March 07, 2006

FraudWatch - Chip&Pin, a new tenner (USD10)

Chip&Pin in Britain measured a nearly full year of implementation (since February) and found fraud had dropped by 13%. They say that's good. Well, it's not bad but it is a far cry from the 80% figures that I recall being touted when they were pushing it through.

The Chip and Pin system cut plastic card fraud by 13% in 2005, according to the Association of Payment Clearing Services (Apacs). Losses due to the fraudulent use of credit and debit cards fell last year by 65m to 439m.

Most categories of fraudulent card use dropped, except for transactions over the phone, internet or by mail. Chip and Pin cards were introduced in 2004, with their use becoming required in shops from February this year.

The new type of card appears to have brought a decisive turnaround with fraud levels now back to the levels last seen in 2003. In 2004, as the new cards were being introduced, card fraud continued to shoot up, by 20%, costing banks and retailers more than half a billion pounds.

Sandra Quinn of Apacs hailed the impact of Chip and Pin, which has been rolled out to most of the UK retailing and banking industries since October 2003:

"Seeing card fraud losses come down is cast-iron proof that Chip and Pin is doing its job. Back in 2002 we forecast that fraud would have risen to 800m in 2005 if we didn't make the move to Chip and Pin so it's heartening to see total losses well beneath this figure" she said.

So maybe if we factor in such a prediction of 800m, down now to 439, we are seeing a drop of 45%. I'd say that according to GP they moved too late and ended up with an institutionalised fraud at a high and economic level. Clawing that back is going to take some doing.

And, also from PaymentNews, the US mint continues its sly dance to use other colours than green:

Security Features
The redesigned $10 note also retains three of the most important security features that were first introduced in the 1990s and are easy to check: color-shifting ink, watermark and security thread.

Color-Shifting Ink: Tilt your ten to check that the numeral "10" in the lower right-hand corner on the face of the note changes color from copper to green. The color shift is more dramatic on the redesigned notes, making it even easier for people to check their money.

Watermark: Hold your ten up to the light to see if a faint image of Treasury Secretary Alexander Hamilton appears to the right of his large portrait. It can be seen from both sides of the note. On the redesigned $10 note, a blank oval has been incorporated into the design to highlight the watermark's location.

Security Thread: Hold your ten up to the light and make sure there's a small strip embedded in the paper. The words "USA TEN" and a small flag are visible in tiny print. It runs vertically to the right of the portrait and can be seen from both sides of the note. This thread glows orange when held under ultraviolet light.

To protect our economy and your hard-earned money, the U.S. government expects to redesign its currency every seven to ten years.

Everything is good fun about that page, even the URL!

Posted by iang at March 7, 2006 05:10 AM | TrackBack

I think it is a bit premature to start evaluating the success of C+P at this stage.

For any practical purpose - C+P only really started about three weeks ago when it became possible for retailers to insist on a pin instead of a signature. Prior to that date all that was being achieved was user familiarisation, not fraud prevention.

Even now I won't have C+P for all of my UK issued plastic till December 2007 (Amex isn't issuing it till the old card expires).

And many vendors don't have the equipment yet, and in any case can opt to accept signatures if they accept the risk. (fraud is still fraud - regardless of who ends up having to foot the bill).

I have really only had the option using a pin for a good percentage of my purches for about two months, and any assessment of effectiveness at fraud prevention has to be measured from the time some cards can't be used for some purchases without a pin.

Currently a stolen card is still quite usable without a pin. The fraudster just has the inconvenience of a more restricted choice of vendors if the card in pin enabled. (a stolen card is now less like cash and more like a gift voucher)

Going from signature based cards to a period of signature OR pin should, whilst the user has free choice, have made fraud easier rather than harder - because the fraudster will still have the old option of forging a signature, but occassionally may strike it lucky and get a card with a copy of the pin.

This time next year will provide some more interesting statistics. The full benefits will not really be evident till a year or two after that, but I would expect to see a large percentage of the eventual benefit in statics for the next 12 months..

