EUnomad

Nice try. Unfortunately, the consumer does not get the benefit of this theoretical hypothetical separation. The PIN is required to get usable unencrypted data from the chip. It's not incidental that "chip and pin" are used together. It's actually inherent in the design. Chip and sign would require leaving the contents of the chip unencrypted.

If we were discussing the hypothetical prospect of "chip and pin and sign" (the only way to introduce a signature without further compromising the security of the chip), I would have a different stance on that than "chip and pin". In that case, the risk to the consumer would be back at an acceptable level.

To claim more data means more security is to advocate security by obfuscation. Security is improved through algorithms and protocols, not directly storage space. Crypto tends to require an insignifant amount of additional space, but it also tends to be combined with compression, which generally results in less of a storage demand than the raw data. But adding space on it's own is simply security by obfuscation -- creating a bigger haystack is not going stop the clever cryptanalyst from finding the needle.

That's a good point. PINs shift more responsibility onto the consumer. Typical consumers choose lousy (guessable) PINs. They use the same PIN on everything. PINs are vulnerable to shoulder surfing. They can be circumvented. These are all aspects not accounted for in your SWAG stat of "1,000 times better" claim where you've created an artificial hypothetical separation. It's entirely reckless to neglect the human factors that weaken PINs.

"Additional programming" is not the case. In fact, the whole system needs a rewrite. IOW, this isn't going to be fixed in just a couple weeks. And presuming that the fix doesn't introduce more vulnerabilities in itself would be wishful thinking. The size of the fix is of course directly porportional to the number of new defects.

Why would you expect the attack to leave behind a trail of evidence? What's particularly nasty about the Cambridge-discovered vulnerabilities is there is no detailed logging to record evidence that an attack happened. PoS terminals aren't that sophisticated.

Exactly. The reason legal protection trumps all.

francophiliac

In fact it isn't theoretically necessary for the user's PIN to be tied in any way to the card's encryption algorithm. If that is the current protocol, it's an incredibly lazy encryption design with much room for improvement.

Fortunately, the very-large storage capacity of the chip HAS lots of room for improvement.

"Algorithms and protocols" are also data. The computers don't know what to do with the data until you tell them what to do with it; and the words "do this with the data" are also data. So if I write:

sdrawkcabtidaer,ecnetnessihtfoesnesekamot

that's data. And if I further write:

reverse the letters

that's also data. The first data is the encrypted content, and the second data is the decryption algorithm. Now, this algorithm is pretty simple, so it doesn't take up much space, but it's also fairly easy to break. Not good. More complicated algorithms are harder to break, but they take up more space.

So yes, more space to store "data" -- i.e., both content (for access to multiple accounts) and algorithms (for encryption, handshaking, multiple methods of confirmation, etc.) -- is a good thing for security.

Well, no, it doesn't. And the point would be moot even if the above were true, because using vastly superior technology doesn't automatically imply losing legal protections against fraud. Using vastly superior technology only implies that the occasions when we need recourse to those protections will be much, much rarer, because fraud will be much, much rarer.

What you and I are experiencing here is a breakdown in communication due to widely differing viewpoints and knowledge. You're a banker; I'm an engineer. Therefore you and I see (and seek to solve) entirely different facets of the same problem: changing technology and various reasons to embrace or resist it.

You see the legal and financial implications of changing technology in the banking world; I see the technological potential and its implications; but neither of us is considering fully the power of human needs and desires as a force for change.

The thing is, no matter how many posts you write trying to convince people that 1940's magnetic-stripe credit card technology is better than modern chip technology, the other 95% of the world has already switched or is in the process of switching to the new technology, and the US has long been left in the dust.

As long as it was only those who traveled to Europe and Asia who knew about the spread of new technology, US bankers could continue to sit on their hands and keep issuing us antique-technology credit cards. But now, with both Canada and Mexico switching over, the word is effectively out. You can't keep it secret any longer, and US citizens are too used to being the first to tolerate being the LAST.

Chip cards are coming, and they're coming soon.

So, rather than wasting your time trying to convince people why it's so much "better" to keep using ancient technology (that's literally rusty -- iron-oxide mag stripes), you could use your time and money more efficiently by considering the technology a "done deal", and determining how US banks could best adapt to it, to protect both user security and the banks' income streams. (Because we all need strong banks, and a profitable bank is a strong bank.)

