Chip and PIN protocol and the payment processor is talking to the terminal the payment processor will believe that PIN authentication is used.
  Also, the PIN is never send to the card at al. Instead the MitM response to that request with a 'PIN OK' response.
62. Re:Chip and Chip security... wait a second! by locofungus · 2010-02-11 22:09 · Score: 1
  
  So, you stick something between the card and the terminal (the laptop) that intercepts the "Wrong PIN was entered" message from the card and forwards a "Correct PIN was entered" message to the terminal instead.
  No. That could be detected.
  What this does is that the terminal sends the pin to the card. This is intercepted and a "Authenticated by signature" message sent to the card instead. The OK response to that "Authenticated by signature" is changed into an OK response "Authenticated by PIN" before being sent to the terminal.
  So the terminal sees a complete and correct "Authenticated by PIN" exchange and the card sees a complete and correct "Authenticated by Signature" exchange.
  And, AFAICT, there is absolutely no way, after the fact, to detect that this has been done. There is nothing recorded on the card that would indicate a signature authentication would be done. Even the "incorrect pin" counter is not incremented as no incorrect pin was ever sent to the card.
  Tim.
  
  --
  God said, "div D = rho, div B = 0, curl E = -@B/@t, curl H = J + @D/@t," and there was light.
63. Re:Chip and Chip security... wait a second! by RichiH · 2010-02-11 22:15 · Score: 1
  
  Not true. SSL works in similarly hostile environments.
  The underlying problem is that this hardware was developed ages ago, needs to be cheap, has a huge installed base and that there has not been any public pressure, yet.
64. Re:Chip and Chip security... wait a second! by makomk · 2010-02-11 22:22 · Score: 1
  
  Not quite. As far as I can tell from the paper, this does actually work for online transactions since the PIN itself is never sent to the bank except by ATMs.
65. Re:Chip and Chip security... wait a second! by maxwell+demon · 2010-02-11 22:47 · Score: 1
  
  I think this should be solvable with a little bit of public key cryptography.
  First, the issuing company has its own public/private key pair. The private key never leaves the company, the public key gets installed on all terminals.
  When issuing a card, a new public/private key combination as well as the PIN is generated. The public key is signed with the company's private key. The PIN is used as password to encrypt the private key with some symmetric cipher. Both the certificate and the encrypted private key are stored on the card. Also, the card's number as stored on the card gets signed with the card's private key, and then this full package gets signed with the company's private key (so the company key certifies that the card's key indeed belongs to that card's number). Also, the issuing company stores a copy of the card's public key on its servers.
  Now at a transaction, first the card authenticates itself by sending its card number and the signed public key. The terminal checks the company signature, and therefore can be sure that it's really a key created by the manufacturer. It also tests the signature on the card number, so it sees that the key really belongs to the card. Then it sends the sales information and the entered PIN to the card. The card uses the PIN to get the card's own private key, and then signs the token using that private key and sends back the result. The terminal checks the signature, so it can see that the card indeed knows the private key, which it only can if the PIN was right. The signed sales information is then used for charging the credit card. When the credit card company receives the sales information, it can check the signatures against its copy of the corresponding public key, and therefore verify that the sale was authorized.
  
  --
  The Tao of math: The numbers you can count are not the real numbers.
66. Re:Chip and Chip security... wait a second! by maevius · 2010-02-11 22:55 · Score: 1
  
  On a closer look it seems you are correct. Not sending the PIN on the cryptogram is a very very stupid thing to do. Let's just hope it's not practical to carry all this equipment and use the attack without being seen
67. Re:Chip and Chip security... wait a second! by KDR_11k · 2010-02-12 00:17 · Score: 1
  
  Except paper ballots can be thrown away, making your vote not count.
  
  --
  Justice is the sheep getting arrested while an impartial judge declares the vote void.
68. Re:Chip and Chip security... wait a second! by KDR_11k · 2010-02-12 00:23 · Score: 1
  
  You can still check what the response for the entered PIN is, if it doesn't say "correct" on two different PINs you can just take the result given at the entered PIN.
  
  --
  Justice is the sheep getting arrested while an impartial judge declares the vote void.
69. Re:Chip and Chip security... wait a second! by KDR_11k · 2010-02-12 00:33 · Score: 1
  
  The PIN would be sent to the bank but the MitM tells the card that you didn't enter a PIN, just sign on the dotted line and that's what the card tells the bank, it doesn't even know you entered a PIN.
  
  --
  Justice is the sheep getting arrested while an impartial judge declares the vote void.
70. Re:Chip and Chip security... wait a second! by DBMandrake · 2010-02-12 00:43 · Score: 1
  
  RTFA - this attack DOES work in online transactions, and the entered PIN is not sent to the bank even in online transactions.
71. Re:Chip and Chip security... wait a second! by AmiMoJo · 2010-02-12 00:47 · Score: 1
  
  You are both wrong. The PIN isn't being validated at all.
  As a fall-back you can opt to verify the transaction with a signature instead of a PIN. The terminal sends a PIN verification request to the fake card, which is intercepted. The device then authenticates with the real card using the signature method and passes back the "transaction authenticated" message to the fake one which in turn passes it on to the terminal.
  Signatures still have to be supported as some people can't use PINs (numerical dyslexia etc.)
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
72. Re:Chip and Chip security... wait a second! by hesaigo999ca · 2010-02-12 03:51 · Score: 1
  
  Except there will always be ones smarter then the small food chains. I can only imagine how easy it is to clone a card that has some money on it, and then use it anywhere. If you have to dial home to find out how much left is on the card, then that is better, also include the fact that verification happens at card level, instead of dial home level, I can't really trust these systems.
  I allow myself only a small amount avail. on my atm card at any moment, and when I need more, I call in using a phone to the bank and ask them to transfer from my account that is not on the card to the account that is on the card, for the amount i need + a bit of change. This way if ever someone steals my info, forget trying to get money, I will know about it right away from my bank. If you try to use it more then 3 times after they sent a message saying you do not have enough money, they suspend the card. So someone trying to guess how much they can take uses up those attempts quickly only to find they can get a few dollars.
73. Re:Chip and Chip security... wait a second! by RogerWilco · 2010-02-12 06:57 · Score: 1
  
  I've seen an interview on the BBC with the researchers that discovered the method, and your description is exactly what happens.
  They make the POS think that the pin was valid, and they make the chip in the card think that a signature was used instead of a pin.
  
  --
  RogerWilco the Adventurous Janitor
74. Re:Chip and Chip security... wait a second! by hrimhari · 2010-02-12 07:36 · Score: 1
  
  Your knowledge on smartcard authentication seems to be faulty:
  1. In GSM cards, the correct PIN gives you the right to use internally stored encryption keys to generate a temporary token. You don't have the right to read the key, just to use it. It's the card that does the encryption. Your fake card can say the PIN is correct all it wants, but it won't have the right keys to generate a token. Of course, PIN authentication must be enabled or you'll always have the right to use the key.
  2. You have a very limited number or retries. If you fail 3 times, your PIN is locked in the card. If you fail to unluck the PIN with the PUK another 3 times, you'll need the admin PIN. If you fail the admin PIN 5 times, there's no way to unlock the card.
  It doesn't mean that's how banking cards work. it's just to show you that your arguments aren't granted just because it's a card based PIN authentication.
  The problem is not that it's on-card authentication, but the way it was designed. It's just like this problem reported a while back.
  
