Apparently, the authentication system on Chip-and-PIN bank cards is fundamentally flawed. You can manipulate the system to accept any PIN, by taking advantage of the negotiation system used between the merchant and the bank’s authorisation system. This post and this technical paper provide more details on the vulnerability. These cards are common in Europe, and being increasingly rolled out in North America for security reasons. Perhaps the banks doing so should rethink that.
This seems like another example of how serious breaches in electronic security systems are rarely caused by attacks against encryption algorithms directly. Much more often, it is some other component of the system that is weak.
Any indication whether a software patch could fix this? Or will they have to replace lots of expensive gear?
I’ve been wondering if the mindset of bankers is such that they keep looking for a technological bandaid that will allow them to continue to avoid developing best practices around card security.
I’ve also been wondering whether the introduction of chip-and-pin is more about security theatre than an actual attempt to improve security. Banks certainly appear to clam up about how often mag-stripe cards have been compromised, in hopes of reassuring their customers that all is well, and there’s nothing to see…
Because it uses a challenge-response protocol, Chip-and-PIN should theoretically be more robust than a magnetic strip.
What this situation seems to show is that implementing good security ideas can be hard, and can easily generate unexpected vulnerabilities.
It also shows why quantum cryptography is less important than sometimes suggested.
The other thing that the CHIP allows is the downloading of fraud responsibility to the end user. The old cards had the banks on the hook for fraud, but the new cards come with new agreements that limits their liability and puts the onus on the card holder for fraudulant charges,
So they do improve security, only it’s for the banks, not for the customers.