Tag Archives: Europay

Chip and Pin Verification Flawed … Will you be out of pocket?

Steven J. Murdoch, Saar Drimer, Ross Anderson, Mike Bond from Cambridge University have been researching chip and pin that we are all familiar with in this country on our payment cards. EMV (Europay, Mastercard and Visa came up with the standard) is the protocol used with payment cards worldwide, but they are most common in europe.

EMV is used to secures the payment card transactions by authenticating the person and card. This is done with a combination of the authorisation codes, digital signature, and of course then the pin entry. Chip and Pin was introduced to reduce fraud with card payments, that previously relied on the signature on the reverse of the card for person verification.

They work of the guys at Cambridge University have identified and documented a flaw in the EMV process that allows a fraudster to make payments with a genuine card, without knowing the correct pin.

This obviously is a significant issue, and is not something specific to the issuing bank, but the card process in general.

Cambridge University have released a paper with information on their study, and it makes for an interesting read. Obviously it does not disclose the specifics, but I think a few of us will have some idea of how this functions.

Document Conslusion Extract:
In this paper we have shown how the PIN verification feature of the EMV protocol is flawed. A lack of authentication on the PIN verification response, coupled with an ambiguity in the encoding of the result of cardholder verification as included in the TVR, allows an attacker with a simple man in-the-middle to use a card without knowing the correct PIN. This attack can be used to make fraudulent purchases on a stolen card. We have demonstrated that the live banking network is vulnerable by successfully placing a transaction using the wrong PIN. The records indeed falsely show that the PIN was verified successfully, and the money was actually withdrawn from an account. Attacks such as this could help explain the many cases in which a card has supposedly been used with the PIN, despite the customer being adamant that they have not divulged it. So far, banks have refused to refund such victims, because they assert that a card cannot be used without the correct PIN; this paper shows that their claim is false. We have discussed how this protocol flaw has remained undetected, due to the public specifications being not only complex, but also failing to specify security-critical details.
Finally, we have described one way in which this vulnerability may be fixed by issuer banks, while maintaining backwards compatibility with existing systems. However, it is clear that the EMV framework is seriously flawed. Rather than leaving its member banks to patch each successive vulnerability, the EMV consortium should start planning a redesign and an orderly migration to the next version. In the meantime, the EMV protocol should be considered broken.

Obviously this is not good, it is however concerning to read that people who fall victim to these sort of attack are not being reimbursed for their loss.

These guys have done some good interesting work, I just hope the industry takes this on board and makes the appropriate improvements.

In this paper we have shown how the PIN verification feature
of the EMV protocol is flawed. A lack of authentication
on the PIN verification response, coupled with an ambiguity
in the encoding of the result of cardholder verification as
included in the TVR, allows an attacker with a simple manin-
the-middle to use a card without knowing the correct PIN.
This attack can be used to make fraudulent purchases on
a stolen card. We have demonstrated that the live banking
network is vulnerable by successfully placing a transaction
using the wrong PIN. The records indeed falsely show
that the PIN was verified successfully, and the money was
actually withdrawn from an account.
Attacks such as this could help explain the many cases in
which a card has supposedly been used with the PIN, despite
the customer being adamant that they have not divulged it.
So far, banks have refused to refund such victims, because
they assert that a card cannot be used without the correct
PIN; this paper shows that their claim is false.
We have discussed how this protocol flaw has remained
undetected, due to the public specifications being not only
complex, but also failing to specify security-critical details.
Finally, we have described one way in which this vulnerability
may be fixed by issuer banks, while maintaining
backwards compatibility with existing systems. However, it
is clear that the EMV framework is seriously flawed. Rather
than leaving its member banks to patch each successive
vulnerability, the EMV consortium should start planning a
redesign and an orderly migration to the next version. In the