  --
  http://dilbert.com/2010-12-13
75. Re:Chip and Chip security... wait a second! by MobyDisk · 2010-02-12 09:32 · Score: 1
  
  But they can't get away with it.
  First of all, you should be placing the paper ballot into the box yourself. Then there is a count of the number of ballots that make it into the box. In some cases, the ballots may be numbered or tracked so that they can tell who lost the ballot or when. Then, the observers who watch the ballot box should have seen when it happened and why. And the people who remove the ballots from the box and count them are observed by watches from both (all) parties, plus anyone can register to become an independent observer who can watch but not interfere.
  The reason people are against electronic voting is because it is hard to do the digital equivalent of watching the ballot box.
76. Re:Chip and Chip security... wait a second! by WarlockD · 2010-02-12 11:57 · Score: 1
  
  See this is a simple fix, you don't even need a whole public encryption thing for a simple pin verify process.
  If you want to eliminate the man in the middle, just encrypt entire packet with a predetermined seed+pin containing some random data. It decrypts it and sends back the random data xored with a random seed. The terminal now has a way to send a single message to the card that can't be intercepted. If ithe pin was bad (sends trash) the card ticks it off as a use. If the pin was good, the message is clear to the card that it was verified and it doesn't tick it as a bad pin. This makes it so that if someone is just sending garbage to the card to break it, it will lock itself and it eliminates the man in the middle operation for the card.
  This is only for the communication for the card though. A hacked terminal at a gas station would be much easier to steal pins.
  Meh, I think its not about just getting companies to do it. We need some education. Seriously, from elementary school to high school kind of stuff. The idea behind public/private key encryption or verification is really really easy. You don't need alot of math for any of it. It just gets bogged down in it:P
  PS - God. Its like my damn cheep safe I got from cosco. All the electronics are on the faceplate and only two wires go to the solenoid for the bolts in a little hole.
77. Re:Chip and Chip security... wait a second! by LostCluster · 2010-02-12 12:38 · Score: 1
  
  A 1/1000 risk of a false acceptance is certainly tolerable... the fraudster will be caught next time unless they're 1-in-a-million lucky.
78. Re:Chip and Chip security... wait a second! by BrokenHalo · 2010-02-13 19:23 · Score: 1
  
  Probably a fear that someone will find a bug that causes the password or information appended to it treated as a command to some subsystem.
  
  That particular hole was well-known to exist in a few systems decades ago, but I would have thought that modern systems would be pretty much bombproof against that by now.
79. Re:Chip and Chip security... wait a second! by shentino · 2010-02-15 13:35 · Score: 1
  
  What about chipless cards? Which, btw, are still being issued.
Man in the middle is Greece! by Orga · 2010-02-11 09:54 · Score: 2, Funny

They finally figured out how to bail themselves out
1. Re:Man in the middle is Greece! by LostCluster · 2010-02-11 10:02 · Score: 2, Insightful
  
  They finally figured out how to get someone to bail them out
  There... fixed that for you.
Ambiguous data as vali by Anonymusing · 2010-02-11 09:56 · Score: 2, Funny

FTA: "The central problem with the EMV protocol is that it allows the card and the terminal to generate ambiguous data about the verification process, which the bank will accept as valid... while a PIN must be entered, any PIN code would be accepted by the terminal."
That's a serious flaw. You've got to insist on data being valid if you are going to record it as valid.
It's a good thing that we don't rely on ambiguous data in any other part of life.

--
Liberal? Conservative? Compare perspectives at Left-Right
1. Re:Ambiguous data as vali by Atryn · 2010-02-11 11:42 · Score: 1
  
  It's a good thing that we don't rely on ambiguous data in any other part of life.
  You aren't married, are you? Atryn
  
  --
  Come play Moral Decay!
Sigh! Go ahead, by kclittle · 2010-02-11 09:58 · Score: 4, Funny

... blame Python! :)

--
Generally, bash is superior to python in those environments where python is not installed.
1. Re:Sigh! Go ahead, by FooAtWFU · 2010-02-11 10:17 · Score: 2, Funny
  
  You know, they say a lot of things about Python, but at least it doesn't name two of the most basic and important language operations after the contents of address register and contents of decrement register like some (otherwise-spiffy (if you overlook the (numerous) parentheses)) languages out there.
  (Just the contents of cash register, apparently.)
  
  --
  The World Wide Web is dying. Soon, we shall have only the Internet.
2. Re:Sigh! Go ahead, by Anonymous Coward · 2010-02-11 11:17 · Score: 1, Funny
  
  All I know is that the script could have been done in Ruby on rails in 1/2 a line. THAT'S HOW GOOD RUBY IS!!!
3. Re:Sigh! Go ahead, by AlgorithMan · 2010-02-11 19:27 · Score: 1
  
  IT'S MONTY'S FAULT!
  
  --
  The MAFIAA is a bunch of mindless jerks who will be the first up against the wall when the revolution comes
Strike at the heart of the problem by OglinTatas · 2010-02-11 10:01 · Score: 5, Funny

The researchers used off-the-shelf components (PDF), and a laptop running a Python script...
It is long past time for governments to criminalize the use of Python.

--
More music, fewer hits
1. Re:Strike at the heart of the problem by spun · 2010-02-11 10:40 · Score: 3, Funny
  
  The researchers used off-the-shelf components (PDF), and a laptop running a Python script...
  It is long past time for governments to criminalize the use of Python.
  Or at least criminalize its use... on a plane.
  
  --
  - None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
Not really surprising... by davebert · 2010-02-11 10:02 · Score: 4, Insightful

Chip & Pin has never been about minimising fraud - it's about pushing the responsibility from the banks onto the customers. And they're doing the same thing with the ridiculous Verified By Visa programme which just trains people to fall for phishing scams.
1. Re:Not really surprising... by LostCluster · 2010-02-11 10:11 · Score: 1
  
  Like I said elsewhere, this is from the branch of security known as "false sense of". If you're constantly troubled for a PIN it means you'll feel safer... but when that PIN isn't needed by the fraudster we're back to the same point we were with "dumb" cards.
2. Re:Not really surprising... by GrievousMistake · 2010-02-11 10:54 · Score: 1
  
  I see this attitude a lot on /., but I don't understand where it comes from? It seems obvious to me that having a strong verification system in place is a good thing for everybody but the fraudsters.
  In this case it turns out that it wasn't actually secure, which raises concern about whether the protocol was subject to adequate public scrutiny before it was decided to employ on such a massive scale. But do you have any reason to say that they aren't actually interested in preventing fraud?
  Are there more secure methods that they are refusing to employ? Or are you saying that the problem of secure authentication is inherently unsolvable, and that they should just give up and resign themselves to laughable measures like signatures and card numbers?
  
