Chip and SPIN !

Examining the technology behind the "Chip and PIN" initiative...



Dispute Resolution Problems

Consider the scenario where fraudulent transactions appear on a customer's account. When the customer complains, what happens next?

Before Chip and PIN, magnetic stripe cards and signatures were used for authorisation. Cloning of magstripe cards is easy, and forging of signatures to pass cursory inspection by shop assistants is easy too. But this was the bank's problem. If a customer disputes a transaction, it is known and admitted that cloning is possible. The customer can request that the signature on the receipt kept on file by the shop is examined against a sample of their own. If the signature on the receipt was not made by the customer, the customer is not liable. End of story.

With Chip and PIN, ease of card cloning is under debate, but while perfect forging of a signature secure against retrospective examination is extremely hard, perfect copying of a PIN once known, is of course easy. Furthermore, a customer can tell an accomplice their PIN very easily, much more easily than teaching an accomplice their signature. Thus only CCTV can confirm or refute the customer's involvement. If there is no CCTV footage we enter the murky grey area of phantom withdrawals where the liability for the disputed some has never been clearly defined. We already have experience of the phantom withdrawl phenomenon from instances where cards are cloned and then used at cash machines.

UK banks have a voluntary code of practice that is supposed to say what happens in the case of a phantom withdrawal. You can see the clause on liability here. It says that the bank must show that the customer acted fraudulently or without reasonable care, otherwise reimburse the customer fully. Initially this seems very promising, however there are big gaps.

Firstly, Section 12.5 of the code of practice tries to define reasonable care, but it in fact includes the phrase "Always take reasonable steps to keep your card safe and your PIN, password and other security information secret at all times." as one of the conditions. Reasonable care is not adequately defined.

Secondly, the code of practice does not state who they must demonstrate lack of fradulence or reasonable care to, or what levels of certainty are required. In practice, an investigator in the fraud department of the bank looks at each case details for a few minutes, then makes a decision. If they decide not to reimburse, they have not broken the code of practice, they have simply decided that you were fraudulent, or did not take reasonable care. It seems that they need not prove this to any external third party to stay within the code of practice.

The banking code of practice is thus inadequate to protect the customer. The signature on receipt system provides much better dispute resolution for customers. Using a PIN is thus not in the customer's interest.

Point-of-Sale and ATM Linkage

For each particular card, the same PIN authorises goods payments and cash withdrawals, if it is possible to withdraw cash using the card.

Before Chip and PIN: Previously if a wallet is stolen after the attacker has observed the customer's PIN (for instance at an ATM) he only has access to whatever daily withdrawal limit remains available on that card until the theft is discovered. Other cards in the wallet my have cash withdrawal facility, but the PIN will long since have been forgotten by the customer, and never changed to be in synch with the main PIN.

With Chip and PIN, the PIN must be known on each card in order to be able to use it. Many choose the same PIN for all cards, thus the cash withdrawal facilities on the other cards are unwittingly unlocked. Some customers may be studious and request disabling of cash withdrawal on certain cards, but the vast majority of customers will not; they may not even be aware of cash withdrawal facilities on other cards. Result: the perceived cash value of a wallet stolen by a criminal goes up.

Cross-Border Fraud

Before Chip and PIN a major advantage of cross border fraud was that velocity checking systems (that spot a rapid series of withdrawals) did not work some in foreign countries. Thus more cash could be stolen using a cross-border card. However, in general there were few other advantages.

With Chip and PIN the customer enters their PIN much more often and in much more exposed locations than ATMs. Copying the magnetic stripe and the PIN is sufficient to produce a card for cross-border fraud in a country that does not use Chip and PIN. Because PINs are used more often, and in less trustworthy entry devices, cross-border fraud will become easier.

Fallback

Before Chip and PIN, if a magnetic stripe could not be read, the number embossed on the front of the card was simply typed in by hand. This is called a "fallback" mode of operation.

With Chip and PIN, fraud can be perpetuated by forcing a fallback to magnetic stripe from the new chip technology. To cause the fallback, the chip must be damaged. This can be done by carefully bending the card in order to snap the chip embedded beneath the contacts, or by applying a very high voltage to the contacts. There are other more subtle ways to damage chips, and chips that do work can appear damaged if their contacts become too dirty. It will thus have to be considered acceptable for some time for proportions of chip cards to fail, and the fraudsters can hide within this proportion. Furthermore, for as long as UK cards must work abroad with mastripe only systems, and foreign cards work in the UK, this fallback mechanism will stay in existence -- a long time! Result: no substantial fraud reduction is achieved.

Offline Counterfeiting

Before Chip and PIN, if the magnetic stripe of a card was copied using a "skimming device" a counterfeit card could be produced that was indistinguishable from the real thing as far as the computers were concerned.

