EMV Operation and Attacks Tyler Moore CS7403, University of Tulsa Reading: Anderson Security Engineering, Ch. 5.2.4 (136—138), 10.3-10.4 (328—343) Papers.

Slides:



Advertisements
Similar presentations
WHAT IS EMV? A joint effort between Europay, MasterCard and Visa It is a security framework that defines the payment interaction at the physical, electrical,
Advertisements

Gareth Ellis Senior Solutions Consultant Session 5a Key and PIN Management.
HCE AND BLE UNIVERSITY TOMORROWS TRANSACTIONS LONDON, 20 TH MARCH 2014.
E-Commerce Payment Systems
CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Understanding Networked Applications: A First Course Chapter 14 by David G. Messerschmitt.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Harvesting High Value Foreign Currency Transactions from EMV Contactless Credit Cards without the PIN 21st ACM Conference on Computer and Communications.
© 2012 Presented by: Preparation For EMV Chip Technology Keith Swiat.
EMV chip and pin the business case. What is EMV? New Standard in “Chip Card” Technologies Replacing Magnetic Strip Cards New Standard in “Chip Card” Technologies.
Debit Card Plastic card that looks like a credit card
Cryptography and Network Security Chapter 17
Mar 11, 2003Mårten Trolin1 Previous lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Verified by Visa and MasterCard SecureCode – or, How Not to Design Authentication Steven Murdoch and Ross Anderson Cambridge.
CMSC 414 Computer (and Network) Security Lecture 24 Jonathan Katz.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
Chapter 8 Web Security.
An average pin. The chip.. Main function The chip and pin system is a safe way to make payment with a credit/debit card in the UK and Ireland.
Emerging Technologies
Security of Electronic Transactions (Theory and Practice) Jan Krhovják, Marek Kumpošt, Vašek Matyáš Faculty of Informatics Masaryk University, Brno.
EPS (Electronic payment system) is an online business process used for fund transfer using electronic means, i.e  Personal computers  services  Mobile.
Secure Electronic Transaction (SET)
EMV Panel: Part Two (Follow up to Last Year’s Panel) Joseph D. Tinucci, AAP, CTP Kim Smith-Gross, CTP Matt Davies, AAP, CTP, CPP 2015 ROCKY MOUNTAIN SUMMIT.
R U Ready? V M E EUROPAY MASTERCARD VISA EMVco was formed in 1999.
© 2014 CustomerXPs Software Pvt Ltd | | Confidential 1 Tentacles of Fraud #StarfishBanks CustomerXPs Software Private Limited.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Confidential – For Discussion & General Information Purposes Only EMV to Card Not Present Fraud Gavin Levin, CTP eReceivables Consultant.
DO NOW:  Take packet:  Review the bank statement on page 3 of the packet.  In your notebook: What items does a bank statement include?
Agenda EMV – What Is It? EMV In The UK EMV Is Coming To The US
1 Using EMV cards for Single Sign-On 26 th June st European PKI Workshop Andreas Pashalidis and Chris J. Mitchell.
Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks Authors: Saar Drimer and Steven J. Murdoch Presented in: Usenix Security Symposium.
Network Security Lecture 26 Presented by: Dr. Munam Ali Shah.
The next generation of payments is here. Is your business ready?
Getnationwide.com Let’s Talk about EMV Danielle Rourke.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
10. Key Management. Contents Key Management  Public-key distribution  Secret-key distribution via public-key cryptography.
1.Understand the shifts that are occurring with regard to online payments. 2.Discuss the players and processes involved in using credit cards online.
1 DCS 835 – Computer Networking and the Internet Digital Certificate and SSL (rev ) Team 1 Rasal Mowla (project leader) Alvaro Restrepo, Carlos.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Network Security Lecture 27 Presented by: Dr. Munam Ali Shah.
1 of 4 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.
Midsouth User Group Annual Conference
EMV: transforming the payment experience
Module 7 – SET SET predecessors iKP, STT, SEPP. iKP Developed by IBM Three parties are involved - Customer, Merchant, and Acquirer Uses public key cryptography,
EMV: What is it and how will it impact your business.
Fall 2006CS 395: Computer Security1 Key Management.
Credit Card Data Security
Confidential and Proprietary - NOT TO BE DISTRIBUTED WITHOUT THE EXPRESS WRITTEN PERMISSION OF BANK OF AMERICA MERCHANT SERVICES. ASTRA EMV Review/Best.
Online Decision Process
Page 1 of 17 M. Ufuk Caglayan, CmpE 476 Spring 2000, SSL and SET Notes, March 29, 2000 CmpE 476 Spring 2000 Notes on SSL and SET Dr. M. Ufuk Caglayan Department.
Mar 18, 2003Mårten Trolin1 Agenda Parts that need to be secured Card authentication Key management.
WHAT NEW, WHAT NEXT IN PAYMENT PROCESSING. EMV WHAT IS EMV? 3  An acronym created by Europay ®, MasterCard ® and Visa ®  The global standard for the.
Presented by David Cole
Presented by David Cole CVM Methods.  CVM Methods in the End-to-End Process  What is a CVM List?  Risk protection tool  Types of PIN processing 
Risk Policy Considerations.  Floor Limits  Fallback considerations  Domestic v International  Credit control (VSDC+) overview  Fraud reporting 
Terminal Risk Management
Transaction Flow end-end
Make This Document Your Own
U. S. Payments Landscape Perspective
Presentation transcript:

EMV Operation and Attacks Tyler Moore CS7403, University of Tulsa Reading: Anderson Security Engineering, Ch (136—138), (328—343) Papers on Course Schedule 1

Agenda EMV Design EMV Attacks EMV’s Context in Overall Payment Fraud 2

Mag-strip Payment Cards are Vulnerable ATM, credit cards embed key information in magnetic strip – PAN (primary account number) – Version Number – Expiration date Mag-strip cards can be easily copied – Anyone reading the mag-strip can copy its contents – Can also recreate if the PAN, expiry is observed Industry response: CVV (cardholder verification value) – 3-digit MAC on mag-strip contents, written on back 3

EMV EMV: Europay, Mastercard, VISA – Suite of protocols for smartcard-based payments – Huge variation in requirements across banks (VISA protocol specification is 3600 pages long) EMV’s goals – Use smartcards to reduce “card-present” fraud by preventing card counterfeiting and theft from loss – Be interoperable internationally Deployment began in Europe, recently hit US 4

EMV Transaction Security 1.Card Authentication – Validate card either online or offline 2.Cardholder Verification – Methods: offline PIN, online PIN, signature, none 3.Transaction authorization – Online: same as for mag-stripe cards, communication with issuer – Offline also permitted 5

Card Authentication Figure courtesy Steven Murdoch 6

Card Authentication Options 1.Static Default Authentication (SDA) – Default, cheapest option 2.Dynamic Default Authentication (DDA) – More expensive, now more common 3.Combined Data Authentication (CDA) 7

Static Data Authorization (SDA) Under SDA, the card information is signed once and reused across transactions – Card not capable of public-key crypto operations – Card is preloaded with signature by issuer {PAN, expiration, CA Issuer, Cert Issuer } – Card sends terminal issuer’s digital certificate, PAN and other mag-strip data, plus signature of data using card issuer’s private key (see above) – Terminal verifies the signature using issuer’s public key 8

Dynamic Data Authorization (DDA) SDA cards vulnerable to replay attacks DDA uses more expensive cards capable of public-key cryptography 1.When card inserted to terminal, the terminal sends a dynamically generated nonce N 2.Card signs the nonce {N} and sends to terminal 3.Terminal sends transaction data plus PIN encrypted using card’s public key 9

Cardholder Verification (Offline PIN) Figure courtesy Steven Murdoch 10

Cardholder Verification Methods: offline PIN, online PIN, signature, none Offline PIN – If PIN auth used, customer inputs at terminal, then sent in clear to card if SDA used – PIN checked by card, if OK card generates a MAC (called application data cryptogram) on transaction info, using key shared between card and issuer 11

Transaction Authorization Figure courtesy Steven Murdoch 12

Transaction Authorization Key used to compute application data cryptogram is shared between issuer and card – Thus, the terminal cannot validate the cryptogram – Only the issuing bank can validate the cryptogram – Thus, the terminal optionally checks online with issuer that cryptogram is OK 13

What Goes Wrong with EMV Under SDA, vulnerable to replay attacks – Anyone who obtains issuer signature of card data and replays the information can impersonate card – Attacker can read the signature off the card, write it to a new card and then use it for offline card authentication – Countermeasure: only permit online card authentication Furthermore, communications between terminal and card are sent in the clear – Therefore, keeping the communications between terminal and card secure is very important – EMV achieves this by making terminals tamper-resistant 14

Figure courtesy Steven Murdoch 15

Figure courtesy Steven Murdoch 16

Figure courtesy Steven Murdoch 17

Figure courtesy Steven Murdoch 18

What Goes Wrong with EMV Criminal gets everything necessary to make a magnetic stripe card – Card #, expiration date, CVV, PIN – Compromising a single terminal in a shop can enable fraudulent cash withdrawals from ATMs Countermeasures – Banks have stopped storing mag-strip data – Mag-strip fallback transactions are being phased out 19

What Goes Wrong With EMV Cards using DDA are still vulnerable to attacks – No link between the act of proving freshness (exchanging the nonce) and accepting the PIN – In other words, the card authentication step and cardholder verification step are disconnected, which an attacker can exploit (e.g., saying PIN has been verified when it hasn’t) Countermeasure: Combined Data Authentication (CDA) – Cardholder verification decision included in the card’s signature – Even CDA remains vulnerable to no-PIN attack (see “Chip and PIN is Broken” paper) 20

What Really Goes Wrong with EMV There is evidence that criminals have carried out attacks exploiting weaknesses in SDA, DDA, and other protocol flaws But EMV has shifted the fraud landscape to two main approaches – Exploiting mag-strip fallback – Shifting fraud away from more secure “card- present” transactions to “card-not-present” ones 21

The UK Case for EMV 22

Shift from Card-Present to CNP Fraud (UK Fraud Losses) 23

Counterfeit Cards Cashed Out Overseas 24

Externalities of EMV Adoption 25

Conclusion EMV improves card authentication over magnetic stripe technology Supports PIN-based cardholder authentication Many configurations, many weaknesses Shift in payment card fraud to jurisdictions with weaker security: card-not-present transactions and countries not adopting EMV 26

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.