Chip and PIN and the Media Spin
Many of you will have heard about the new way to pay for goods and
services in the UK, "Chip and PIN". It's been hyped as "the
biggest change to payment since decimalisation". We've been regularly
asked for comment on the new system, so have recently condensed the
balance of our opinions into the following paper:
"Chip and Spin" by Ross Anderson, Mike Bond, Steven J. Murdoch Download PDF File (79KB)
Nearly all the material in this paper is accessible to all readers,
however certain parts may require moderate computer literacy. If you
are not at all technically savvy, you can continue on to browse
through this site which has been prepared by one of the authors in
order to explain the basics of the arguments in a less technical
manner, and at a slower, more detailed pace.
News and Updates
Mar 06: Our own investigations of transaction traces led us
to discover that the potential Cardholder Verification Method list
attack we described as a possible EMV weakness was in fact
already fixed before EMV was deployed. You can read the new results in
Advantages and Disadvantages
Now, the Chip and PIN system has advantages and disadvantages
associated with each of the interested parties. On the one hand, APACS
and the banking community in general are already doing very well at
describing the advantages of Chip and PIN, both in relation to the
customer and themselves. On the other hand, parts of the media have portrayed
the scheme as entirely negative, with headlines such as "Crisis
Looms for Chip and PIN", maybe just to sell papers, or maybe in line
with the agendas of third-party dissenters.
However, it does seem that the UK banking community is avoiding
open discussion of the disadvantageous aspects more than they should
be. The purpose of this site is not to provide totally balanced
comment on the move, but to give proper airing to the drawbacks. It's
a always a tough job for onlookers to assess the truth behind anything
controversial, but the greater the quantity of information, and the
greater the variety of sources the better.
What is Chip and PIN?
"Chip and PIN" is the media slogan for the new EMV Card
Payments System designed to augment and eventually replace
magnetic stripe payment cards in Europe. It was designed by Europay,
Mastercard and Visa, and the specifications for this new technology
are managed by EMVCo, a company
specially created for that purpose. In the United Kingdom, all the
banks have decided to make their EMV cards conform to an additional
specification UKIS, created by APACS, the banking industry
association. Be sure to visit the official Chip and PIN Website
Disadvantages of Chip and PIN for the Customer
||This section describes why PIN is worse than signature. It describes
the problems with dispute resolution using Chip and PIN and explains why the
Banking Code of Practice doesn't solve them.
POS to ATM Linkage
||This section describes why customer's money and physical safety is more at
risk due to using the same PIN for goods and services as for cash withdrawal.
Why Chip and PIN Fails to Fight Fraud in the Short-Term
This section describes why Chip and PIN counterfeit cards can still be used offline in
terminals that are not connected to the bank's network or have been temporarily disconnected.
The fraudster does not even need to know the PIN.||
This section describes why one easy fraud will be replaced by another when
Chip and PIN fails close off important avenues from fraud. The customer gets all
the hassle and gains nothing.
||This section describes why the same old fraud can continue because magnetic
stripe technology is not on the way out for a long time.
Why Chip and PIN may Fail to Fight Fraud in the Long-Term
Weaknesses || This section discusses the
security of the technical standard behind Chip and PIN, and how
potential shortcomings may be exploited in the future. Any security
system is liable to have weaknesses exposed when it comes under
sustained attack; EMV is no exception.|| Middleperson
Attacks || This section describes the
fundamental technical shortcomings in using smartcards for authorising
payments. How do you know when you put your smartcard into a payment
machine exactly where the transaction it participates actually
leads. You may think you are buying lunch at a restaurant, but your
card is actually buying diamonds on the other side of town!
|| Smartcard Attacks
|| The whole security of EMV also rests on the difficulty of
extracting the secrets stored on the smartcard. This section describes
physical weaknesses of smartcards, and how any smartcard can be
cracked for a cost. When will the cracking techniques become cheaper
than the cash value of the stolen card? |
Chip and PIN
||The official site of the "Chip and PIN" initiative, with information for customers, merchants and media.
Safety in Numbers?
|A must-read article by Aida Edemariam discussing the benefits and risks of Chip and PIN technology. It includes an excellent summary of arguments against the Chip and PIN scheme.
Learn about Phantom Withdrawals, the disputed ATM transactions where neither the bank nor the customer admits liability. Increased usage of PINs will make this sort of fraud much more common. Find out about it here.|
|Mike Bond's Webpage
||Return to the personal homepage of the maintainer of this site, for contact details and more information. Learn also about Security API research, one of the areas of computer security research which could help make ATM security better in the future.
Links to Media Coverage
Chip and PIN
Croocks turn to online card fraud -- BBC News Online, 8th November '05
Chip cards fail to pin down fraudsters -- The Guardian, 16th October '05
Chip and pin 'cutting' card fraud -- BBC News Online, 9th October '05
Fraudsters show how to beat chip and pin -- The Guardian Online, 5th September '05
Chip and pin helps push bank and credit card fraud to 505m -- The Guardian, 8th March '05
UK Criminals Know The Chip Card's In The Mail -- Card Technology Magazine, 8th March '05
Shadow hanging over card users -- The Observer, 17th July '05
Competition in British banking is mostly notable by its absence -- Daily Telegraph Opinion, 14th March '05
Say No to Chip and PIN Website