With Chip and PIN, the EMV designers made a big effort to include anti-counterfeiting technolgy in the design. The most effective way to do it is to have a special private key in each card and a chip powerful enough to use it to produce a certificate that shows a terminal it's genuine. The terminal holds a public key corresponding to the private one, which it uses to check the authenticity of the certificate. If the terminal is dismantled, discovering the public key is not enough to counterfeit a card, the fraudster must discover the private key which remains safe within the card. The EMV designers call this method "Dynamic Data Authentication"

There's also a cheaper but less effective method called "Static Data Authentication" where a single key is shared between each card and the bank that issued it. This key is used to authenticate the transaction, and produce the "transaction certificate". The terminal does not know this key. The card can prove to the terminal that it's genuine, but only if that terminal is online, that is, connected to the bank via a phone line. Offline machines, however, have no way of telling if the card is genuine on the spot. They can record the response the card gives during authorisation, and pass it on to the bank when they next reconnect (if they reconnect at all), but there is nothing they can do on the spot, and the fraudster will be long gone. The fraudster does not even need to know this PIN because it is the card's job to verify the PIN and respond with a yes/no answer to the terminal. Seeing as the card is a countefeit, the fraudster can program it to say "yes" no matter what PIN is entered.

Neither APACS nor any UK bank has publicly announced whether they are using Static Data Authentication (SDA) or Dynamic Data Authentication (DDA). However, in the APACS PIN Administration Policy document, on page 25 APACS does confirm that SDA does not protect against offline counterfeiting. We have analysed a number of UK Chip and PIN cards, and we have found no evidence to suggest they have dynamic capability.

EMV Weaknesses

The technical specification behind Chip and PIN, EMV, is a public standard, and will come under attack in the course of its operational life, just as all computer systems do. In practice it is very hard work to build a complex system without introducing design errors. How and when will these be discovered during the lifespan of EMV, how serious will they be, and what are the consequences?

(Update March '06) One weakness we investigated was the potential to downgrade a card requiring a PIN into one needing only a signature, through modifying the Cardholder Verification Method (CVM) list. Such attacks appear to have been fixed before the Chip and PIN system was deployed in the UK. A technical note on why CVM attacks initially appeared to work: The UK Chip and PIN system is based on several standards: EMV2000 and the VISA VIS (or Mastercard M/Chip equivalent), and it is the VIS specifications which address the problem. They make sure that the authentication that took place is reported from both the point of view of the card as well as the terminal. The earlier versions of EMV reported authentication method used only from the perspective of the terminal. One could pedantically argue that this remains a valid attack against EMV. However the latest EMV2004 specification now incorporates the fixes as standard, though it is on account of the VIS specs that the fixes are implemented in the UK.

Middleperson Attacks

There is fundamental limitation of electronic payment systems in the design of the user interface. If you go to a shop and pay by card, regardless of the technology, how do you know how much your account is actually going to be charged? You see an amount appear on the till, but what if the display is lying to you? This problem has been known about for some time, but it isn't considered significant, because you can always take up your complaint with the shop later, if they charge you the wrong amount.

However, with Chip and PIN, the interaction with your credit or debit card is simply done using electronic signals over the contacts with the card. These signals can be routed almost instantly anywhere in the world, in just the same way that a phonecall can. So when you put your card in the machine slot at a shop or restaurant, how can you be sure that it is genuinely talking to that machine? The truth is, you can't.

Consider the following scenario: You go for lunch in a small restaurant in London, and pay using your Chip and PIN card at the end of the meal. What you don't know is that the waiter at the restaurant is corrupt. You ask for the bill, and the waiter goes off to fetch a handheld Chip and PIN machine that he brings over to you. Meanwhile, on the other side of town, his accomplice is loitering in a jeweller's store. The waiter signals to his accomplice using his mobile phone, and the accomplice goes up to make the purchase. Just as you insert your card into the waiter's Point-of-Sale terminal, the accomplice puts a fake card into the jeweller's terminal. The waiter's sabotaged reader simply forwards all the traffic from your card wirelessly to the card in the reader at the jewellers, and makes up anything it likes to display on its own screen. You enter the PIN, and as you do so, you think you are paying for lunch, but in fact, you're buying a diamond! The accomplice leaves with the diamond, and you don't realise until it's far too late!

It is extremely hard to prevent this sort of attack, which is sometimes called a "middleperson" or "relay" attack. The shortcoming is that there is no trusted way that a cardholder can communicate with the chip on their card, in order for it to show exactly what transaction it is about to authorise.

Smartcard Attacks

Aside from considering programming errors or design errors in the software systems that Chip and PIN cards use, an important question to ask is how good the physical security of each card is. Each Chip and PIN card contains several vital secrets -- a long secret number, called a "cryptographic key", which it uses in communications to prove that it is genuine, and of course the customer PIN. If either of these can be extracted the security fails.

Physical attacks can already extract secrets from Chip and PIN smartcards, but the procedure is time consuming and costly. This means that it would typically cost more money to get the PIN out of a card than could be withdrawn by the thief before the theft of the card is noticed. However, there are regular advances in technology for attacking smartcards, and the banks will have to try and stay ahead in this race by issuing newer more secure cards every time a new advance is made.

But some sorts of attack do not require physical damage to the chip and expensive microscopes and can in fact be done simply by observing the interference that the chip creates in the radio and electromagnetic signals around it. Just like mobile phones interfere with audio speaker systems sometimes, smartcards and all computer processors create interference. If this is carefully analysed, it can actually reveal information about what the computer was doing. In the computer security community, these attacks are referred to as "side-channel" attacks. The interesting property of these attacks is that whilst they are quite hard to design and implement for the first time, once the trick is known, it is extremely quick and cheap to repeatedly deploy them. If organised criminals succeeded in using a sidechannel attack on a Chip and PIN card, it would be trivial for them to start using the attack wholesale.