  --
  In a fair world, refrigerators would make electricity.
3. Re:Not really surprising... by Tanktalus · 2010-02-11 11:43 · Score: 3, Insightful
  
  But do you have any reason to say that they aren't actually interested in preventing fraud?
  Because they keep outsourcing the development of a mission-critical security system to the lowest bidder instead of the most qualified. They probably throw in laughable constraints, too, such as having to work on existing POS terminals.
  If they were truly interested in preventing fraud instead of denying liability (while still getting to say in marketing that they protect you from fraud), they would contract the design of this system out to some real security experts - and, given the obvious quality of their design team in matters of security, they could post the job offer on slashdot to get some reasonable candidates - who would then use a public-private key encryption scheme where the POS terminal's public key would have to be signed by the credit card authority's private key, which could be verified by the chip by using the public key therein, and then the chip would use that public key to encrypt its own public key, which would be used by the POS terminal to encrypt the PIN that the user typed in, and send it back. And then, no matter whether the PIN is valid or not, the chip would send back some sort of data encrypted with the POS' public key again. That data would decrypt to something that was encrypted with the credit card company's public key, so that the POS terminal would then have to send it back to the credit card center (Visa, MC, Amex, whatever) to get it decrypted (along with its own public key so the credit card company could re-encrypt its response) to validate. The data sent back to the credit card company would include: the encrypted confirmation from the card (plus some random data that can get chopped off, e.g., some JSON-like data: '{verified:true,defeat-listeners:"adsh65ouhdsakljt"}' would be easy enough for the credit card company to get what it needs while discarding the rest while resulting in the packet changing every time), the amount of the transaction, the public key of the POS terminal, all encrypted again with the upstream public key. Upstream could decrypt, extract, and decrypt again. Oh yeah, and before the chip gets printed, its own public key would have to be signed by the credit card company, just to make it that tiny bit more difficult to forge.
  For a laptop to sit in the middle and get anything out of such a system would be practically impossible. And, if done right, defeating it once won't mean easy-sailing after that. Maybe an electron-microscope on an exposed chip might help ... but even then, I'm not sure it'd help enough.
  And before real security experts jump on me, this is just something I thought up over the last ten minutes. If I were given a $50,000 consulting contract to design this, I'd spend far more than 10 minutes on it, and might find some of the kinks that are likely obvious to much more experienced people than I.
4. Re:Not really surprising... by Wowsers · 2010-02-11 11:44 · Score: 1
  
  I don't know why it was anon posted, but I claim this as mine damn it!
  
  --
  Take Nobody's Word For It.
5. Re:Not really surprising... by cdrguru · 2010-02-11 12:27 · Score: 4, Informative
  
  The problem is that the merchants have insurance and the number of fraudulent accesses is pretty small. So merchants are reluctant to spend $10,000 per terminal for a system as you describe.
  They have been already forced to spend $1000-$2000 per terminal already for something that has $100 of components in it.
  Sure, it could be done as you suggest. But a lot of these systems were designed to work over a 300 baud modem or with no external connection at all - just buffering stuff up until later. So now you would also require a real Internet connection from each terminal. Well, the costs just keep going up on the merchant.
  The end result is that merchants just say they can't implement something like that in all locations. Or the box is too expensive and they aren't buying any of them. So instead of universal penetration it is 5 or 10 percent of the merchants.
  The reason they went with a low-cost, easy-to-implement solution in the first place was to gain wide (if not universal) acceptance so these things could be at every POS location everywhere. No matter what system the merchant was using or at least minimal interface requirements. It is like credit card terminals in the US - there are still a large number of places where they put the sale information into one system and then re-key the sale into a credit card terminal because integrating is too expensive and the terminals are relatively cheap.
6. Re:Not really surprising... by Rophuine · 2010-02-11 18:32 · Score: 1
  
  It's a cost-benefit analysis, and "pushing $x worth of liability onto someone else" works out to be not too much worse than "preventing $y worth of fraud", if $x = $y. Now if $x > $y, suddenly they're better off moving the liability than preventing the fraud. Similarly, if the first option costs more than the second, even if $x = $y, they're better off just moving liability.
  This is why Britain has a historical problem of card fraud, and the US has a much better record. The US never let the banks push liability onto the consumer, regardless of the technology. This removes a whole segment of the CBA, meaning it's purely "cost of security vs. cost of fraud it would prevent".
7. Re:Not really surprising... by Rophuine · 2010-02-11 18:35 · Score: 1
  
  Ah, it was meant to be much more than that. It was meant to make it easier for the banks to blame the consumer for fraud, and avoid liability themselves. It has achieved this. You're right as regards actual security.
8. Re:Not really surprising... by julesh · 2010-02-11 20:22 · Score: 1
  
  Chip & Pin has never been about minimising fraud - it's about pushing the responsibility from the banks onto the customers
  Unfortunately for them, this crack destroys their means for doing this. The way they did it was by contractually obliging the customer to keep their PIN safe: anyone other than the customer knows the PIN, they can blame the customer and not provide a refund of the money the customer has lost.
  Now, however, card thieves will be able to take money from accounts _without knowing the PIN_. And furthermore, even in cases where the card thief does know the PIN, the bank _will not usually be able to prove they did_. Therefore, the responsibility for those unauthorised transactions is now squarely back on the bank's shoulders.
9. Re:Not really surprising... by julesh · 2010-02-11 20:27 · Score: 1
  
  The end result is that merchants just say they can't implement something like that in all locations. Or the box is too expensive and they aren't buying any of them. So instead of universal penetration it is 5 or 10 percent of the merchants.
  When the system was introduced there was 100% merchant penetration. The merchants were told that they had to upgrade their terminals, because the old ones would stop working.
10. Re:Not really surprising... by Threni · 2010-02-11 21:10 · Score: 1
  
  Your hypothesis needs more evidence. For example, it needs to explain the decrease in credit card fraud (and subsequent increase in cheque fraud).
  Also, who is "they"? You're conflating `the banks` with Visa. Visa isn't a bank.
11. Re:Not really surprising... by welshie · 2010-02-11 22:29 · Score: 1
  
  Only last week, a merchant's fancy EPOS system was completely down, and they were having to revert to doing all stock control by pen and paper, and use the old fashioned card imprinter - somethng that I haven't seen done in many years. It will be interesting to see if the paper trail does eventually finish, and someone manages to read the very poorly recorded card number. I guess if the NCR slip is unreadable, the liability lies with the merchant.
12. Re:Not really surprising... by Twylite · 2010-02-11 23:09 · Score: 1
  
  Security is not the only concern in a payment system, nor is it the most important. Reliability and availability are usually more important. Cost (including logistics) is weighed against risk (which may be reduced through enhanced security) to determine an appropriate equilibrium for all these requirements.
  
  --
  i-name =twylite [http://public.xdi.org/=twylite], see idcommons.net
13. Re:Not really surprising... by toQDuj · 2010-02-12 05:13 · Score: 1
  
  I am sorry, but I cannot help reading your piece translating the TLA POS as Piece Of Shit. This makes it quite funny..
  
  --
  Every experiment which ends in a big bang is a good experiment.
14. Re:Not really surprising... by AK+Marc · 2010-02-13 10:04 · Score: 1
  
  So merchants are reluctant to spend $10,000 per terminal for a system as you describe.
  