For instance, if current algorithms require the user's PIN to decrypt their data, it would seem to me that US bankers should be hiring engineers ASAP to develop algorithms that require a "handshake" for decryption instead, allowing the user to sign for their purchases instead of using their PIN. (I've read enough posts on FT to know that most users here prefer signature confirmation even on their debit cards because it gives them free miles!)

See? If you plan for change instead of resisting it, you can make bundles more money than you already have!

;-D

-- Claudia

EUnomad

Sure it is. Encryption requires a key. Without it, you're talking about something different. The key can be anything static, but if it's not a PIN, it won't work with the standard. If it doesn't work with the standard, it's a different system, with different vulnerabilities, and different exploits -- wholly irrelevant to a discussion on the wisdom of chip and PIN without statutory updates.

Certainly not. An algorithm is a *process*. The process makes use of the data, but the process itself is not data. The protocol is a set of rules, not data either.

You can decide to encode the algorithm, and store it as data, if that's how you want to implement the design, but that's a design choice. The algorithm does not take the form of data unless the architect makes it so. And the executable data need not share the same storage media as the account data. The card holder need not carry an encoding of the algorithm in their pocket.
You're still attached to security by obfuscation. The state of the art in network security actually holds a principle that is quite the opposite. Simplicity is favorable. Complexity is directly proportional to defect rate. Cryptanalyists love bugs. The simpler the algorithm, the better. You cannot count on the cryptanalyst to get confused by complexity, because the cryptanalyst always has enough patience to find the hole, which actually it just means more bugs to exploit.
Again, increasing the size of the data is another attempt at security by obfuscation. Working hard is not going to yield better security than working smart. A smart algorithm trumps a weak one that just creates a lot of data. It is your rationale of bigger data is better that leads people to think AES 256 is stronger than AES 192. Adding more complexity for the sake of complexity actually weakens a security-centric algorithm.
It doesn't matter how the probability differs, if in one case you're protected, and the other you're not.
I understand you perfectly. You're making the same errors that anyone without security experience or security training make.
Nonsense.
EE apparently isn't close enough to realize the relationship between complexity and software defects (although I would have thought otherwise). And it's not close enough to law either.
You're so focused on the technology you're completely missing the legal and financial aspects. The technical change is worthless if the consumer cannot keep the same legal immunity from fraud committed by someone else. Obviously they can't, if the law doesn't change first, and a bank can simply state that the client didn't guard their pin well enough, or they can simply state that the credential used (the PIN) is an exact match.

This is another technology for the sake of technology claim. Swipe/sign is superior technology for the consumer to pair with the current legal status quo. Accepting the extra legal risk is a terrible price for the consumer to pay for the banks benefit from the technology. It would be a repeat of the British situation. Consumers under the old law got burned until the law caught up with the technology.

If you insist on technology for the sake of not feeling left in the dust, why not favor a dynamic magstripe? One that's blank, until the holder authenticates to the card. That's even newer than EMV -- you could then tell EMV card holders they're old, and simultaneously preserve your protection of the bank having to prove sig matching.

If the key is not a PIN, but rather a strong password, biometric, combination, or something more unique and difficult to intercept, indeed it would be a whole different comparison, and a very different discussion. But the thread is about chip and pin. Advocacy for chip and pin is obviously naive from the standpoint of the consumer. Great for the banks, and perhaps a reduction in bank fees because the bank takes less of a hit (at the cost of some consumers taking a hit for the team because they fail to prove they didn't enter the PIN on a fraudulent transaction). If a few have to take a hit so the banks can save some money and hopefully pass the savings on to everyone else, and we don't mind the gamble, then sure, CAP is the way to go.

kebosabi

The baseline question is: How should the US approach EMV when the rest of the world is starting to phase out the mag-stripe?

The rest of the world is not going to continue using mag-stripes because the US steadfastly refuses to make the switch, they have their own issues of skimming card fraud at hand that they’d like to get rid of by banning the mag-stripe altogether. Merchants overseas don’t want to keep paying annual PCI-DSS fees and they’re going to take advantage of VISA’s new promo of being exempt from said fees if more than 75% of their payments are done by EMV.

It may not be now, but within a few years, US credit cards will end up to be just useless plastic as everyone else has moved on to Chip & PIN. I’m sure that’s not going to earn lots of happy American travelers when they say, take a drive through Canada and find out their Chase VISA card is only good to scrape off the bugs off the frontshield.

