Payment systems. Tuomas Aura T-110.4206 Information security technology

Similar documents
Payment systems. Tuomas Aura T Information security technology. Aalto University, autumn 2012

Payment systems. Tuomas Aura CSE-C3400 Information security. Aalto University, autumn 2015

Securing Card-Not-Present Transactions through EMV Authentication. Matthew Carter and Brienne Douglas December 18, 2015

Electronic Payments Part 1

EMV: Integrated Circuit Card Specifications for Payment Systems

Chip and PIN is Broken a view to card payment infrastructure and security

Chip & PIN is definitely broken. Credit Card skimming and PIN harvesting in an EMV world

Cryptography: Authentication, Blind Signatures, and Digital Cash

A Guide to EMV. Version 1.0 May Copyright 2011 EMVCo, LLC. All rights reserved.

Formal analysis of EMV

Relay attacks on card payment: vulnerabilities and defences

Smart Cards for Payment Systems

Electronic Cash Payment Protocols and Systems

Credit Card Processing Overview

Chip & PIN is definitely broken v1.4. Credit Card skimming and PIN harvesting in an EMV world

M/Chip Functional Architecture for Debit and Credit

CardControl. Credit Card Processing 101. Overview. Contents

Security Failures in Smart Card Payment Systems: Tampering the Tamper-Proof

How To Protect A Smart Card From Being Hacked

DEBIT and CREDIT CARDS

Electronic Payments. EITN40 - Advanced Web Security

The Canadian Migration to EMV. Prepared By:

EMV FAQs. Contact us at: Visit us online: VancoPayments.com

EMV Acquiring at the ATM: Early Planning for Credit Unions

PayPass M/Chip Requirements. 10 April 2014

Formal models of bank cards for free

EMV: A to Z (Terms and Definitions)

Visa Recommended Practices for EMV Chip Implementation in the U.S.

Fundamentals of EMV. Guy Berg Senior Managing Consultant MasterCard Advisors

Acquirer Device Validation Toolkit (ADVT)

How Secure are Contactless Payment Systems?

Credit card: permits consumers to purchase items while deferring payment

Preparing for EMV chip card acceptance

EMV : Frequently Asked Questions for Merchants

ACQUIRER OR ACQUIRING BANK A financial institution (often a bank) where a merchant has an account to process transactions and card payments

EMV and Chip Cards Key Information On What This Is, How It Works and What It Means

Heartland Secure. By: Michael English. A Heartland Payment Systems White Paper Executive Director, Product Development

EMV and Restaurants What you need to know! November 19, 2014

CREDIT CARD PROCESSING GLOSSARY OF TERMS

Redwood Merchant Services. Merchant Processing Terminology

JCB Terminal Requirements

EMV EMV TABLE OF CONTENTS

Pima Federal Visa Credit Cards Frequently Asked Questions (FAQs)

EMV and Small Merchants:

Payment Methods. The cost of doing business. Michelle Powell - BASYS Processing, Inc.

Mitigating Fraud Risk Through Card Data Verification

Corbin Del Carlo Director, National Leader PCI Services. October 5, 2015

Payments Industry Glossary

DIAMOND NAIRA VISA DEBIT CARD. Your Bank

Guide to Data Field Encryption

EMV Frequently Asked Questions for Merchants May, 2014

Using EMV Cards to Protect E-commerce Transactions

Prevention Is Better Than Cure EMV and PCI

Overview of Contactless Payment Cards. Peter Fillmore. July 20, 2015

CONTACTLESS PAYMENTS. Joeri de Ruiter. University of Birmingham. (some slides borrowed from Tom Chothia)

Mobile and Contactless Payment Security

Chip & PIN notes on a dysfunctional security system

Guidelines for Card Issuance and Usage in Nigeria

welcome to liber8:payment

With the Target breach on everyone s mind, you may find these Customer Service Q & A s helpful.

EMV PAYMENT TERMINAL SYSTEM FUNCTIONAL DESCRIPTION 21 October 2011 / V 4.2

White Paper. EMV Key Management Explained

Banking in the United States of America

Guideline on Debit or Credit Cards Usage

Steps for staying PCI DSS compliant Visa Account Information Security Guide October 2009

Euronet s EMV Chip Solutions Superior Protection with Enhanced Security against Fraud

EFTPOS Merchant Facilities Quick Reference Guide

Read this first. Copyright

DEBIT/ATM CARD APPLICATION

EMV's Role in reducing Payment Risks: a Multi-Layered Approach

SMARTCARD FRAUD DETECTION USING SECURE ONETIME RANDOM MOBILE PASSWORD

Why Cryptosystems Fail. By Ahmed HajYasien

EMV and Restaurants: What you need to know. Mike English. October Executive Director, Product Development Heartland Payment Systems

What Issuers Need to Know Top 25 Questions on EMV Chip Cards and Personalization

Consumer FAQs. 1. Who is behind the BuySafe initiative? 2. Why should I use a PIN? 3. Do all transactions need a PIN?

Basic Banking. 2) Money that a bank allows you to borrow and pay back with interest

PayPass - M/Chip Requirements. 5 December 2011

Securing the Payments System. The facts about fraud prevention

Be*PINWISE Cardholder FAQs

Stronger(Security(and( Mobile'Payments'! Dramatically*Faster!and$ Cheaper'to'Implement"

Arab Bank Cards User Guide

Framework of e-commerce

Mobile Banking FEATURES & BENEFITS OF MOBILE BANKING

MasterCard PayPass. M/Chip, Acquirer Implementation Requirements. v.1-a4 6/06

Payments Transformation - EMV comes to the US

EMV (Chip-and-PIN) Protocol

PCI and EMV Compliance Checkup

How Smartcard Payment Systems Fail. Ross Anderson Cambridge

COLUMBIA CREDIT UNION ELECTRONIC FUNDS TRANSFERS AGREEMENT AND DISCLOSURE Business Accounts

Frequently Asked Questions (FAQ) on HSBC Chip Credit Cards

EMVCo Letter of Approval - Contact Terminal Level 2

TOP TRUMPS Comparisons of how to pay for goods and services online

Actorcard Prepaid Visa Card Terms & Conditions

Transcription:

Payment systems Tuomas Aura T-110.4206 Information security technology

Outline 1. Money transfer 2. Card payments 3. Anonymous payments 2

MONEY TRANSFER 3

Common payment systems Cash Electronic credit transfer Direct debit Check Credit card Cash transfer Mobile payment Anonymous payment Which are regulated? 4

Electronic credit transfer Also called bank transfer, wire transfer Payment process (e.g. UK CHAPS): Clearing: if the payment is between two banks, the sending bank sends the information to a central processor, which keeps track of payments Settlement: transfer of funds between the central-bank reserve accounts of the two banks at the end of the day for the balance of all transactions that day ( risk to central bank or receiving bank if a sending bank fails) Float: money between being debited from the sender s bank account and credited to the receiver s account banks gain interest on float payments take days even when technically unnecessary Finality varies for sender, banks and receiver Most electronic transfers immediately final to sender and bank, not receiver Direct debit in Finland final for sender; SEPA direct debit will be reversible Sender Sending bank Central processor Receiving bank Receiver Timeline Sender makes payment Clearing float Settlement between banks Funds available to receiver 5

Check [classhelper.org] Check payment: 1. Payer writes the check 2. Clearing: payee deposits the check, bank collects payment, paying bank inspect the check for authenticity and sufficient funds 3. Settlement: transfer of funds between banks Float: in some countries, funds are available soon after deposit, before clearing and settlement payee effective gets an interest-free loan Timeline Payer writes check Payee deposits check Funds available to payee float Clearing Settlement between banks 6

Credit card Credit card issuer takes a ~2-5% transaction fee from seller Buyer protection: issuer takes some of the risk Initial 30-60 days interest-free credit for buyer Kickbacks to some buyers Transaction final after 90 days more certainly than in bank transfer Timeline Credit card purchase interest-free Funds available to seller Buyer may pay balance Transaction final 7

Cash transfers Western Union, MoneyGram: money transfer for people without bank accounts Sender pays cash at one branch office; receiver gets the cash at another branch office Used mostly by migrants to send money to 3rd world countries Receiver must have id card or answer test question Example: NAME: MICHAEL SMITH ADDRESS: 144 EAST STREET LAGOS TEST QUESTION: WHAT IS THE DOGS NAME ANSWER: SPOT Hawala: informal network of agents system based on Islamic law or honor system Problems with money laundering legistlation 8

Issues with float Victim receives check or credit card details; ships goods before payment clears Timeline Scammer writes false check Victim deposits check Funds available to victim Victim ships goods Check found to be false or no funds reversed Victim receives a check; funds available before the check clears; victim makes an irreversible payment (e.g. refunds all or part of the money) Timeline Scammer writes false check Victim deposits check Funds available to victim Check found to be false or no funds reversed Victim returns (part of) the money Funds available to scammer 9

Issues with float Victim receives a reversible payment; victim makes an irreversible payment Timeline Criminal (e.g phisher) makes a money transfer Funds available to mule Mule asked to repay Mule makes payment Funds available to scammer 10

Mobile payment Replacing banks in countries where branch network sparse and carrying cash unsafe M-PESA in Kenya MTN Mobile Money in South Africa Implemented with SMS and SIM-Toolkit PIN and some kind of symmetric crypto Deposit and withdrawal at agent offices Money transfer and bill payment with phone SMS money transfer to unregistered users Anyone can just start using the service; some limits relaxed if strong authentication with id card Nokia Money in India App on phone, not bound to SIM 11

PayPal Depends on credit cards and banks accounts for deposit and withdrawal Payer and payee can remain pseudonymous Stronger traceability of verified accounts Links user to a bank account 12

CARD PAYMENT 13

Mag-stripe bank cards Magnetic stripe contains primary account number (PAN), name, expiration date, service code, PVKI, PVV, CVV1 Signature and (sometimes) id card required at point of sale (POS) PIN required by automated teller machines (ATM) and some POS PIN is a function of data on mag stripe and key in terminal offline PIN verification at POS or ATM Possible to copy data on the mag stripe CVV1 is a cryptographic MAC of the PAN, name, expiration and service code (based on 3DES) Offiline terminal has a security module to store the card and PIN verification keys CVV2 to make online fraud harder 3-4 digits printed on card but not on mag stripe Required for online (card not present) transactions Not stored by merchant after online verification Vulnerable to online phishing 15

Visa PIN verification Input from magnetic stripe: Primary account number (PAN) i.e. 15-digit card number PIN verification key indicator (PVKI, one digit 1..6) PIN verification value (PVV, 4 decimal characters) Verifier must have PIN verification key (PVK, 128-bit 3DES key) PVKI is an index for PVK to enable PVK changes Create security parameter (TSP): 1. Concatenate 11 rightmost digits of PAN, PVKI and PIN 2. The 16-digit concatenation is one hexadecimal DES block PVV generation: 1. 3DES encryption of TSP with the key PVK 2. Decimalization of the encryption result to 4-digit PVV Decimalization happens by taking the 4 leftmost digits 0..9 from the hexadecimal encrypted block If less than 4 such digits, take 4 first digits A..F and map A=0,B=1,C=3... [For details see IBM] 16

Chip-and-PIN bank cards EMV standard (Europay, Mastercard, Visa) Smartcard chip (ICC) on the bank card Tamperproof ICC stodes a cryptographic signature key Card also contains a certificate Three levels of secure tranactions: 1. Static data authentication (SDA): Certificate verification (not used in ATMs) 2. Dynamic data authentication (DDA): Card signs a random challenge sent by terminal 3. Combined DDA and application cryptogram (CDA): Card signs transaction details incl. random challenge Card holder authenticated with PIN or signature 17

EMV security issues Not possible to copy the chip Mag stripe can still be copied Possible to create a copy with broken chip or use at offline POS in the US Stripe data is also readable from the chip PIN used frequently easier to capture 18

ANONYMOUS PAYMENTS 19

Anonymous digital cash David Chaum 1982, later DigiCash product never really used but an influential idea Participants: bank, buyer Alice, merchant Bob Alice buyer 1. Bank issues coin Bank 2. Alice spends coin 3. Bob deposits coin Bob merchant Anonymous: Bank cannot link issued and deposited coins, not even with Bob s help Not transferable: must be deposited to bank after one use Uses blind signatures: bank signs coins without seeing their contents cannot link events of coin issuing and use 20

Anonymous digital cash Blind signature: Bank has an RSA signature key pair key (e,d,n) for signing 1 coins (and different keys for 10, 100,...) 1. Alice creates a coin from random serial number SN and redundant padding required for RSA signature; Alice generates a random number R, computes coin R e mod n, and sends this to the bank 2. Bank computes (coin R e ) d mod n = coin d R mod n and sends this to Alice 3. Alice divides with R to get the signed coin coin d mod n Bank has signed the coin without seeing it and cannot link the coin to Alice Alice can pay 1 to Bob by giving to coin to him Bob deposits coin to bank; bank checks signature and only accepts the same coin once Problem: Cheaters are anonymous; if someone pays the same coin to two merchants, how to know who it was? 21

Anonymous digital cash Double-spending detection: Alice must set SN = h( h(n) h(n xor Alice ) ) where N random After Alice has given the coin to Bob, Bob asks Alice to reveal one of h(n),n xor Alice or N,h(N xor Alice ) If Alice spends the coin twice, she reveals her name with 50% probability Make each 1 coin of k separately signed sub-coins detection probability p = 1-2 -k Coins will be quite large: k=128 with 2048-bit RSA signatures is 32kB/coin Q: But how to force Alice to create SN this way? How can bank check the contents of the message when she signs blindly? Cut and choose: Alice creates k pairs of sub-coins for signing Bank asks Alice to reveal N for one sub-coin in each pair and signs the other one cheating detection probability p = 1-2 -k Alice can make anonymous payments but will be caught with probability p = 1-2 -k if she tries to create an invalid coin or spend the same coin twice 22

Exercises What are the main threats in a) online card transactions? b) POS transactions? c) ATM cash withdrawals? What differences are there in the way credit cards and bank debit cards address these threats? Could you (technically) use bank cards a) as door keys? b) for strong identification of persons on the Internet? How could a malicious merchant perform a man-in-the-middle attack against chip-and-pin transactions? When a fraudulent bank transaction occurs, who will suffer the losses? Find out about the regulation and contractual rules on such liability. Bank security is largely based on anomaly detection and risk mitigation. In what ways could a bank reduce the risk of fraud in mag-stipe or chip-and- PIN payments? Even though DigiCash coins are unlinkable, what other ways are there in which the merchant, bank or both together can find out what Alice buys? 24

Related reading Ross Anderson: Security Engineering, 2nd ed., chapter 10 Interesting reading online: http://thescambaiter.com/ http://www.cl.cam.ac.uk/research/security/banki ng/ 25

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information