  It would take no more programming than is already in their systems, it would just be done under the presumption that *everything* will be compromised. They spent lots of time and money on a system with improper assumptions, and have been hacked for it. The hardware is all there.
  
  Sure, it could be done as you suggest. But a lot of these systems were designed to work over a 300 baud modem or with no external connection at all - just buffering stuff up until later.
  
  Not anymore. They are expected to be online all the time. The merchant loses protections if they aren't. It's cheaper to get an IP version and pay for a year of Internet than have just one fraudulent transaction. They even sell GPRS and such models so you don't even need land-lines, and any number of satellite companies will run you satellite Internet, which these systems are designed to operate over, in case you can't get cell coverage or land lines.
  
  The reason they went with a low-cost, easy-to-implement solution in the first place was to gain wide (if not universal) acceptance so these things could be at every POS location everywhere.
  
  And when low-cost and convenient are the main goals, is anyone surprised they get compromised?
  
  --
  Learn to love Alaska
Not News by sexconker · 2010-02-11 10:03 · Score: 4, Informative

This is not news.
This is the way the system was designed.
It was designed to be shitty and insecure so fraud could continue.
It was sold as being highly secure in order to get them into widespread use and to get the laws set up to remove all liability from the banks as long as the system says the card is good.
The banks profit off of fraud.
This is all intentional, and it has been going on in criminal circles with these cards before day one. The only difference now is that some group has publicly revealed the sordid details.
Figures... by DoofusOfDeath · 2010-02-11 10:05 · Score: 4, Funny

Leave it to an English university to focus on phish and chips...
Re:RFID passports by Spad · 2010-02-11 10:06 · Score: 4, Informative

Only because America decided they wouldn't let any of us into the country if we didn't implement RFID passports.
BANKS are not a fault its VISA and MASTERCARD by johnjones · 2010-02-11 10:11 · Score: 1

well done Steven J. Murdoch, Saar Drimer, Ross Anderson, Mike Bond
please dont sell out now !
make sure that they publish and do so in a Open and transparent their new system !
regards
John Jones
http://www.johnjones.me.uk
p.s. i wonder what they 'purchased'
withdrawal blues by harvey+the+nerd · 2010-02-11 10:14 · Score: 1

Agree that these "security systems" are about dodging liability rather than providing good security. Of course, another big benefit to the bank is that it makes it much harder to transfer money over small amounts, say $1000, if you can't go to the office physically or don't use their "verification card". Money that the banks won't give back easily.
Canada too? by the_flyswatter · 2010-02-11 10:14 · Score: 2, Informative

According to http://www.visa.ca/chip/cardholders/emvstandard/index.jsp, the EMV Chip & PIN standard is also used in Canada, not just Europe.
1. Re:Canada too? by TheSpoom · 2010-02-11 10:53 · Score: 1
  
  VISA et al seem to be trying to break into the Canadian market, which is fundamentally dominated by Interac, another PIN-based debit system run by a coalition of banks. Almost every merchant in Canada (or at least Ontario) have Interac POS readers. It should also be noted that most Canadian bank cards aren't backed by VISA / MasterCard (like they are in the United States), they're simply debit cards, linked directly to bank accounts.
  
  --
  It's better to vote for what you want and not get it than to vote for what you don't want and get it.
  - E. Debs
2. Re:Canada too? by TheSpoom · 2010-02-11 10:54 · Score: 1
  
  (Note that this applies only to bank cards; credit cards are still run by VISA and MasterCard primarily.)
  
  --
  It's better to vote for what you want and not get it than to vote for what you don't want and get it.
  - E. Debs
3. Re:Canada too? by DotNM · 2010-02-11 11:00 · Score: 1
  
  Yes, this is in effect in Canada too. I have a BMO Bank of Montreal MasterCard and BMO Bank of Montreal debit card, and both are chip and PIN enabled. There's even a website with a bunch of information and FAQs on chip and PIN: http://www4.bmo.com/chip/questions.html Full disclosure: I am a Bank of Montreal employee, but from my understanding, all major Canadian banks will be following suit if they haven't started already.
  
  --
  There's no place like localhost
4. Re:Canada too? by absoluteflatness · 2010-02-11 13:45 · Score: 1
  
  Visa and MasterCard debit cards in the United States are also basically directly linked to bank accounts. The logo basically just means your transaction will work as a fake "credit" transaction at Visa/MasterCard merchants who don't have debit support, or when you don't feel like entering your PIN. Or so I understand.
If the were a Nobel Prize for ignorance ... by Anonymous Coward · 2010-02-11 10:25 · Score: 2, Insightful

If they were smart enough to do that they wouldn't be in the mess to start with. Fucking wops.
Thank you for confirming the stereotype of American
1) arrogance,
2) redneck-ism,
3) ignorance of domestic issues,
4) ignorance of foreign issues, and
5) racism
in a mere 19 words. If there was a Nobel Prize for dumbest twat, you'd be a shoe-in.
1. Re:If the were a Nobel Prize for ignorance ... by jfengel · 2010-02-11 14:03 · Score: 1
  
  Not to mention a remarkable failure to apply the right ethnic slur. "Wops" are Italian.
  Perhaps "wog" was what you were after?
2. Re:If the were a Nobel Prize for ignorance ... by TheVelvetFlamebait · 2010-02-11 15:06 · Score: 1
  
  I think that falls under items 2) and 4).
  
  --
  You know, there is a difference between trolling and pointing out the flaws in your reasoning. Just saying.
3. Re:If the were a Nobel Prize for ignorance ... by rve · 2010-02-11 16:33 · Score: 1
  
  So how do you know that the parent was American?
  Obviously British, not American
We Already Know This by segedunum · 2010-02-11 10:26 · Score: 3, Insightful

This has been known for years. The machines and man-in-the-middle attacks are obvious, simply because you cannot verify the authenticity of any machine that you stick your card into and type your PIN. You have no clue that any one of them is doing what you think it should be doing. ATM machines are bad enough, but at least there is some sort of trust over the fact they are at a fixed point and there is some form of physical security around them. With chip and pin machines all you have is utterly blind faith that you have no choice but to accept, and then you get blamed for being insecure by the banks when the inevitable happens.

What have we heard about this in the mainstream press and media? Nothing. People, and those with a vested interest, obviously just want to deny that it can happen.
1. Re:We Already Know This by verbalcontract · 2010-02-11 11:05 · Score: 2, Interesting
  
  This doesn't seem like the average attack we see in the United States, where a false card reader and camera copy a victim's credit card stripe and PIN respectively. I'm by no means an expert in Chip and PIN, but Wikipedia indicates that the smart card chip is much more difficult to copy than the US's magnetic stripes:
  http://en.wikipedia.org/wiki/Chip_and_pin
  From the text:
  "Once the card has been verified as authentic, the customer enters a 4-digit PIN..."
  It doesn't say whether all the credit card information is passed during this handshake, but if it's not, it wouldn't be possible to copy the card just by reading it.
2. Re:We Already Know This by spinkham · 2010-02-11 11:12 · Score: 1
  
  Chip and pin is definitely better then card swipe, or card swipe and pin.
  The only problem is the banks are treating the increase in security as absolute security, and refusing to handle any fraud concerning a chip and pin transaction.
  