While it may not have been invented as such, but credit cards today are defacto payment methods of travelers worldwide. If it says “accepted worldwide in millions of places where VISA/MC/AMEX logos are carried,” that’s what it should be and that's what cardholders expect them to be. Not a gotcha situation where the reality is “oops, forgot to mention that's with the exception of US issued cards which still relies on ancient magnetic stripe technology that no one else except the US uses anymore.” Frankly, that’s a pretty big question in itself right there that’s open to a huge class-action lawsuit for false advertisement.

Just like GSM has become the defacto global standard of cell phone, EMV is now practically a global standard of processing payment. The US can’t turn the tide of this; it’s alone among a 200+ other nations that already made the switch/in the process of doing so, and the number of cardholders/population combined in these nations outnumber Americans. The economies of scales are at work here; if the majority of cardholders in the world combined have EMV enabled cards, what do you think banks, merchants and suppliers of credit card processing machines are going to do?

So fine with the mumbo-jumbo of how mag-stripes still has its life left and such. But then, give me a practical approach to how the US should counter itself to an ever isolated world where it’s the lone standout in an EMV world?

Can the US re-introduce the mag-stripe to satisfy the hundreds and thousands of merchants overseas that it’s still good? Well clearly I’m not seeing that happening.

francophiliac

Thanks, Kebosabi, my point exactly. It really doesn't matter a hill of beans whether EMV cards are "better" or "more secure" or "have the same legal protections" as mag-stripe cards, and I have no patience to keep beating a dead horse that's truly dead, dead, ain't gonna trot no more. It doesn't matter one bit, because whether they're inherently better or worse, more or less secure, they're here to stay, and we as Americans are doing ourselves no favors by hanging onto antique technology.

The skimmers know it, too, so they're jumping the EU ship in droves and swimming to the US to ply their trade. Credit/debit card fraud is accordingly rising in the US, while it's falling everywhere else.

My local CU was hit last Fall to the tune of $400K on a total of nearly 300 skimmed cards. The thieves placed unobtrusive skimmers on the card readers, with tiny microcameras focused on the key pads.

I hadn't heard about this industry incentive to upgrade. Cool!

Darn right it should be grounds for a huge class-action lawsuit!

... Not to mention, possible racketeering charges, since the big banks appear to be in collusion to prevent any one of them from independently introducing EMV cards as an incentive for people to switch banks?

Nope, not gonna happen either. It's just too easy to prove that the antique technology is vulnerable to skimming, while EMV technology isn't.

Not to mention the many, many cool advantages to having chips on board your credit card...

For instance, chips allow your credit card to hold not only data, but also data processors... and signal processors, too, if you're so inclined. In fact, your credit card can now hold a computer that's more powerful than the early personal computers were... a whole computer, not just a data strip! Imagine!

[Moderator edit] For myself, I can't wait to see the cool new stuff our credit cards will be able to do in the very near future!

-- C

rhyme

What would you do with a signal processor? (I'm asking honestly, I'm genuinely curious as to what you are getting at, I have no idea as I'm not an engineer)

EUnomad

They should first be keen to avoid the British error of unleashing the technology without proper consumer protections in place. After the laws are adequately reformed, then the banks should be permitted to take risks that aren't at the consumers expense. Of course, as it stands, the banks are permitted to take risks at the consumers expense.

Geographically selective charging has been going on for years, and without a technology variation. There are online merchants who only accept nationally issued credit cards. E.g. a British merchant will refuse a french visa card, accepting only UK-issued numbers. AFAIK, there have been no false advertising lawsuits over that, and that's a much more difficult position to defend considering it's deliberate, as the merchant had to proactively install filtering tools. Compare that to holding visa accountable for a merchants equipment choice, or faulting merchants for their equipment choices. If false advertising were a feasible claim, visa would simply create a new logo for the EMV-only merchants - problem solved.

It'll likely change, but not for the reason you state. Americans feed the tourism industry more than you seem to realize. The cost of maintaining the magstripe is miniscule compared to the revenue generated by it. A few fraudsters get headlines, which obviously spins perceptions disproportionately. If magstripe costs had pushed the cost/benefit to the proportion that you're suggesting, the change you're talking about would have happened a decade ago, as EMV is over 20 years old.

You also must realize that there are a heck of a lot more swipe/sign-capable cards than EMV cards in the world. Every CAP card issued in europe also has a magstripe, but not every magstripe card has an EMV. EMV is the minority here, and business trumps. If you business owner in the tourism industry, you would be a fool to give up the magstripe reader.

