Argh, found this in my Drafts folder, never sent. Figured with SHARE coming up, might be worth correcting some misapprehensions.
Lynn wrote: >The problem was 1) it was as easy to make counterfeit chipcards as magstipe >and 2) they had moved business rules out into the chip. A chipcard terminal >would ask the chip 1) was the correct PIN entered, 2) should the transaction >be done offline, 3) is the transaction within the credit limit. A counterfeit >"YES CARD" would answer "YES" to all three, so didn't need to know the correct >PIN and didn't need to do online check with backend (and all transaction are >approved). Traditional countermeasure for counterfeit magstripe card is to >deactivate the account at the backend ... but that doesn't work with "YES CARD" Interesting, but nowadays (at least, maybe not back when Lynn looked at this) this isn’t really correct. The hierarchy (so a $10 charge might be allowed offline, whereas a $1000 charge will not) is indeed defined in the card, but the communication between the card and the terminal is encrypted using asymmetric encryption and certificates, so it’s not trivial/easy to spoof. This business of allowing small charges offline is similar to the “counter limit”—the limit above which you must sign for a signature transaction—which varies by store; the highest I’ve seen is Costco, where I think it’s $200. That’s because Costco knows who you (allegedly) are already, although of course if someone gets ahold of my Costco AmEx, which has a Costco barcode on it, this kind of falls apart. But $200 to Costco is also basically nothing (true story: about a decade ago, I asked the manager at a local Costco how much business they did on an average day. “About $150,000”, he replied. That’s $50M *for that one store* each year! Amazing…) Anyway, since a larger charge (typically over $20 or maybe $50) requires online operation, and the cryptogram a forged card generates won’t pass validation, it won’t be much use. Similarly, even if the card stored the credit limit (unlikely to my understanding—since there are multiple paths to charging things, such a limit would be advisory only at best, i.e., “Last time I [the card] checked, his open-to-buy was only $15, so if it’s over that, force online validation”), again, all that makes the forged card useful for is small amounts, since the “hard” offline limits will be hit for anything worth buying. Note also, BTW, that a chipcard can be disabled at the terminal—that is, the card can be told “You are a bad rabbit, you are no longer valid” and that information will be stored securely. A more likely scenario is to clone the magstripe and have an invalid chip. Then the card fails chip validation and falls back to magstripe. That’s MUCH easier, and should get you one flatscreen at least before it gets noticed ☺ …phsiii ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
