We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Chip & PaIN - A financial fiasco
James
Posts: 2,059 Forumite
in Credit cards
From the Independent (22 Apr, 2009)
Paying by card has never been easier – and neither has being scammed. Jimmy Lee Shreeve investigates
" Dr Joel Brenner of the US National Counter-Intelligence Executive warned that hundreds of chip and pin machines in stores and supermarkets across Europe had been tampered with, allowing details of shoppers’ bank and credit card accounts to be sent overseas to fraudsters. The details were used to take money from cardholders’ accounts. "
Article click here:
Tips: Don't let these crooks hit ATM's with your card details and your PIN. Get yourself a Chip & Signature Credit Card.
NO PIN means if you are a victim of Card Fraud you can never be accused of being careless with your PIN.
Thought: If the industry can't keep PINs secret, how can they accuse victims of being careless with their PINs? (Without absolute proof)
Paying by card has never been easier – and neither has being scammed. Jimmy Lee Shreeve investigates
" Dr Joel Brenner of the US National Counter-Intelligence Executive warned that hundreds of chip and pin machines in stores and supermarkets across Europe had been tampered with, allowing details of shoppers’ bank and credit card accounts to be sent overseas to fraudsters. The details were used to take money from cardholders’ accounts. "
Article click here:
Tips: Don't let these crooks hit ATM's with your card details and your PIN. Get yourself a Chip & Signature Credit Card.
NO PIN means if you are a victim of Card Fraud you can never be accused of being careless with your PIN.
Thought: If the industry can't keep PINs secret, how can they accuse victims of being careless with their PINs? (Without absolute proof)
0
Comments
-
As normal, the scaremongering is just as OTT as any claims that C&P is fraud-proof.
“White” or cloned cards were then made, which criminals used to withdraw cash and to make “card not present” payments by phone or online."
Cash withdrawals are certainly facilitated by copying the PIN, which has been made easier by the partial adoption of EMV. If all worldwide ATMs had to support EMV then this would be eradicated.
CNP doesn't currently use the PIN at all, so this is back to the fraud that EMV was never designed to combat. Two-factor authentication is what's needed there, and that's now being brought in.
However, the nature of fraud is that it shifts to the easiest method of attack. Eradicate the most costly (to the banks) domestic cardholder-present fraud and you see the corresponding surge in CNP and foreign ATM. Now that these are starting to cost the banks more, the focus will be on stopping them. And the fraud will move somewhere else. And the banks will eventually move to stop them. And customers will complain that the 'next-best-thing' hasn't done a thing. Ad infinitum.
Professor Ross Anderson, a security expert at Cambridge University’s Computer Lab, is far from convinced. “The banks’ claims that chip and pin would curb fraud were nothing but spin,” he says. “The reality is the system is broken.”
No, it's not. It was just never intended to solve the problems that people are complaining it's not solving. It has curbed the fraud it was designed to curb.
“you have to ask how eager the City force will be to investigate offences that bankers don’t want investigated, such as the growing number of insider frauds and chip card cloning."
Unsurprisingly though, he's not actually able to point to any example of a chip card being cloned.0 -
The county court case of Job vs Halifax will examine a consumer's right to reclaim cash lost in an apparent Chip and PIN fraud.
Should be interesting.
Click here for article from WHICH?0 -
Anyone have any actual details about this?0
-
As normal, the scaremongering is just as OTT as any claims that C&P is fraud-proof.
“White” or cloned cards were then made, which criminals used to withdraw cash and to make “card not present” payments by phone or online."
Cash withdrawals are certainly facilitated by copying the PIN, which has been made easier by the partial adoption of EMV. If all worldwide ATMs had to support EMV then this would be eradicated.
CNP doesn't currently use the PIN at all, so this is back to the fraud that EMV was never designed to combat. Two-factor authentication is what's needed there, and that's now being brought in.
However, the nature of fraud is that it shifts to the easiest method of attack. Eradicate the most costly (to the banks) domestic cardholder-present fraud and you see the corresponding surge in CNP and foreign ATM. Now that these are starting to cost the banks more, the focus will be on stopping them. And the fraud will move somewhere else. And the banks will eventually move to stop them. And customers will complain that the 'next-best-thing' hasn't done a thing. Ad infinitum.
Professor Ross Anderson, a security expert at Cambridge University’s Computer Lab, is far from convinced. “The banks’ claims that chip and pin would curb fraud were nothing but spin,” he says. “The reality is the system is broken.”
No, it's not. It was just never intended to solve the problems that people are complaining it's not solving. It has curbed the fraud it was designed to curb.
“you have to ask how eager the City force will be to investigate offences that bankers don’t want investigated, such as the growing number of insider frauds and chip card cloning."
Unsurprisingly though, he's not actually able to point to any example of a chip card being cloned.
