EMVCo’s reply to vulnerability concerns

Posted on: April 14th, 2010 by level_admin No Comments

EMVCo has taken the highly unusual step of publishing a formal response to a recent Cambridge University report claiming that ‘Chip and PIN is broken’, but unsurprisingly have played down the impact of this potential flaw.

The specific case highlighted by the report was restricted to stolen cards. Once a card issuer is informed of a theft they can decline all further transactions and can also send an issuer script command that will block the chip application on the card and prevent any further use. Therefore thieves may have only a small time window in which to commit any fraud with the card and, as the issue uncovered by Cambridge University only related to the use of EMV offline PIN, it would not be possible for them to obtain cash with the stolen card because ATM transactions always use online PIN for cardholder verification. This means that, whilst in this case there may still be the potential for goods to be fraudulently obtained from merchants, it offers significantly higher risks and less potential return than many other types of card fraud, and so is unlikely to be a significant threat.

Whilst the EMV specifications do actually define sufficient data elements and functions to enable cards, terminals and online hosts to perform the necessary analysis to detect most fraudulent attacks, it is still down to individual card issuers to ensure that their cards and host networks implement all these features. Many have proactively taken a lead on this by introducing more complex (and expensive) processing chips on cards that can support data authentication and PIN encryption, and by improving their backend systems to perform additional checks on transaction data. Obviously, though, to retain the public’s trust in the security of EMV it needs all industry players to maintain the highest standards, and even a small-scale breach can undermine consumer confidence – particularly when “Chip and PIN” technology has been marketed to the public as being totally secure.

In fact, one of the biggest problems with EMV is its versatility. In order to meet the multitude of requirements for individual markets, card schemes and card issuers, the EMV specifications allow cards to be configured in many different ways including which features a card may support and the way in which they format and deliver data to a payment terminal. As well as adding significant complexity to the EMV Level 2 Kernels used in payment terminals, and the associated testing regimes, the flexibility of the EMV specifications also increases the probability of interoperability issues arising whereby a card or terminal has implemented a feature in an unusual or non-standard way that may only be exposed when a particular combination of card and terminal are used. However, as well as the potential for interoperability issues, this flexibility can also lead to implementations that are completely compliant with all the specifications but yet are configured in such a way as to provide the potential for criminals to fraudulently exploit certain loopholes, such as that described in the Cambridge University report.

The report also suggests that EMV needs to be redesigned but, whilst it is true many people in the industry would like to see certain parts of the EMV specifications thrown away or heavily modified, a sense of realism is needed – with millions of EMV-compliant cards and payment devices already deployed worldwide, that is certainly not practical in the short-term. However, it may still be useful for the industry to collectively take a considered look at which EMV features are actually needed or used, and gradually migrate to a more common subset of the specifications which still meets all the industry security requirements but also removes unused, over-complex or insecure parts of the processing logic currently required in EMV Level 2 Kernels and cards. That should both improve interoperability and reduce the potential for cards being configured in an unsecure way.