  --
  Blessed are the pessimists, for they have made backups.
3. Re:We Already Know This by russotto · 2010-02-11 11:24 · Score: 4, Insightful
  
  Chip and pin is definitely better then card swipe, or card swipe and pin.
  Card swipe and PIN appears to be better. While I can easily copy a card, there's no way I can manufacture a card which will work with any PIN.
  
  The only problem is the banks are treating the increase in security as absolute security, and refusing to handle any fraud concerning a chip and pin transaction.
  This is one of the areas where the US is actually ahead of the game. For credit cards, there's $50 liability maximum for the cardholder. For ATM/debit cards, it's also $50 if you notify them within 2 days, but $500 if you notify them within 60 days, of finding out about it. They can't just say "Impossible" and have you jailed for having the temerity to claim a charge was fraudulent (as has happened in the UK).
4. Re:We Already Know This by T+Murphy · 2010-02-11 11:46 · Score: 1
  
  I see the importance of this not to be what kind of attack they used (other than being relatively simple), but the fact that they are proving these cards aren't as secure as they're claimed to be. It's the difference between knowing Capone did it and finally getting evidence that will stick.
  
  --
  My webcomic
5. Re:We Already Know This by cdrguru · 2010-02-11 12:16 · Score: 2, Informative
  
  I have encountered credit card fraud quite a few times - maybe 7-10 times in the last 10 years or so. Everything from having a card stolen to the number being used fraudulently by someone online.
  I have never experienced, nor has anyone I have ever encountered, any penalty at all. The $50 limit is an upper limit, apparently if the credit card issuer seems to think you are somehow complicit in the fraud. I've never had anything happen other than simply having the charges removed from the account. And getting a new number and card.
  Now for the merchant that took the card, they get to eat the entire cost. Plus a chargeback from their processor. Hope they have insurance, like all the large merchants have.
  This combination of cardholders not being penalized and large merchants having insurance is why the current rampant fraud situation and stolen credit card number market is how it is. You can make hundreds of dollars by selling credit card numbers and other information, and plenty of folks do just that. It's extra money. You didn't really think the waitress was getting by on just tips, did you?
6. Re:We Already Know This by Peter+H.S. · 2010-02-11 12:20 · Score: 4, Informative
  
  This has been known for years. The machines and man-in-the-middle attacks are obvious, simply because you cannot verify the authenticity of any machine that you stick your card into and type your PIN. You have no clue that any one of them is doing what you think it should be doing. ATM machines are bad enough, but at least there is some sort of trust over the fact they are at a fixed point and there is some form of physical security around them. With chip and pin machines all you have is utterly blind faith that you have no choice but to accept, and then you get blamed for being insecure by the banks when the inevitable happens.
  Please note that while this is a MIM attack, neither the ATM nor its communication links are compromised. The MIM part is in the _card_, that gives out an "This is a valid transaction PIN code" no matter what. So attach a fake card to some wires running up your sleeve into a laptop and FPGA in a back pack, and and you can draw money from the account to the maximum limit with a fake card and without entering a correct PIN code.
  The sad thing is that the banks are in total denial about this, claiming that since no such attacks have been discovered, the problem doesn't exist.
  --
  Regards
7. Re:We Already Know This by JackHoffman · 2010-02-11 14:13 · Score: 3, Informative
  
  Doesn't anybody read the paper?
  You can not use a fake card. You need a genuine card. The MITM is between the genuine card and the terminal. The transaction goes through because "chip and PIN" isn't the only acceptable protocol. The card can also be used in combination with a signature instead of the PIN. The trick is to make the terminal think that the card is using PIN authentication while the card actually performs the (authenticated!) chip and signature protocol.
  The bank usually gets the information that no PIN was sent to the card, but this information is not relayed back to the terminal in way which is both standardized and authenticated. The "PIN-OK" message from the card to the terminal is not authenticated and the authenticated transaction request/accept messages between the card and the bank (through the terminal) only contain the information in an unstandardized format. That's the flaw.
8. Re:We Already Know This by Peter+H.S. · 2010-02-11 15:00 · Score: 1
  
  You can not use a fake card. You need a genuine card
  I read the article, to quote it:
  "Once the fake card was inserted, the Python script running on the laptop relayed the transaction, suppressed the verify PIN command issued by the terminal, and responded with the 0x9000 code."
  You also need a genuine card, but the one you insert in the ATM is a fake as I wrote. Obtaining genuine ATM chip cards has never been a problem for criminals, but using them has. This flaw allows criminals to withdraw money from a genuine card/account from any ATM, without knowing the PIN at all.
  It is worth noticing that the Cambridge researchers consider the entire EMV protocol flawed, and says that while their presented solution may fix this particular flaw, many other flaws are likely to be discovered.
  --
  Regards
9. Re:We Already Know This by russotto · 2010-02-11 15:15 · Score: 2, Interesting
  
  This combination of cardholders not being penalized and large merchants having insurance is why the current rampant fraud situation and stolen credit card number market is how it is. You can make hundreds of dollars by selling credit card numbers and other information, and plenty of folks do just that. It's extra money. You didn't really think the waitress was getting by on just tips, did you?
  Penalizing the cardholder doesn't help at all. How can I, as a cardholder, prevent a crooked waitress from swiping the card through a skimmer as well as doing the real transaction? Or just using a camera to record an image of the card? For that sort of scenario to be stopped, the system itself has to change first. The cards must be made difficult to copy and difficult to forge (which is a goal of the chipped cards, but doesn't seem to have been accomplished). And, to prevent out-and-out theft of the card, some second factor must be used which cannot be easily copied. A PIN simply doesn't work, as it's trivially easy to capture a PIN (since the PIN pad is under the control of the crooked employee).
  The basic problem with credit card security is you give away your authentication tokens every time you use the card. No amount of penalizing the cardholder will prevent that.
10. Re:We Already Know This by Rophuine · 2010-02-11 18:45 · Score: 1
  
  This is exactly right. Steal my mag-stripe card, and you can copy it, but can't use it. Steal my EMV card, and you can't copy it, but you can take all my money.
11. Re:We Already Know This by Rophuine · 2010-02-11 18:47 · Score: 1
  
  Don't people read the articles? It clearly states that it does not work against ATMs. :P
12. Re:We Already Know This by Inda · 2010-02-11 22:29 · Score: 1
  
  "How can I, as a cardholder, prevent a crooked waitress from swiping the card through a skimmer as well as doing the real transaction?"
  
  People who let the card out of their sight are a little silly... I do see plenty of people doing it though.
  
  No one says you must pay at your table. I always walk to the till to pay my resturant bills. Forget the funny looks. Be assertive when the waitress tells you there is no need. DO NOT LET THE CARD OUT OF YOUR SIGHT.
  