Agreed. Ross Anderson is a keen self publicist. Some of his work is very interesting and his critique of chip and PIN is generally sound. However, like many "experts" (and those who claim to be) he is far too keen to give attention grabbing quotes to journalists who only want to write scare stories.
In my view, the current problems with non-EMV ATM fraud will be addressed by iCVV and enciphered PIN. CNP transactions will become more secure with the roll-out of 2 factor solutions like Chip Authentication Programme and its incorporation in to 3D secure (Verified by Visa/ MC Secure Code).The whole problem with the world is that fools and fanatics are always so certain of themselves, but wiser people so full of doubts.0 -
-
So there still aren't any actual details. We probably won't know what the Halifax defence is until it's presented in court.
For a security expert, however, he asks a really dumb question in his linked ombudsman post:
What is the key for the card?The application cryptogram is produced using a cryptographic key known only by the card and bank. With this and some other information the customer could confirm that the application cryptogram really came from his card. Since the card has long since been cancelled, releasing this key should not be a security risk. If the banks are not storing this information, how can they be sure that their systems are operating correctly?
The key for each card is diversified from a master key. Nobody knows the master key, for obvious reasons - it's stored securely. The diversified keys are generated securely and transmitted to the card securely. Prof. Anderson seems to be asking for these security measures to be removed (albeit temporarily) and expose hundreds of thousands of cards to risk.0 -
So there still aren't any actual details. We probably won't know what the Halifax defence is until it's presented in court.
For a security expert, however, he asks a really dumb question in his linked ombudsman post:
What is the key for the card?The application cryptogram is produced using a cryptographic key known only by the card and bank. With this and some other information the customer could confirm that the application cryptogram really came from his card. Since the card has long since been cancelled, releasing this key should not be a security risk. If the banks are not storing this information, how can they be sure that their systems are operating correctly?
The key for each card is diversified from a master key. Nobody knows the master key, for obvious reasons - it's stored securely. The diversified keys are generated securely and transmitted to the card securely. Prof. Anderson seems to be asking for these security measures to be removed (albeit temporarily) and expose hundreds of thousands of cards to risk.
Couldn't the issuer just derive the key for that particular card and leave their master key safely in the HSM? After all, this is the process that has to be undertaken when data is extracted for personalisation.
Surely, for the system to be trusted, there needs to be a method to independently verify that the transaction certificate is genuine. Its not acceptable just to rely on the bank's word.
The dispute resolution process is definitely flawed - I'm with Anderson on that one.The whole problem with the world is that fools and fanatics are always so certain of themselves, but wiser people so full of doubts.0 -
bert&ernie wrote: »Couldn't the issuer just derive the key for that particular card and leave their master key safely in the HSM?
Theoretically? Yes. Practically? No. There are very good reasons why it should not be permitted to extract a diversified key from the system.bert&ernie wrote: »After all, this is the process that has to be undertaken when data is extracted for personalisation.
Indeed. And the diversified key is never revealed in clear. It is securely transmitted to the card for storage encrypted under a session key.0 -
Theoretically? Yes. Practically? No. There are very good reasons why it should not be permitted to extract a diversified key from the system.
Well, it may be impractical, but that's the bank's problem. I can see why you wouldn't want a derived key to be exposed under normal operational circumstances. However, we are talking about an exceptional situation where the card is no longer in use - the exposure of the card's key is no longer a risk.Indeed. And the diversified key is never revealed in clear. It is securely transmitted to the card for storage encrypted under a session key.
As above, its important to keep this key secret for operational cards. However, I don't see how the exposure of an individual card key in any way compromises the overall security of the issuer or its portfolio.The whole problem with the world is that fools and fanatics are always so certain of themselves, but wiser people so full of doubts.0 -
bert&ernie wrote: »Well, it may be impractical, but that's the bank's problem. I can see why you wouldn't want a derived key to be exposed under normal operational circumstances. However, we are talking about an exceptional situation where the card is no longer in use - the exposure of the card's key is no longer a risk.
But changing the systems to allow this exposes the MK, and therefore every other issued card, to some level of risk. I don't actually agree that the key needs to be made public in any case. The AC verification has to comply with the Visa or MasterCard spec (as appropriate) - as long as you can be sure that the response means 'valid' or 'invalid' you don't need to know the keys involved. I do agree that the bank merely stating "well, the card must have been used" is not sufficient.bert&ernie wrote: »As above, its important to keep this key secret for operational cards. However, I don't see how the exposure of an individual card key in any way compromises the overall security of the issuer or its portfolio.
It's the fact that you're allowing someone to retrieve a key from the bank's HSM. This is functionality that shouldn't exist in a secure system and would possibly cause the system to fail a Visa/MasterCard audit.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.2K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.3K Spending & Discounts
- 245.2K Work, Benefits & Business
- 600.9K Mortgages, Homes & Bills
- 177.5K Life & Family
- 259K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards