Researchers in the United Kingdom say they’ve discovered mounting evidence that thieves have been quietly exploiting design flaws in a security system widely used in Europe to prevent credit and debit card fraud at cash machines and point-of-sale devices.
At issue is an anti-fraud system called EMV (short for Europay, MasterCard and Visa), more commonly known as “chip-and-PIN.” Most European banks have EMV-enabled cards, which include a secret algorithm embedded in a chip that encodes the card data, making it more difficult for fraudsters to clone the cards for use at EMV-compliant terminals. Chip-and-PIN is not yet widely supported in the United States, but the major card brands are pushing banks and ATM makers to support the technology within the next two to three years.
EMV standards call for cards to be authenticated to a payment terminal or ATM by computing several bits of information, including the charge or withdrawal amount, the date, and a so-called “unpredictable number”. But researchers from the computer laboratory at Cambridge University say they discovered that some payment terminals and ATMs rely on little more than simple counters, or incrementing numbers that are quite predictable.
“The current problem is that instead of having the random number generated by the bank, it’s generated by the merchant terminal,” said Ross Anderson, professor of security engineering at Cambridge, and an author of a paper being released this week titled, “Chip and Skim: Cloning EMV cards with the Pre-Play Attack.”
Anderson said that the failure to specify that merchant terminals should insist on truly *random* numbers, instead of merely non-repeating numbers — is at the crux of the problem.
“This leads to two potential failures: If the merchant terminal doesn’t a generate random number, you’re stuffed,” he said in an interview. “And the second is if there is some wicked interception device between the merchant terminal and the bank, such as malware on the merchant’s server, then you’re also stuffed.”
The “pre-play” aspect of the attack mentioned in the title of their paper refers to the ability to predict the unpredictable number, which theoretically allows an attacker to record everything from the card transaction and to play it back and impersonate the card in additional transactions at a future date and location.
Anderson and a team of other researchers at Cambridge launched their research more than nine months ago, when they first began hearing from European bank card users who said they’d been victimized by fraud — even though they had not shared their PIN with anyone. The victims’ banks refused to reimburse the losses, arguing that the EMV technology made the claimed fraud impossible. But the researchers suspected that fraudsters had discovered a method of predicting the supposedly unpredictable number implementation used by specific point-of-sale devices or ATMs models.