  --
  This post contains benzene, nitrosamines, formaldehyde and hydrogen cyanide.
13. Re:We Already Know This by squizzar · 2010-02-11 23:19 · Score: 1
  
  And if you'd pay any attention you'd notice that the researchers are certain that criminal gangs easily have the technology to do this, given that many are better equipped than these researchers. It's not a whole bunch of hardware, all the parts are readily available, and since the whole of the system is publicly available (intentionally or not) then it's not exactly going to be difficult to implement. This is a fundamental flaw in the design. It's a massive back door into a system that doesn't do what it's supposed to anyway (previous attacks have been somewhat less feasible).
14. Re:We Already Know This by squizzar · 2010-02-11 23:37 · Score: 1
  
  Replying to myself is sad, but I forgot to mention: People have been making card skimmers for ATMs for ages. Just as complicated electronically, more difficult to manufacture since they must be compact, fit with the front of the ATM etc. This attack can be implemented with a laptop and an FPGA kit, both of which can be in a backpack, so is technologically much easier to implement, and since the banks will presume you have given your PIN away and tell you to suck it, much less likely to get you caught.
15. Re:We Already Know This by sgtrock · 2010-02-12 02:35 · Score: 1
  
  You can make hundreds of dollars by selling credit card numbers and other information, and plenty of folks do just that. It's extra money. You didn't really think the waitress was getting by on just tips, did you?
  What kind of sick city do you live in that this is commonplace? Please tell me, because I really want to avoid it if at all possible. In more than 30 years of traveling all over the U.S. with occasional jaunts to Mexico, Oceania, and Europe, I've never seen a false charge on my accounts that could be tied back to a waiter or waitress.
Re:Elementary by haderytn · 2010-02-11 10:41 · Score: 1

Elementary means something other than what you think it means.
There's a work-around! by SpaceLifeForm · 2010-02-11 10:41 · Score: 2, Funny

Use Cash.

--
You are being MICROattacked, from various angles, in a SOFT manner.
1. Re:There's a work-around! by LostCluster · 2010-02-11 10:57 · Score: 1
  
  Cash doesn't come with a "Zero Liability Promise" should it be stolen or lost.
2. Re:There's a work-around! by DotNM · 2010-02-11 11:09 · Score: 2, Funny
  
  Yes it does. Zero liability will be assumed by anyone... and that's a promise!
  
  --
  There's no place like localhost
3. Re:There's a work-around! by Rophuine · 2010-02-11 18:37 · Score: 1
  
  EMV does, though. The banks promise, if your money is ever lost or stolen, that they will accept Zero Liability.
4. Re:There's a work-around! by Anonymous Coward · 2010-02-11 19:39 · Score: 1, Funny
  
  Use Cash.
  OK, but what is the going exchange rate for L2 to RAM?
5. Re:There's a work-around! by julesh · 2010-02-11 20:35 · Score: 1
  
  Use Cash.
  Unfortunately that's not a valid workaround. How do you get your cash? At least here in the UK, all the banks insist you use your chip & pin card as proof of identity in order to get access to it, so you have to have one. If you have one, it can be stolen and used in fraud.
No, you actually don't know by spun · 2010-02-11 10:45 · Score: 2, Insightful

You know what helps you sound informed and intelligent? Reading the article. You know what makes you sound, well, silly? Not reading the article. Here's a clue to spark your interest: it isn't the card readers that are performing the man in the middle, it is the person in possession of the card performing the attack against a standard card reader.

--
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
1. Re:No, you actually don't know by segedunum · 2010-02-14 10:39 · Score: 1
  
  You know what helps you sound informed and intelligent? Reading the article. You know what makes you sound, well, silly? Not reading the article. Here's a clue to spark your interest: it isn't the card readers that are performing the man in the middle, it is the person in possession of the card performing the attack against a standard card reader.
  Errrrrrrrrrrrrr, yes, it is a MITM attack I'm describing, and no, the one in the article is not the only one at all which has happened against Chip and Pin, which is what I'm describing - bright fucking spark......not. Ergo, meaning it's nothing new. Trying popping the brain into gear and having a look at what people are saying rather than trying to appear clever. You'll get on better.
Don't worry by Colin+Smith · 2010-02-11 11:04 · Score: 1

The python developers will change the interpreter and libraries, everyone will get fed up and just use the next big thing instead.
I predict. lua.

--
Deleted
1. Re:Don't worry by dkf · 2010-02-11 21:04 · Score: 1
  
  everyone will get fed up and just use the next big thing instead.
  I predict. lua.
  That would be the next small thing; the reference Lua interpreter is only 153kB apparently...
  
  --
  "Little does he know, but there is no 'I' in 'Idiot'!"
chip and pin fail by Carus · 2010-02-11 11:16 · Score: 2, Interesting

http://www.youtube.com/watch?v=U1QAnb-wnTs ohhhhhhhhhhhhhhh CHIP AND PIN FAIL
so, we'll have to hand over our card for the cashi by HonTakuan · 2010-02-11 11:29 · Score: 1

"The FPGA board was connected to a Maxim 1740 interface chip, which was linked via thin wires to a fake card, used for insertion in the terminal." so, we'll have to hand over our card for the cashier to swipe.
Re:RFID passports by John+Hasler · 2010-02-11 11:35 · Score: 1

How did the USA force you to use the RFID inside Europe?

--
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Simple Solution by bill_mcgonigle · 2010-02-11 11:41 · Score: 1, Redundant

and a laptop running a Python script
So, classify Python as a criminal tool, problem solved.
(the rule that you have to mention Python at every possibility cuts both ways).

--
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
I work in the fraud department of a UK bank by Anonymous Coward · 2010-02-11 11:42 · Score: 5, Informative

and this actually happens quite a bit, we usually pay out unless
it matches the customers spending pattern,
they tell us they kept the pin with the card,
a family member was doing it.
1. Re:I work in the fraud department of a UK bank by DigitAl56K · 2010-02-11 15:24 · Score: 1
  
  it matches the customers spending pattern
  What does that have to do with it?
  How many of us here on Slashdot save up for a while then periodically buy some pricey electronics gear either offline or from an online store? What do fraudulent purchases look like? Oh hey, it fits your spending pattern!
2. Re:I work in the fraud department of a UK bank by lindseyp · 2010-02-11 19:13 · Score: 1
  
  Exactly! This is bullshit.
  This is a signal to criminals that they should target big spenders to get the big bucks.
  
  --
  j'ai découvert une démonstration vraiment admirable (de ce théorème général) que cette si
3. Re:I work in the fraud department of a UK bank by L4t3r4lu5 · 2010-02-11 21:19 · Score: 1
  
  Reading comprehension fail. The perp already has the goods, this is about culpability. Is it the bank's fault (they pay the bill) or the customer's fault (he pays the bill). Either way, the transaction approves and the perp gets the goods.
  
  --
  Finally had enough. Come see us over at https://soylentnews.org/
4. Re:I work in the fraud department of a UK bank by maxwell+demon · 2010-02-11 22:59 · Score: 1
  
  Simple:
  If you don't usually buy luxury goods, but then suddenly buy a dozen Rolex watches, your claim that it wasn't you is very credible. If you buy a dozen Rolex watches every few weeks, there's much less reason to believe you that those twelve Rolex watches were not bought by you.
  
  --
  The Tao of math: The numbers you can count are not the real numbers.
5. Re:I work in the fraud department of a UK bank by AmiMoJo · 2010-02-12 01:15 · Score: 1
  
  The law was changed in November. The onus is now on the bank to prove that the transaction was fraudulent, not on the card holder.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Re:Elementary by ShinmaWa · 2010-02-11 12:15 · Score: 1

Wooooooosh!

--
The /. Effect: Thousands of users simultaneously accessing a site to not read its content.
Do they still need the card? by Animaether · 2010-02-11 12:28 · Score: 2, Interesting

I'm just curious as the article summary and article don't mention (I guess the PDF might, but from the article's description, it isn't clear)...
Do they still need the card?
The article seems to describe the attack as a man-in-the-middle attack.. i.e. card -> their device -> the card reader/writer. So the card instigates all the important bits (which back account number, etc.), and then their device sends back an 'OK' to the card reader/writer, happily ignoring the PIN part.
But does that mean they do still need to have a card? Or could they easily make their own card with the details of whoever (let's say they grab the bank account # off of some business registry website), and then go ahead and perform transactions with it + their device?
1. Re:Do they still need the card? by leromarinvit · 2010-02-11 12:54 · Score: 1
  
  Yes, they do need the card. The actual transaction is still performed by the real card. The attack depends on the fact that the "PIN OK" message the card can send to the terminal is not authenticated, so it can easily be faked by the MITM.
  Also, it only works because the protocol allows the terminal to decide whether to use PIN verification or not. The card, which has never seen a verification request in this attack, will happily believe that the terminal never asked for it, and so will the issuing bank at the other end.
  
  --
  Proud member of the Ferengi Socialist Party.
2. Re:Do they still need the card? by JackHoffman · 2010-02-11 12:56 · Score: 1
  
  Yes, they still need the card. The card performs a "chip and signature" protocol with the bank. In the "chip and signature" protocol as well as in the "chip and PIN" protocol, the chip on the card uses a secret symmetric key to create a transaction-specific message authentication code. The bank will not accept the transaction without that code. The attack is to have the card perform "chip and signature" while the terminal performs "chip and PIN". The protocol flaw is that the terminal cannot tell that the card is not performing "chip and PIN".
  The messages between the card and the bank do usually include this information, but the format is not part of the standard. Consequently the terminal can not read it. It blindly relays the "chip and signature" messages, thinking that they're "chip and PIN" messages. The other indication that something's wrong would be the lack of a PIN-OK message from the card, but this message is not authenticated in any way, so the MITM can just fake that part of the "chip and PIN" protocol.
3. Re:Do they still need the card? by CrashandDie · 2010-02-11 13:20 · Score: 1
  
  Yes, they still need the card.
  
  The keys that are on the smartcard (there are a number of keys) remain on the card, and can't be extracted, whether you have the PIN or not (meaning even the cardholder can't extract the keys. If the keys, during generation, as marked as not exportable, even the bank can't extract them, even with the master key). In order to perform an operation, you query the card with a bunch of information, and usually the PIN (specific operations like getting the ATR don't require an open session though.). Considering they still need the keys on the card to sign the transaction the card still needs to be physically present (at least, even though I work in the field, is my understanding of the attack).
  
  Oh, and yes: we're scrambling for answers at this point. Obviously we're downplaying the whole thing, but I'm pretty sure our sales guys are going to get a huge number of calls in the next few days.
4. Re:Do they still need the card? by djmurdoch · 2010-02-12 01:06 · Score: 1
  
  Also, it only works because the protocol allows the terminal to decide whether to use PIN verification or not. The card, which has never seen a verification request in this attack, will happily believe that the terminal never asked for it, and so will the issuing bank at the other end.
  I think you got the last part wrong. The terminal asks for a PIN, the MITM fakes a no-PIN request, the card complies, the MITM tells the terminal "PIN verified", and the issuing bank believes a PIN was asked for and verified.
  It requires possession of the card and some fancy equipment to intercept the communications between the terminal and the card; in the video, most of the equipment was up the sleeve of the researcher, and he inserted a fake card into the reader.
Slightly wrong by Anonymous Coward · 2010-02-11 13:15 · Score: 3, Interesting

The article states that the banks dont accept liability for a transaction performed with PIN. This is true however the liability isn't pushed to the consumer, it is accepted by the card issuer instead (i.e. mastercard, visa etc.).
I also disagree with their assertion that chip and pin is fundamentally broken. EMV requires the card to generate a cryptogram at the end of the transaction. The card can simply refuse to generate this data if it hasn't received the correct PIN. I am a little suprised that the cards they tried don't do this already.
Some people here have suggested that the PIN be authenticated online. The EMV standard actually supports online authentication of PIN, its just that some banks choose to issue cards that use a PIN that is verified by the card instead because they don't have the systems in place to support online verification. Many banks
For all the people saying that the designers of the system dont know what they are doing i suggest they read the specifications (freely available on the emvco website). They are actually quite good and do support pretty much all of the improvements people here have suggested (and more). The problem is they need to be practical as well, something that most comments here don't consider. There is no point designing a foolproof system that no-one can use.
This hole can be removed and it most certainly will be if criminals start to exploit it.
Re:Cashiers cant see the card by CrashandDie · 2010-02-11 13:25 · Score: 1

Not quite. Chip and PIN means that the cardholder has to physically interact and give his approval of the transaction.

You give your card to the cashier, or insert it directly in the terminal (if you're a bit slow the cashier will insert the card for you in the reader, right in front of your nose). The terminal presents the cardholder with the AMOUNT to be paid, and in the same step requests the cardholder PIN. By giving the PIN, which contractually is never to be shared with anyone and authorising the transaction the bank discharges its fraud responsibility to the cardholder.

The problem is that now, considering the bank still believes the PIN has been provided and thus it was the cardholder's decision to pay, they outrightly deny any refund when the cardholder claims fraud. The paper mentions that a number of frauds could already have been commited using the same pinciple or technique, and that a number of bank customers really should be entitled to a refund, considering that Chip & PIN isn't as secure as the banks claim it is.
Neat attack... by leromarinvit · 2010-02-11 13:34 · Score: 1

Nice attack (and it seems pretty simple, actually). I wonder what dimwit decided it was a good idea not to authenticate the card's "PIN OK" success message in any way...