Posted by: Digbyt at March 7, 2006 04:04 PM

it has actually gone thru a number of generations ... and somewhat is starting to look a little more like x9.59

see the discussion hear (slight access problem, so had to resort to the wayback machine)

with earlier version having gotten the label "yes card" in the UK press.

early x9.59 and emv work were going on about the same time. x9.59 looked at straight-forword authentication of the transactions ... while emv has somewhat gone thru a number of iterations starting to converge on the idea of actually authenticating the transaction (as opposed to various mechanism possibly authenticating separately from doing the transaction).

misc. past posts mentioning "yes card": WYTM? A combined EMV and ID card Single Identity. Was: PKI International Consortium Article on passwords in Wired News RPOW - Reusable Proofs of Work Security of Oyster Cards command line switches [Re: [REALLY OT!] Overuse of symbolic constants] US fiscal policy (Was: Bob Bemer, Computer Pioneer,Father of ASCII,Invento US fiscal policy (Was: Bob Bemer, Computer Pioneer,Father of ASCII,Invento US fiscal policy (Was: Bob Bemer, Computer Pioneer,Father of ASCII,Invento A quote from Crypto-Gram Methods of payment Methods of payment AMD to leave x86 behind? Caller ID "spoofing"

Posted by: Lynn Wheeler at March 8, 2006 10:53 AM

events this week may be bringing more attention to transition away from implementations with skimming, harvesting, and/or MITM vulnerabilities. small roundup of this week's new articles

Citigroup blocks cards in three nations after breach
International Citibank Customers Shaken By Data Breach
International Citibank Customers Shaken By Data Breach
Citibank Data Breach | International Citibank Customers Shaken By Data Breach
Citi Blocks Some Debit Cards After Breach
Citibank cards pulled after network breach
Citibank blocks ATM cards after retailer breach
Citibank Data Breach
Citibank probes ATM withdrawals, cites potential U.S. 'retailer breaches',10801,109308,00.html
As Banks Reissue Debit Cards, Experts Warn of More Compromises
Debit card fraud spree linked to security breach,39024655,39157043,00.htm
Citibank Confirms Fraud in Canada, UK, Russia Linked to Breach,1895,1934988,00.asp
Debit Card Fraud Tied to OfficeMax Breach,1895,1935677,00.asp
Debit card fraud outbreak raises questions about data breach,10801,109427,00.html
IBNLive : PAN card fraud busted in Mumbai§ion_id=7
E-Fraud | PIN Scandal 'Worst Hack Ever'; Citibank Only The Start
US banks fall victim to large-scale hacking and skimming fraud
Citibank uncovers debit card fraud,0,3699639.story?coll=orl-business-headlines
Citibank uncovers debit card fraud,0,4638004.story?coll=sfla-business-headlines
Citibank uncovers debit card fraud,1,1026651.story?coll=chi-technologylocal-hed
PINs no obstacle for debit card thieves
PINs no obstacle for debit card thieves
Huge ATM Scam May Be Global in Scope
Citibank card fraud - magnetic strip to blame?,3800010322,39157105,00.htm
Debit Card Fraud Jumps
Officials: ATM PINs Stolen On Massive Scale
Citibank responds to ATM fraud concerns
Card Skimming Is ATM Industry's Biggest Fraud
New debit card fraud tied to West Coast case
New debit card fraud tied to West Coast case
New debit card fraud tied to West Coast case
New debit card fraud tied to West Coast case
Fraudsters target Citibank - Breaking
Citibank issues ATM fraud statement
Citibank issues ATM fraud statement
Citibank reissues cards after fraudulent withdrawals
Citibank Reissues Some Payment Cards After Fraudulent Withdrawals
Security Bytes: Scope of debit card fraud may be widening,289142,sid14_gci1172241,00.html
PIN Scandal 'Worst Hack Ever;' Citibank Only The Start
Idiot Watch Citibank Locks Down ATM Cards
Citibank Blocks Some Debit-Card Use Abroad

Posted by: Lynn Wheeler at March 10, 2006 02:33 PM

some more from yesterday ... including some discussion on characteristics of static data and replay attacks Caller ID "spoofing"

part of the issue w/x9.59 ... that originally started going on in the same time-frame as the original chip&pin ... was that the x9a10 financial standards working group was given the requirement (for x9.59) "to preserve the integrity of the financial infrastructure for all retail payments" (ALL as in "ALL" ... not just point-of-sale, not just internet, or not just a specific type).

some drift about internet-specific activities in the mid-90s Beinner's Pubkey Crypto Question

and previous post on work for POS-specific (but not internet) starting in the same time-frame

Signature Debit Fraud Runs 15 Times Higher Than on PIN Debit Fraud
That key-chain credit-card fob is an identity theft risk
Debit cards offer less security than credit cards (less protection under reg-E)
PIN Scandal "Worst Hack Ever;" Citibank Only The Start
National ATM Card Breach Affecting Triangle Cardholders
Banks Issue New Debit Cards After Security Breach
Breach Of Security Among Debit Card Companies
Thieves Compromise Debit Card PINs
New Theft Scam Targets Debit Cards
Credit Card Scams
Thousands Becoming Victims of ATM Fraud
Debit card hackers in huge ATM theft
Citibank blocks some debit cards
Debit-card security addressed
Hackers crack PINs, rob foreign banks
If You Can't Trust Your Bank, Who Can You Trust?
Something In The Cards Prompts Citigroup To Call Them Quits

Posted by: Lynn Wheeler at March 12, 2006 12:35 PM

part of the issue was a lot of the early chip&pin work was oriented towards card vulnerabilities.

skimming (starting by at least the early 90s) and the "yes card" are attacks against the infrastructure and the POS terminals.

there may be the possibility of MITM-attacks against dynamic data authentication of the chip ... i.e. separate from the chip performing transaction ... something that was looked at in X9.59 and required authentication of the transactions ... as opposed to authentication separate from the transaction. part of this is understanding broader landscape of threat models ... misc. on MITM-attacks ... but also some discussion of threat modeling

however a possible vulnerability (in POS terminal attack) is that since both "static data" and "dynamic data" are part of the authentication specification ... even if all new cards deployed are "dynamic" ... terminals may still continue to have support for "static data" specification. in such a scenario, it might be possible for a skimming attack to still acquire sufficient (static data) information to turn around and build an acceptable counterfeit "yes card" (where it then convinces a terminal that it is a valid, older "static data" chip).

earlier "yes card" reference

and the more detailed discussion of "yes card"

part of the above is the mention about it staying around forever (or at least as long as any POS terminals continue to have chip&pin static data specification support).

Posted by: Lynn Wheeler at March 12, 2006 03:49 PM

Confusion reigns over identity of merchants who sparked fraud
related old standby post, security proportional to risk
and more recent thread
Up To 600,000 PIN-Debit Cards Affected In Hack
Your secret PIN may not be so secret
Say Hi to the mouse click capturing Trojan (some number of companies have been promoting mouse clicks as countermeasure to pin-capture keyloggers)
NACHA Starts Drive to Sign up Participants for Web-Payment Pilot
Nacha to pilot online authentication concept
after having done aads pilot in 2000
Poor authentication increases risk of identity fraud
Hackers cash in on financial sector attacks
Ignoring data breaches means ignoring risk management,289142,sid14_gci1173214,00.html

Posted by: Lynn Wheeler at March 16, 2006 10:29 AM

and if you haven't gotten tired of the current rash of fraud related news .... here is a few more. also a related post from sci.crypt Debit Cards HACKED now


Huge Hack Threatens to Cool off Torrid Growth of PIN Debit Payments
Identity Theft Expert Says the Theft of Customers' PIN Numbers from a Major Bank Shows High-Tech Fraud Knows No Bounds
Skimming scares off cash machine users,3800010322,39157323,00.htm
Banks do battle with debit-card fraud
Banks take on debit-card theft
Banks do battle with debit-card fraud
Banks told to adopt stronger authentication,3800010322,39157367,00.htm
Your secret PIN may not be so secret
US payment association to test bank-verified online payments
House Slated to Pass Data Breach Bill
The intersection of Sarbanes-Oxley and insider threats,10801,109527,00.html
Phishing scammers and data thieves prey on UK companies

Posted by: Lynn Wheeler at March 17, 2006 01:42 PM

there were possibly a couple million of these (chip&pin) cards issued in this time-frame (this article dated 14sep2000),10801,50230,00.html

that were of the variety described in the last paragraph of this smartcard trip report

as mentioned elsewhere, a lot of the countermeasures had concentrated on compromise of a valid card (as opposed to attacks on terminals or infrastructure that has been signature of skimming/harvesting/phishing) ... for instance a valid card was normally configured to periodically specify doing an online, realtime transaction. if the card had been reported lost/stolen ... the account could be turned off ... which works for online, realtime transactions. however, as originally intended, the card would typically perform most of its transactions offline. as a result there was provision to issue a "die" command to a card that had been reported lost/stolen (the next time it went online).

as mentioned in the above report, the counterfeit "yes cards" ... created from skimmed data, would be programmed to never go online ... so turning off the account in the backend had no effect ... and also there would be no opportunity to issue the "die" command. the report does mention that some of the more simpler counterfeit card implementations might still periodically go online ... but as implied in the above report ... would not honor the command to commit suicide ... aka from the last paragraph in above:

*Weaker clones will go online, but they still cannot be shut down. Therefore, unless they are physically removed, clones are there forever once they are made.*

... in this scenario, the *weaker clones*, for the situations where there was eventually an online connection ... that transaction would be declined (i.e. the account had been turned off in the backend) ... but the clone would be programmed to ignore the suicide command and therefor could still be retained and used later in other offline transactions. a crook might just have a variety of clone/counterfeit cards and substitute one that wouldn't go online (and therefor the transaction would be approved).

previous post FraudWatch - Chip&Pin

Posted by: Lynn Wheeler at April 2, 2006 11:39 AM

with regard to divulging threats and vulernabilities ... there frequently isn't a lot of public information ... although it appears that there is all kinds of information widely available to attackers.

there is some discussion found here with regard to "yes card" operation:

x9a10 had been given the requirement to preserve the intergrity of the financial infrastructure for all retail payments (including, at least both point-of-sale and internet). as a result, a broad gamate of vulnerabilities and threats had to be considered ... including various kinds of skimming and replay attacks as well as various kinds of MITM attacks ... some reference Creativity and security

part of this is that various kinds of replay attacks and mitm attacks can seem more obvious in a internet setting ... however similar type of attacks can't be ruled out for point-of-sale.

following is website describing chip&pin implementation and deployment

however, from the above (near the bottom):

Please note that for reasons of security, TransactDirect does not support EMV Chip&PIN connectivity via the Internet.

... snip

while not stating what the security issues at ... states that there are attacks against chip&pin use in an internet setting ... and based on the x9.59 financial standards work, we found that numerous of the internet oriented vulnerabilities actually also tended to have analogous attacks in a physical world setting.

Posted by: Lynn Wheeler at April 8, 2006 12:50 PM

Lynn, how does the chip&pin stuff in the US relate to the rollout in the UK? Are they the same things? Does that mean we can assume the history repeats itself?

Posted by: Iang at April 8, 2006 02:13 PM

Iang G wrote:
> Lynn, how does the chip&pin stuff in the US relate to
> the rollout in the UK? Are they the same things?
> Does that mean we can assume the history repeats itself?

this references chip&pin rollouts in the US in 2000/2001 time-frame involving a couple million cards,10801,50230,00.html

this 2002 trip report describes "yes card" vulnerabilities in the chip&pin rolled out up until that time (eu, uk, us, etc):

I recently ran across a web page that stated that there have been over 400 million chip&pin deployed world-wide since chip&pin first started in 1995(?)

I've heard that at least some of the vulnerability/threats (mentioned in the 2002 card trip report) have been addressed.

