JavaScript disabled. Please enable JavaScript to use My News, My Clippings, My Comments and user settings.

If you have trouble accessing our login form below, you can go to our login page.

If you have trouble accessing our login form below, you can go to our login page.

Chip and PIN cards can be cloned: researchers

Date

Brian Krebs

Zoom in on this story. Explore all there is to know.

Researchers in the United Kingdom say they have mounting evidence that thieves have been quietly exploiting design flaws in a security system widely used in Europe and Australia to prevent credit and debit card fraud at cash machines and point-of-sale devices.

At issue is an anti-fraud system called EMV (short for Europay, MasterCard and Visa), also known as "chip-and-PIN". The cards include a secret algorithm embedded in the chip that encodes the card data, making it more difficult for fraudsters use stolen cards at EMV-compliant terminals.

Chip-and-PIN is widely supported in Australia, where major card brands work with banks and ATM and payment terminal makers to support the technology.

EMV standards call for cards to be authenticated to a payment terminal or ATM by computing several bits of information, including the charge or withdrawal amount, the date, and a so-called "unpredictable number". But researchers from the computer laboratory at Cambridge University say they discovered some payment terminals and ATMs rely on little more than simple counters, or incremental numbers that are quite predictable.

"The current problem is that instead of having the random number generated by the bank, it's generated by the merchant terminal," said Ross Anderson, professor of security engineering at Cambridge, and an author of a paper being released this week titled, Chip and Skim: Cloning EMV cards with the Pre-Play Attack.

Anderson said the failure to specify that merchant terminals should insist on truly random numbers, instead of merely non-repeating numbers — is at the crux of the problem.

"This leads to two potential failures: If the merchant terminal doesn't a generate random number, you're stuffed," he said in an interview. "And the second is if there is some wicked interception device between the merchant terminal and the bank, such as malware on the merchant's server, then you're also stuffed."

The "pre-play" aspect of the attack mentioned in the title of their paper refers to the ability to predict the unpredictable number, which theoretically allows an attacker to record everything from the card transaction and to play it back and impersonate the card in additional transactions at a future date and location.

Anderson and a team of other researchers at Cambridge started their research more than nine months ago, when they first began hearing from European bank card users affected by fraud — even though they had not shared their PIN with anyone.

The victims' banks refused to reimburse the losses, arguing that the EMV technology made the claimed fraud impossible. But the researchers suspected that fraudsters had discovered a method of predicting the supposedly unpredictable number used by specific point-of-sale devices or ATMs models.

For example, the team heard from a physics professor in Stockholm who went to Brussels and bought a meal at a nice restaurant for 255 euros, and immediately after midnight that evening had his card debited with two transactions of 750 euros each at another payment terminal nearby.

Anderson said the team had "lots and lots of victims" coming to them (several others are mentioned in the group's blog post on the paper), complaining of being ripped off and then denied help from their banks. The researchers say they notified the appropriate banking industry organisations of their findings in early 2012, but opted to publish their work because it they believe it helps to explain good portion of the unsolved phantom withdrawal cases reported to them for which they previously had no explanation.

"The point here is that when a bank turns down a customer because [a fraudulent transaction] looks like cloning and cloning isn't possible because the card has a tamper resistant chip, we show that this kind of logic doesn't stand up," Anderson said.

The research team said their work is informed by data collected from more than 1000 transactions at more than 20 ATMs and a number of point-of-sale terminals. They also purchased three EMV-enabled ATMs off of eBay, and began systematically harvesting unpredictable numbers from them in hopes of finding predictable random number generators. Their research on this front is ongoing, but so far the group says it has established non-uniformity of unpredictable numbers in half of the ATMs they looked at.

In response to inquiries from the BBC, a spokeswoman for the UK's Financial Fraud Action group downplayed the threat, telling the publication: "We've never claimed that chip and pin is 100 percent secure and the industry has successfully adopted a multi-layered approach to detecting any newly-identified types of fraud. What we know is that there is absolutely no evidence of this complicated fraud being undertaken in the real world. It requires considerable effort to set up and involves a series of co-ordinated activities, each of which carries a certain risk of detection and failure for the fraudster."

Anderson says the industry's response is typical.

"They're saying this is too complex a fraud for the average villain to conduct, but they always say that, and they said that about our PIN entry device compromise research in 2008, despite the fact that it was already happening in the field. The second thing they're saying is they have no evidence of real cases. And that's exactly what they said in 2010, when we released our no-PIN fraud research. But we later learned that the UK cards association did at the time know that there were no-PIN frauds going on in France to the tune of about a million euros. Then when we went back and said, 'Aha, we've got them for making false statements,' it turned out that they'd written their statement very carefully to say they had no evidence of this happening in Britain, not no evidence of this happening full-stop. So this is following an established pattern by bank PR people of carefully denying it in ways that don't stand up."

A copy of the research paper is available here (PDF).

KrebsOnAecurity

10 comments so far

  • In their provided analysis the Cambridge researchers have assumed that the chip cards are so called SDA cards. Those cards are really not better than mag stripe cards which are very vulnerable to skimming and cloning.

    If the original card which was skimmed was of the SDA type, then there is a theoretical possibility that the cloned card might be able to fool the POS terminal that it is genuine card. Further if the POS terminal has fully predictable random number generator the crook may be able to try to replay cloned EMV ARQC and EMV TC data to the issuer host hoping they will not detect duplicates. Any reasonable implementation of the issuer EMV authorization system should be able to detect duplicate transaction attempts (for example using ATC - Application Transaction Counter - data from the card, which is part of the ARQC and TC cryptograms) and the transaction must be declined.