--
Proud member of the Ferengi Socialist Party.
security fraud by epine · 2010-02-11 13:47 · Score: 1

Verified By Visa came up here recently.
The critical passage from the PDF is this one:

One goal of EMV was to externalise the costs of dispute from the issuing bank, in that if a disputed transaction has been authorised by a manuscript signature, it would be charged to the merchant, while if it had been authorised by a PIN then it would be charged to the customer. The net effect is that the banking industry, which was responsible for the design of the system, carries less liability for the fraud. The industry describes this as a 'liability shift'.
Security economics teaches us that such arrangements create "moral hazard," by insulating banks from the risk of their poor system design, so it is no surprise when such plans go awry.
The main security fraud taking place here is duping the customers (and the courts) into thinking there's any security associated with the PIN protocol in the first place.
Let's make this clear to the court, in terms they might be able to comprehend.
Let's say you have a band of tax evading Massachusetts patriots concerned with the migratory cycle of lobsterbacks. They approach a fellow named Paul and tell him that they have set up special tower with a lantern and then hand him the key and some simple instructions, along with the parting shot "don't F this up, we know where to find you!"
Later, the patriots spy the wrong single lantern signal from the vague proximity of the special tower, make the wrong decision, and America drinks tea forever after. The patriots are pissed. Paul, you F-ed this up! You were the only one with the key to the signal tower.
To which Paul replies:
What colour was the lantern light you witnessed?
Same as any other lantern, you dolt!
Did you tell anyone about the protocol who might abuse it?
No of course not! We've never told anyone who doesn't hold a key.
And how many keys did you give out?
Oh, about a billion.
And you could clearly identify my tower on a dark night?
Absolutely. It was the only lantern light clearly displayed above the horizon in your general direction.
What if it wasn't my lantern?
Impossible. You had the only key.
It'll be a rough night for the EMV consortium if they are ever visited by the ghost of patriots past, who would likely take a pretty dim view of the institutional foolishness on display here.
Re:so, we'll have to hand over our card for the ca by RalphSleigh · 2010-02-11 13:56 · Score: 2, Informative

One of the selling points of this system is that you DON'T need to let your card leave your sight, or even your hand, as before when magnetic strips were used that was good indication of having your card copied.
The terminal you put your card is is usually wireless or has a long cord so you can pick it up to better hide your pin when you enter it. This makes using a card with wires going up your sleeve quite easy to get away with and keeping hold of the card is not unusual behaviour that would arouse suspicion. See the BBC video here:
http://www.bbc.co.uk/blogs/newsnight/susanwatts/2010/02/new_flaws_in_chip_and_pin_syst.html

--
Come as you are, do what you must, be who you will.
Credits cards have always had this problem by tg123 · 2010-02-11 14:23 · Score: 1

Credits cards have always had this problem.
The reason this works with credit cards is little or no checking is done at the place of purchase. It is expected that the customer will check there monthly statement and notify the bank / credit company of any issues.
Re:Cashiers cant see the card by jonwil · 2010-02-11 14:48 · Score: 1

Here in Australia, as a rule most cashiers dont generally handle the card (all the swipe machines are usually in places where the customer can see them, swipe and enter his pin)
Finances the Valentines way. by Ostracus · 2010-02-11 15:06 · Score: 1

"The researchers used off-the-shelf components (PDF), and a laptop running a Python script, to undermine the two-factor authentication process on European credit and debit cards, which is called Chip and PIN."
Oh some Americans already have a similar system. It's called Ball and Chain. Courtesy of this system there's little fraud because all transactions are wife approved.

--
Shai Schticks:"You don't make peace with friends, you make peace with enemies"
Re:Noviant Haydont by CrashandDie · 2010-02-11 17:33 · Score: 4, Interesting

The Chip and PIN principle is a lot older in Europe than anywhere else in the world. Asia is far behind, however converting fast, and the US is down the drain. France has implemented a Chip'n'PIN system since the early 90s, and Belgium has been using its local equivalent (Bancontact) since the mid-90s. Because credit/debit cards are synonymous to Chip and PIN cards in Europe, EMV has become a synonym for a unified European payment system.

The US has massive plans to implement EMV. The main difference is that banks are quite opposed to it because the cost of overhauling their complete architecture for the sake of fraud is quite a difficult thing to sell -- we're not talking about a simple card update, every single Point of Sale will need a new terminal, every single individual will need his card replaced. How many credit cards are used in North America? 700 million if my memory serves me well, or more. At roughly $15 per card, when bought in high quantities, that's quite a lot of money. Each terminal costs roughly $150-$230, so that's not a small investment either.

Next to that, you need the network connectivity, and the servers to handle it. I remember discussing this with a colleague some time ago, and by eyeballing it quickly, we got a number of roughly $100 to $130 per customer. Obviously, the banks could always ask for more cash from the government to pay for it?

Source: I work in the industry.
How about Diffie-Hellman key exchange? by Svartormr · 2010-02-11 18:20 · Score: 1

To actually be secure, the card and the terminal would need to generate a shared secret in a way immune to a MitM attack, which can only reasonably be done with a certificate and a certificate authority (or other public key infrastructure), just as is done with HTTPS.
They could use Diffie-Hellman key exchange to generate a shared secret such as a symmetric encryption key. But this might be beyond the ability of the chip.
1. Re:How about Diffie-Hellman key exchange? by Svartormr · 2010-02-11 18:24 · Score: 1
  
  They could use Diffie-Hellman key exchange to generate a shared secret such as a symmetric encryption key. But this might be beyond the ability of the chip.
  Oops! This just generates a shared secret. It doesn't authenticate either way.
Re:Elementary by Rophuine · 2010-02-11 18:40 · Score: 1

The /. Effect: Thousands of users simultaneously accessing a site to not read its content.
How does that work? Link a page on /. and it's crippled by the extra load, but virtually none of the observable population of /. shows any signs of having even managed to work their browser well enough to click the link. It feels like there should be some analogy with Quantum Uncertainty.
Boring... nothing new by agesilaos · 2010-02-11 21:46 · Score: 1

It's nothing new that SDA EMV cards are vulnerable on this kind of attack. I tell you even more, it's quite easy to copy SDA card. DDA cards have no such security issues. If they think they receive PhD thanks to this paper they're wrong.
APACS rumbled - all scarper by dugeen · 2010-02-11 22:40 · Score: 4, Insightful

The idea of forcing people to enter PINs into any machine controlled by a retailer was ridiculous from day one - the supposed extra security of Chip & Fraud was merely a way for the banks to transfer liability for fraud to the customer. (Happily the FSA has now forbidden them to do this unless they have actual genuine proof that the customer gave away their PIN - well done guys, springing into action after only 4 years of complaints).
1. Re:APACS rumbled - all scarper by dargaud · 2010-02-12 03:21 · Score: 1
  
  The idea of forcing people to enter PINs into any machine controlled by a retailer was ridiculous from day one
  
  Much less than simply having the retailer get the card number and your signature (which isn't even checked). Another case of Not Invented Here syndrome in the US.
  
  --
  Non-Linux Penguins ?
Surely this is just a poor implementation by psysjal · 2010-02-12 02:43 · Score: 1

A while ago (admittedly 4 years) I worked on the ATM side of an EMV chip and pin implementation. Yes the chip can lie to the terminal and yes the terminal can lie to the bank. But all results of a transaction from the card/chip result in the generation of a small cryptographic token generated using the cards view of how the transaction went. The information included in the generation of this is variable but should at least include things like whether the card thought PIN verification was sucessful or not, the transaction amount and whether the card thought the transaction was succesful or not.
This is normally printed on the receipt and either sent online to the bank or uploaded later in a batch transfer. If the system has been implemented sensibly it shouldn't be difficult to prove that this has happened. For an online transaction I don't really see how it can happen at all in a well implemented system.
Phish and Chips by sydbarrett74 · 2010-02-13 01:12 · Score: 1

So would this attack be called phish and chips?

--
'He who has to break a thing to find out what it is, has left the path of wisdom.' -- Gandalf to Saruman