However, the comment at this page discussing current uk chip&pin roll-out

mentions that there are still security issues with using chip&pin in internet environment.

in this posting here

the x9a10 standards found that most of the internet-based threats and vulnerabilities turned out to have corresponding threats and vulnerabilities in the physical and point-of-sale world.

the x9a10 standards work started in the mid-90s, with the requirement to preserve the integrity of the financial infrastructure for ALL retail payments, had to consider a broad variety of threats and vulnerabilities (for all possible retail payments, including at least both internet and point-of-sale).

part of this work drew on our earlier efforts having work on the original payment gateway with a small client/server startup in the valley that had this technology called SSL and was looking at doing payments from their server (commoningly referred to now as e-commerce)

In 1998 time-frame, based on the x9.59 standards work, we had also drafted the RFI response to the NACHA internet payments trials

In the same time-frame we had put out requirements to vendors for aads chip strawman. rather than exactly specify what the chip did, we specified the requirements that such chips had to meet:

1) dynamic data transaction authentication (preferrably some form of digital signature)
2) available in both contact and contactless (iso 14443) forms
3) be able to do transaction authentication in the transit gate elapsed time requirements AND in the iso 14443 power limitations

minor aads chip strawman reference from the period:

The dynamic data transaction authentication addresses both the skimming/replay attacks characteristic of static data transaction authentication as well as various MITM-attacks when the chip/card is authenticated separately from the transaction.

Part of this was from fundamental application of 3-factor authentication model

* something you have
* something you know
* something you are

Part of the issue seems to be a large amount of attention payed to countermeasures for various kinds of attacks on valid cards. However, the actual threat descriptions appear to be against other parts of the infrastructure ... where various existing vulnerabilities have been exasherbated with the introduction of chip&pin ... or the introduction of chip&pin have resulted in new kinds of vulnerabilities in other parts of the infrastructure (like the "yes card" reference to chip&pin introduction of offline transactions negating the usefullness of deactivating accounts, which works in online transaction environment).

Posted by: Lynn Wheeler at April 8, 2006 04:10 PM

Lynn wrote:
> minor aads chip strawman reference from the period:

I had given a talk on AADS at Assurance panel in the trusted computing track at the spring 2001 Intel Developer's Conference

During my talk, I quiped that it was nice to see that TPM had started to look more & more like AADS chip strawman over the previous couple years. The guy running TPM effort was in the front row and quiped back that was because I hadn't a committee of a couple hundred people helping me design AADS.

note in the previous post ... I had dropped a reference to crucial AADS requirement which was extremely aggresive cost reduction ... which I've included in the embellished archived version: FraudWatch - Chip&Pin

Posted by: Lynn Wheeler at April 9, 2006 10:57 AM

Petrol giant Shell has suspended chip-and-pin payments in 600 UK petrol stations after more than 1m was siphoned out of customers' accounts.

previous post in this thread: FraudWatch - Chip&Pin

misc. collected fraud, vulnerabilities, threats, exploit posts

Posted by: Lynn Wheeler at May 6, 2006 09:50 AM

re: FraudWatch - Chip&Pin

and some late breaking:

Eight held over chip and pin fraud,,-5803656,00.html
Eight held over chip and pin fraud
Eight held over chip and pin fraud

the above implies that the chip passes an image of magstripe information as part of the communication ... and that this information is being skimmed (possibly the magstipe image is included in some form of digital certificate and/or the chip terminal is designed in such a way that it simultaneously establishes chip communication and reads the magstripe?).

the skimmed information (from the chip?) is then used to counterfeit a magstripe card ... which is then used for fraudulent (magstripe) transactions.

it mentions that the PIN is also being skimmed which is then also available for fraudulent (magstripe) pin-debit transactions. the implication then is that the chip's PIN is the same as the magstripe debit PIN.

Posted by: Lynn Wheeler at May 6, 2006 10:12 AM

some of the the latest:

Millions at risk from chip and Pin
Millions in danger from chip and pin fraudsters

and some comments UK Detects Chip-And-PIN Security Flaw UK Banks Expected To Move To DDA EMV Cards

Posted by: Lynn Wheeler at June 9, 2006 12:18 AM

French Banks Upgrade Security Of EMV Cards

from above

Most EMV cards in circulation worldwide, including those in the UK, use less-secure "static" signatures, which can be copied onto cloned cards. Unless issuers send these transactions over the processing network for online authentication, terminals might not be able to detect fraudulent cards.

... snip ...

also Naked Payments IV - let's all go naked

see last paragraph on "yes cards" in the following

Posted by: Lynn Wheeler at July 6, 2006 01:01 AM
Post a comment

Remember personal info?

Hit preview to see your comment as it would be displayed.