Contactless payment cards, which use embedded radio frequency identification technology to complete credit and debit transactions wirelessly, may offer more security than the traditional magnetic stripe card, but they’re not impervious to attack.
That’s not to say that strong countermeasures aren’t available in cards issued by the major credit card brands.
The key security elements in use today include methods of validating the card and reader as well as the use of triple DES encryption of message data and issuance of a dynamic card verification value (DCVV) that securely validates each transaction with a unique code.
Consider what happens when a transaction request is submitted for a MasterCard account using the card association’s PayPass-branded contactless card technology.
Before the wireless transaction is initiated, the contactless card interrogates the terminal to ensure that it’s a valid device. Then MasterCard International’s network identifies and validates the card based on information residing in the card’s on-board chip and validates the reader involved in the transaction as well.
The MasterCard network also keeps a tally of the total number of transactions processed by the customer’s contactless card to date and can compare that against similar data stored on the card’s chip.
“If someone steals your number and puts it on a magnetic stripe [card], the bank knows right away it’s a mismatch,” says Art Cransley, executive vice president and group executive in the advanced payments customer group at MasterCard.
Even if a fraudulent card could fool the network into thinking it was a valid card, the transaction request won’t be approved unless the contactless card returns the correct DCVV code.
That number is generated based on transaction information, the transaction counter and a random number, and it must match the number the MasterCard calculates on its end, Cransley says.
That number, and other data associated with the transaction, is then encrypted using a triple DES key that’s unique to the customer’s card before it is sent. “No one can type into a transaction and change it. No one can steal the information and create PayPass card,” he says. Other card brands use similar technologies, Cransley says.
That approach makes skimming — placing a reader next to a contactless card to pull the information off of it and create a duplicate — very difficult. Even if a rogue reader could trick the contactless payment card into thinking it was a valid device, “there’s not a lot that the eavesdropper can do with that information,” says Ken Warren, smart card business manager at Cryptography Research, a San Francisco IP licensing company focused on information security.
But John Pescatore, an analyst at Gartner Inc., questions whether all of the contactless cards out there have these security measures in place.
“If encryption is used, and used correctly, it can provide strong security. However, some early investigations [last year] showed that many of the [contactless] cards were issued without even enabling the encryption,” he says. And the back-end systems also must be protected. “As the TJX incident showed, if you don’t protect encryption keys, encryption is useless,” he says.
“Using contactless smart cards is pretty robust, provided you can’t extract the secrets from within the chips,” Warren says. But he thinks that a differential power analysis (DPA) could eventually do that. His company develops and licenses technologies that can be used as countermeasures to DPA and other types of attacks.
An attack known as simple power analysis (SPA) has been used in the past to compromise the PIN codes on ATM cards and other smart cards that don’t have countermeasures in place. In this scenario, a fake front on an ATM machine or card reader might be used to gather data from the card’s magnetic stripe while a transaction takes place.
The attacker attempts to guess the PIN code by monitoring the power levels as the system receives and authenticates the submitted PIN. Most contactless cards have countermeasures in place that render this approach ineffective.
While an SPA attempts to glean information gathered from one transaction, a DPA is more sophisticated and could be used against contactless payment cards.
“Anytime the chip or any device does something, it consumes power in some way,” Warren says. With a DPA, “you collect thousands of power traces and with statistical methods isolate small signals across thousands of transactions.” In this way, he says, the perpetrator can glean the encryption keys by measuring power patterns.
Differential power analysis, glitch attacks and other attacks require physical access to the contactless card or to the terminals reading the cards in order to intercept those power signals. Since a DPA requires thousands of passes against the same card to break it, the attacker almost certainly would need to have possession of a target card. “Those attacks are definitely harder, but people lose or misplace their cards all the time,” says Pescatore.
But the work involved would result in a limited payday. With most payment systems today, Warren says, “if you’ve broken one card, you’ve broken access to one card or account.”
Contactless cards have one other potential Achilles’ heel: The DCVV value isn’t truly random. “It’s random in that it doesn’t reveal the data structure, but it is deterministic,” says Warren.
“If the DCVV is at all predictable, bad guys will figure out how to predict it and use it for fraud. It definitely makes fraud harder, which is important, but it is definitely not a silver bullet,” says Pescatore.
“Clues as to how the algorithm works can be obtained from specifications,” Warren says. And a DPA attack could potentially leverage that weakness as well. “SPA or DPA can provide information to assist in reverse-engineering the program/algorithm flow. With such understanding and access to the keys, the attacker could generate valid codes,” he says.
But will would-be hackers do all of that work? As contactless cards come into wider use, Warren says more sophisticated attacks will evolve to the point where cloning may become possible. Cards will then require a higher level of security.
But that next generation of card security is already waiting in the form of Dynamic data authentication (DDA), a challenge/response system based on public key infrastructure. In this scheme, each card has a public/private key pair that it exchanges with the network.
“When you get into a dynamic data protocol, you can generate genuinely random challenges and responses,” Warren says.
The strength of this approach is that the challenge is unique for each session.
The card generates a unique verification signature code and the terminal determines that it is correct by combining that code with the public key.
But additional security will mean increased costs. Pescatore questions whether the industry will go as far as it needs to. “Since merchants often eat most of the cost of fraud, the card associations never seem motivated enough to make sure security is done right.” he says, adding that that attitude appears to be slowly changing.
Warren says current countermeasures, if fully implemented, are adequate for the threats presented today, and he thinks contactless cards that use those countermeasures are “far superior” to the magnetic stripe technology they replace.
The need for DDA, he says, isn’t here yet. “In principle, if you could copy tha