The fear of isolation is irrational. Ignoring the amount of influence the US carries (enough to keep magstripe around as long as it wants), you must realize that credit cards are a convenience. Cash is still essential. Americans lose sight of the role of cash, because in the US you can use visa for anything, even paying cab drivers. You are substantially hindered outside the US without cash. Small restaurants in Europe still refuse plastic. It's quite common to find cash-only establishments, even in the big cities. Consequently, if someone is isolated, and has reduced options, it's because they're not carrying cash. Most ATMs work with magstripe.
There's no need to "re-introduce" it. Supply and demand has worked well. There are only some obscure corner cases of magstripes not working. Magstripe card holders automatically blame the magstripe for all card rejections, not realizing that some machines are just being extra selective about the place of issue, or the network. Try a non-Spanish CAP card in a Madrid metro station. It's hit or miss whether it gets accepted. Yet every magstripe cardholder believes their card was denied because of the magstripe.

percysmith

I'm speaking as a card user in HK, mainland China (they are very different still) and Australia.

1. EMV /= PIN! In HK and Aus we can still have our cake and eat it. All Visas issued in the last three years in either market are EMV cards but retail transactions still have to be signed for.

We have PINs, but they are for cash withdrawal only. The general advice I've been getting from my banks is that if I ever go to Europe or Canada and be asked for a PIN, I should key in six zeroes. If it's an unmanned station then I'm stuffed.

If we dispute a transaction, we can easily ask for the card slip or (if CNP) the CNP data that's meant to be provided. No signature or dissimilar signature means chargeback can occur - slips are treated like bills of exchanges. In HK a police report has to be filed before we can ask for the slip/CNP data - this stops abuse.

2. US is not the only market moving from magstripe. China (China Unionpay) is too. China has more than 1.5B (1.5B is a 2008 figure) Unionpay cards in issue and only 9M have chips ("PBOC2.0").

Currently, chip acceptance is low. Magstripe is still the main means of authorising transactions. Tho PBOC2.0's only been out for a year and probably acceptance will improve over time.

Unionpay can run on debit and credit mode as well as ATM. [ need to write more about this later ]

3. I support EMV over magstripe. It even lasts longer

But I don't see a lot of benefits for the user for changing to UK/EU-style Chip and PIN. The only persons it'll benefit are merchants and banks. Whlist on the whole it may be better for the whole economy to move to Chip and PIN, but there's little benefit to me.

EUnomad

Interesting! Have you tried it? I'm wondering if the machine automatically responds properly, or if that just denies the transaction so the can be re-entered differently. In your case, what is used as a decryption key? I suspect it's unencrypted in your case. If there were some sophisticated key management going on, then the EU machines would have to have access to keys in HK.

I've tried to get an EMV card swiped before (in Europe), but the machine was able to detect from the magstripe data that the card also had an EMV, so it rejected the transaction. So as an EMV/magstripe card holder, I was actually denied the protection of signing. Then I used a magstripe-only card on the same machine, and was able to sign.

francophiliac

What COULDN'T you do with an on-card signal processor??? ;-D

Seriously, I have to remind myself that this is a public forum, and as such it isn't an appropriate arena for the discussion of specific patentable ideas. Once a specific idea is published, you see, it's no longer patentable. Like virginity, a good idea that has been given away becomes essentially worthless.

However, I can tell you that about 8 or 9 years ago Motorola introduced a chip, the MSC8101, that had all those components combined: it had a microprocessor, a dedicated signal processor, and on-chip memory all-in-one, and it measured about 1/2" square. With current micro-miniaturization trends, I would guess that nowadays an equivalent chip is, or would be, small enough to put into a credit card.

A signal receiver (an antenna) can be as simple as a fine wire inserted into the card material.

With a passive design that has no moving parts and no need for signal amplification, the smallest and thinnest of solar cells could provide ample power for the chip to respond to any signal received.

What I've described is NOT an "RFID" card -- it isn't designed to transmit its data or identity to other devices without actual contact. It does, however, have the ability to receive and respond to commands transmitted to it.

Speaking very generally, those commands could be received from other devices in the owner's possession, and they could be used to enhance the card's security and/or encryption protocols. The card's chip could be programmed to discriminate between signals, so that it only responds to signals sent to it by a specific device, appropriately encoded to avoid accidental responses to other devices with similar (or the same) frequencies. It could also be programmed to operate only when it is in the near vicinity of that device, and erases itself instantly if a particular "loss or theft" code is transmitted to it from that device.

... Are you beginning to imagine how useful such a card might be?

If your bank card could "listen" to you, what would you want to tell it to do? And if your bank card could also "talk", what would you want it to say?

-- C

EUnomad

That's actually a good reason to discuss patentable ideas publically. Better to prevent patent whores from taking control and preventing the spread of obvious ideas. E.g. It would be useful to have a wallet or smartphone capable of storing 50 different card accounts of various currencies in an encrypted database, and only one plastic card. The wallet would be much thinner, because you only have one plastic card. And after authenticating to the device via biometric or strong password, you could then select which account to sideload onto the card. Or even better, login to your bank and download a one-time-use account number to load onto the card. You could even sign the account digitally with your private key, so the machine that needs the account data could grab your public key from a trusted source, and know that it's you that supplied the account. It could even be encrypted using the public key of the particular machine, so no PIN necessary. It could even make suggestions on which card to choose, depending on the various rewards programs and what you're about to buy. It could use your GPS position to find out what store you're in, and pick the best card for that store. It could do the same with GSM accounts, so you don't need a triple sim phone. It knows you're in the UK, so it loads your UK GSM account on your sim. These are very obvious ideas.. the type of thing on everyones mind. This stuff is probably already patented, but if it weren't, it would not make sense to let one person or company dominate control over the idea, as if they came up with something original.

I should add that halfbakery.com is a good way to publicize ideas that you don't want some company to come along and dominate.

francophiliac

Sounds good in theory, but in practice it costs money to develop technology, and as one who benefits both from the process and from the products developed, I don't have any problem with companies that invest in R&D making a profit. IMHO, we ought to do all we can to encourage more R&D!

-- Claudia

kebosabi

Well despite the saying that the mag-stripe still has its juice left, clearly it seems at least some of the US financial institutions are moving in the EMV direction.

From today's American Banker report: http://www.americanbanker.com/bulletins/-1033718-1.html

The quote:

Pretty much says it all. No one wants to get stuck with a bill for debit/credit card fraud, might as well just start implementing what has worked elsewhere and let the other guys that dilly-dally foot the bill.

I dunno about others, but I think it's an excellent way to attract more customers as well. If major bank A doesn't offer EMV but CU B does, heck I'd move my checking and savings accounts to CU B for sure. And if the day comes where a CU where I can join issues EMV, I will walk into my local BofA and tell them to cancel all of my accounts. When they ask for a reason, I can say "they have EMV on their debit cards."

percysmith

1. Cardholder input at the POS in HK is never required.

2. My EMV slips have approval codes (issued by card issuer) and ARQCs (http://en.wikipedia.org/wiki/EMV#Fir...ction_analysis (Note)).

Here's a typical flow in a HK restaurant.

1. I present my card to merchant.
2. Merchant sticks it into his POS chip reader, keys in amount and waits for approval.
3. The POS tries to connect to acquirer - if our fixed line network is busy, sometimes multiple attempts is required.
4. The POS connects. If it's a large amount, my card issuer sends me a text message advising the amount (<-- from these texts I know my issuer is involved - only my card issuer has my mobile number on file).
5. POS acquires an approval code and ARQC and spews out a thermal or carbon slip for my signature.


Note: they are labelled as "TC" but given I also got an approval code and HK merchants always use EMV on EMV cards, this can't be offline approval.


I think the process of obtaining a ARQC can still be protected by key encryption (I assume static will do, no need for public key/private key even though it's possible):
1. Merchant POS generates transaction data based on card number and amount
2. Details are sent to my card and encrypted with encryption key
3. Merchant sends encrypted message to my card issuer via its acquirer
4. Issuer opens my message with the encryption key I have on file with them and sends my card number and amount back to merchant's acquirer via Visanet
5. If matched with card number and amount sent by the merchant then the acquirer informs the merchant POS the transaction has been approved.

A PIN can be included in (2) but not strictly necessary because the card number is already included. A PIN at this stage will only let the issuer and merchant know I am an authorised user of the card. A signature is better for that (from my perspective as cardholder)


See cardholder verification list
http://www.chipandspin.co.uk/problems.html#emv
http://www.chipandspin.co.uk/spin.pdf#page=8

percysmith

Of course not. As mentioned, in Asia Pacific a PIN is not required to run EMV transactions. The key you're thinking about is hard coded into the chip - we never see it. Bank server has the other copy.