[email protected] (Martin Packer) writes: > Ah Chip & PIN at last.
there was a large pilot deployment in the US around the turn of the century ... however it was in the "YES CARD" period ... the issue was it was possible to use the same skimming exploits to collect information for counterfeit magstripe card ... for making counterfeit chipcards. Gov. LEOs did a description of "YES CARD" cases at an ATM Integrity TaskForce meeting ... prompting somebody in the audience to exclaim that they managed to spend billions of dollars to prove that chipcards are less secure than magstripe. In the wake of that, all evidence of the pilot evaporated w/o a trace and speculation was that it would be a long time while things were tried in the US again (waiting for more glitches to be worked out in other jurisdictions). The problem was 1) it was as easy to make counterfeit chipcards as magstipe and 2) they had moved business rules out into the chip. A chipcard terminal would ask the chip 1) was the correct PIN entered, 2) should the transaction be done offline, 3) is the transaction within the credit limit. A counterfeit "YES CARD" would answer "YES" to all three, so didn't need to know the correct PIN and didn't need to do online check with backend (and all transaction are approved). Traditional countermeasure for counterfeit magstripe card is to deactivate the account at the backend ... but that doesn't work with "YES CARD" I had warned the people doing the pilot about the problems, but they went ahead and did it anyway (they were myopically focused on lost/stolen cards and ignored the counterfeit "YES CARD" scenarios). Reference to "YES CARD" presentation at the bottom of this CARTES2002 trip report (gone 404, but lives on at the wayback machine) http://web.archive.org/web/20030417083810/http://www.smartcard.co.uk/resources/articles/cartes2002.html disclaimer: in the mid/late 90s, I was asked to do a protocol&chip that had no such vulnerabilities and was significantly more secure ... then the transit industry also requested that it could also run contactless within the power&time constraints of transit turnstyle (w/o any reduction in security&integrity) ... have you seen how long these transactions take? ... even when they are getting full contact power. -- virtualization experience starting Jan1968, online at home since Mar1970 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