    On the other hand if the issuer (bank) provides legitimate cardholder with so called advanced DDA card the EMV protocol should catch the fraudulent transaction attempt even before the POS terminal vulnerability can be attempted to be exploited. In other words if DDA EMV card is used this attack is not applicable.

    Commenter
    Lungo
    Date and time
    September 13, 2012, 12:18PM
    • Thanks Lugno, very detailed.

      How can we tell which type of chip/card we are using?

      Commenter
      noSCAN
      Date and time
      September 13, 2012, 2:18PM
    • @noSCAN I am not sure you can tell the difference by just observing the card. They looks the same. Only EMV terminal knows what type of the card it is after it reads certain data from the card particularly AIP (Application Information Profile) where the indicator is stored. Then POS terminal or ATM know how to continue working with that particular card i.e. whether to treat it as SDA or DDA card. Hope this clarifies.

      Commenter
      Lungo
      Date and time
      September 13, 2012, 2:59PM
    • Their research clearly states that this is an issue in the terminals that the so-called "secure" cards use. It is not really relevant what the card is if the weakness is in the protocol between the terminals and the banks that they connect to.

      The bottom-line is that these supposedly secure "Chip and PIN" cards are only as secure as the terminals that they are used in.

      Commenter
      DC
      Location
      Melbourne
      Date and time
      September 13, 2012, 3:24PM
  • @DC
    DDA cards are dynamically authenticated by the terminal during the EMV transaction, and the EMV specification mandates that the terminal detects the fraudulent / cloned card before the transaction flow reaches the point the researchers are talking about.

    After reading their full analysis in details I am suspicious that attempts to submit duplicate transaction certificates (skimmed in previous transaction) are likely, even with SDA cards and properly implemented bank authorization server software, but they are certainly possible if the bank authorization software is not made to detect duplicate transaction submissions..

    However their scenario doesn't cut in case when your bank provides you with DDA card

    Commenter
    Lungo
    Date and time
    September 13, 2012, 3:43PM
    • The problem is created by banks and merchants trying to save a penny. Banks use the lowest cost, and hence least secure, chip cards, in hope that crooks will not catch up with technology. Merchants also use the lowest cost terminals, or service providers using cheap terminals, again hoping that crooks cannot catch up with the technology. The only way to get banks and merchants to take consumers seriously is to switch back to using cash. Both banks and merchants would then face huge cash processing costs, which was the original reason why banks and merchants introduced cards. No one has explained to consumers how much savings banks and merchants have made because if known, consumers would insist that they get a discount for using cards.

      Commenter
      PK
      Location
      Sydney
      Date and time
      September 13, 2012, 4:18PM
      • The "Banks/Card Issuers" work on what benefits their bottom line and what they can spin. i.e. they know X technology can lower their costs BUT it's not perfect. So they do 2 things One try to deny claims of victims, Second they will pay out a % of claims to keep confidence in the system.

        They do this for 2 reasons one to limit payments to victims - the "Banks" bottom line. (Though usually it's the merchant who suffers - bank claws back money paid to merchant to pay card victim and the merchant has also 'lost' the goods supplied).

        Second "Banks" know if enough people lose confidence in the "Banking/card" system and people revert to cash they lose.

        Commenter
        BRMAGE
        Date and time
        September 14, 2012, 2:42AM
        • Yes this happened to me in Berlin used my card only a few times , the my card was denied . Didn't think much of it at the time , just used another card . When I returned home and checked my account it was emptied , even the guy I spoke toast my Norwegian bank said it looked suspicious . Yes 4 withdrawals between 5 and 6 am at different terminals and emptied it . The bank refused to pay saying it was used with a chip and pin and is impossible . I will send them this article and se what the bastards have to say.

          Commenter
          Aussie in Oslo
          Location
          Oslo
          Date and time
          September 14, 2012, 3:13AM
          • Check the pic: handwired and with conventional Surface Mount Devices (SMDs)?

            Got to be way thicker than my Visa credit card, and if it's handwired it won't be a mass-produced item.

            Looks like a prototype to me.

            Ian.

            Commenter
            Ian
            Location
            Harcourt
            Date and time
            September 14, 2012, 8:15AM
            • Lungo,

              The researchers in question are *the* experts in their field. They have published peer reviewed papers over a very long period that demonstrate that they know exactly what they are talking about. They know more than the banks that use this stuff and the firms that create this stuff.

              I think you'll find they know exactly the type of card in use, as they have made devices that can abuse and violate the EMV protocol *in* *the* *field* on production equipment in the High Street. That demonstrates a level of expertise that puts this research beyond doubt.

              Please review their academic research (it's all publicly available) before claiming they are not experts or that they didn't clarify the type of card in use. The main author, Professor Ross Anderson, is on twitter at @rossjanderson - please go ahead and ask your questions, he's a great guy and a respected info sec researcher.

              Andrew

              Commenter
              Andrew van der Stock
              Location
              Highton
              Date and time
              September 14, 2012, 11:46AM

              Make a comment

              You are logged in as [Logout]

              All information entered below may be published.

              Error: Please enter your screen name.

              Error: Your Screen Name must be less than 255 characters.

              Error: Your Location must be less than 255 characters.

              Error: Please enter your comment.

              Error: Your Message must be less than 300 words.

              Post to

              You need to have read and accepted the Conditions of Use.

              Thank you

              Your comment has been submitted for approval.

              Comments are moderated and are generally published if they are on-topic and not abusive.

              Advertisement
              Featured advertisers
              Advertisement