Smart card players defend Chip and PIN
Fraudsters could insert a "wedge" between the stolen card and terminal, which tricks the terminal into believing that the PIN was correctly verified. In fact, the fraudster can enter any PIN, and the transaction will be accepted, Steven Murdoch, Saar Drimer, Ross Anderson and Mike Bond have found. This story is a further development of previous announcements by the same team involing on EMV CAP reader and a payment transaction (cf. Smart Insights Weekly #10-04)
The UK Cards Association has dismissed the claim, however, saying that while the research had shown a theoretical flaw, that didn't mean it was practical – or even possible – to take advantage of the loophole in practice. “We believe that this complicated method will never present a real threat to our customers' cards,” a spokesperson for the organisation said in a statement. “It requires possession of a customer's card and unfortunately there are much simpler ways to commit fraud under these circumstances at much less risk to the criminal."
The Smart Card Alliance, meanwhile, issued a six-point statement of its own. It argued that the requirement for a card to have been stolen but not yet reported as such, combined with the need for a fake card with wires running up the sleeve of the fraudster and the technical know-how needed to commit the fraud, meant that widespread implementation of the attack was highly unlikely.
MasterCard Worldwide says chip-and-PIN card issuers have countermeasures available to help prevent an attack that could authenticate a card with a false PIN.
Ken Warren, Smart Card Business Manager Europe, Cryptography Research says that it is a feasible 'man in the middle' attack. But he cautions that Chip & Pin is a vast improvement in terms of security over the magstripe security it replaces.
According to Ken Waren, the reason this attack works is due to an EMV transaction using Static Data Authentication (SDA) where the PIN verification is sent in the clear (not encrypted by the card). Although it is based on public key at issuance, with SDA the signature used to authenticate the card is the same for each transaction (static), so cloned cards are not detectable. Also with SDA the transaction data cannot be verified offline and PIN verification is not encrypted. The vast majority of EMV cards deployed today are SDA - largely because they are the cheap and simple and the protocol and transaction processing does not require any significant alteration to the banks back end acquiring infrastructure. He adds that attack is not without its practical limitations, in that one needs to have card and develop portable fixture that can be used at terminal without detection
A solution to this would be to move to DDA (Dynamic Data Authentication) cards - where the card has a crypto capability and can provide more advanced off line security. With DDA it is possible to verify the authenticity of the card and cloning is prevented. But most importantly in this attack - the PIN verification is encrypted so this kind of man-in-the-middle attack would not be possible with getting hold of the secret keys on the card. DDA cards include an on-chip crypto processor and are hence more expensive, however about 30% of EMV cards now issued are DDA capable.