I'm having a surprising amount of trouble finding this information online: does the "chip" include some functionality (maybe called iCVV or dCVV) that allows it to individually "sign" transactions using internal secret keys, or does it not? This was my understanding of why the new system was supposed to be safer.
If the answer is yes, secret keys that never leave the chip are used to sign each transaction and the signature is verified by the bank, I'm not sure how these "shimmers" would be useful, since the secret key would presumably not be compromised and so the shimmer may obtain some data identifying the card and transaction but not the ability to sign new transactions. If the answer is no, none of this is happening, then I'm not sure what the point of the switch was in the first place.
Maybe the answer is something in between? Banks suck, so they've implemented chip cards in a half-assed way with gaping security holes?
The answer is yes, most chip cards can do public key cryptography to sign a transaction without compromising the secret key burned in.
Also, more frequently than I would wish banks or payment processors ask payment terminal operators for a "simpler", meaning less secure, transaction protocol. Most often it's for compatibility with some legacy system from the 80's somewhere in their payment validation backend.
From my experience in the industry, this happened very rarely in Europe but considerably more often in the Americas and Middle East.
It's not the cost of conversion, it's that the fraud just vanishes in the insane rents American credit card processors extract. In the EU, these fees are limited to 0.3% for CC and 0.2% for debit cards, so there is less margin to just keep paying the fraudsters instead of updating systems.
Notable the article is from Canada. Here in Canada virtually all retailers have been using chip+pin for a good number of years now. The same in the UK, where they have been using it for over 10 years. Retailers have to use chip+pin to avoid fraud liability.
In the USA, however, a lot of retailers were still using signatures up until a year or two. It seems to be only in the last year that retailers are starting to move to chip+pin. I think it is simply the large number of credit card terminals, and the cost of upgrading them all.
They are not moving to chip and pin, but chip and signature: very different.
Now, the internet being a bigger share of retail every year, chip and pin is not an improvement: what we need is 2FA across the board. You have my CC number? Great. Without my 2FA secret, you won't be able to charge me anyway.
This 2FA beats a pin, and would make payment fraud so much smaller, it'd become a minor thing, but good luck finding a bank in the US offering such feature for all charges.
>They are not moving to chip and pin, but chip and signature: very different.
No, that's not quite true. They are moving to chip+pin, but some card issuers are not currently issuing PINs. However the machines themselves fully support chip+pin (and I can confirm this, as most places in the USA now require me to enter a PIN for my card).
And even if you want a PIN for your card, the credit card company doesn't know how to give it to you. Last summer, before I went to a conference in Canada, I called all 3 of my credit cards's customer service departments trying to get a PIN (American Express, Discover, MasterCard), and none of them would issue a PIN for my chip'ed card. I don't think any of the CSRs even knew what I was talking about. One even told me that PIN's were "just for debit cards". Sigh.
Some European banks implement that second factor, although most commonly using an SMS or phone call.
Mine only does it when the transaction is large, or unusual. I get a call asking me to confirm the transaction. Maybe they ask some other information, I can't remember.
I've only had it happen for over-the-phone purchases, and when using a debit card to transfer about £5000 via TransferWise.
I haven't been to the USA for a while, and most other countries have a working (not new) Chip+PIN system, but I assume magstripe transactions would be considered higher risk too.
It's been easy for me - I call my bank ahead of time and tell them where I'll be going,the duration of my stay and my number while I'm there. They usually ask for a backup number just in case I'm not reachable.
Actually the major card companies set deadlines and have all now shifted the liability for swiped transactions onto the retailers. So it's up to them to get their systems updated if they want protection.
The only exception currently is for gas pumps, for which the liability shift has been extended until 2020.
This sounds like the attack presented at DEFCON 19 (in 2011!): https://www.defcon.org/images/defcon-19/dc-19-presentations/.... Basically, the chip used to contain all the information present on the magstripe, which made it easy to create a copy of the magstripe via the chip interface.
From the issuer side, the solution to remove this risk is simple (and I believe I was told it in an EMV implementation seminar 10 years ago):
If the incoming transaction lists that the terminal is chip&pin capable, so you'd simply automatically reject a magstripe transaction with a code that should result in POS showing "please insert card in the chip reader";
If the incoming transaction lists that the terminal is not chip&pin capable, the merchant has chosen to be liable for all fraud cases themselves, so it can't cause a loss for you and your customers. It is an inconvenience, but as all the fraud in the country concentrates on the (fewer and fewer) merchants accepting these transactions, it causes an increasing financial pressure on them to switch.
If you try to swipe a chip card then yes, the terminal will reject the swipe and tell you to insert the chip. If your chip fails three successive tries, the terminal will accept a mag swipe instead. I don't know if this is true everywhere but I have seen it in multiple retailers across the US. Point is, if attackers are cloning mag cards from chip data, those cards can still be used in chip terminals.
That can be true, but then the transaction is considered "fallback" and most issuer Banks that have any brains will be examining these very closely with their real time fraud systems. Some deny fallback outright, but I am not sure if this is within scheme rules, it may depend on the region.
They have to know for fraud investigation. I believe it's also why many companies can't upgrade: they need a new POS that can log the transaction as stripe, chip or NFC/Apple aPay
This is interesting. I would totally believe that with the information you can intercept passing between the chip and the reader, you could in some cases construct magnetic stripe data that would be recognized as valid.
It kinda seems like the magnetic stripe system should be completely separate from the chip system. Make it so that the card ID (or whatever) reported by the chip can never be used for swipe transactions, and vice-versa. Combining them just seems to cross-product-ify the attack surface, which is dumb.
In France it always has been 100% chip & pin, but if you have a hardware like this device between your card and the card reader, it can apparently intercept any signal, including the pin code.
I don't know how exactly the protocol and how they get the pin, but they get it according to this article. (would it be possible to implement a SSL-like protocol to avoid this type of MitM attack?)
An old school version of this would be installing a camera in top of your ATM and recording your card data with the stripe, which as you say would be the stripe's fault, but here they get the information and the pin simply from the shimmer, which looking at the picture shows only a chip connector.
Then a fraudster can duplicate the card exactly, and use the duplicate with the same pin at a random ATM across the world.
I think this is why banks can block your card if you didn't warn them about going abroad, as they're unable to tell if this is your card or a replica of your card used by a fraudster.
In a proper EMV solution, hardware like this can not intercept the PIN code even if it can interpret any signal, as the unencrypted PIN is not sent anywhere beyond the keypad - even if you do MITM on the wires between the keypad and POS terminal, you would get only an encrypted version that then gets sent to the bank for online verification or to the chip for offline verification. You can get the PIN code by cameras or extra keypad on top of the real keypad, as sometimes is done for ATM skimming.
Furthermore, they can't get the card private keys in this manner, so they can't duplicate the card chip, only its magstripe; and they are definitely able to tell if a replica of your card is suddenly used in a magstripe-only mode. This means that it's a problem, as the parent post said, "only for countries like USA which have not completed the move from magnetic readers" because otherwise you can simply reject any transactions that might use a cloned magstripe.
Defcon 24 vid about skimming EMV cards at ATMs and withdrawing cash from the skimmed account at a different remote ATM (cashout): https://m.youtube.com/watch?v=FgIk_oIK2SM
That being said, this doesn't allow to duplicate a card (it relays the fraudulent transaction in real time to the real card while it's stuck into compromised hardware), the PIN is captured from video or the "la-cara"device, and you do need to have the "extracting" device mounted to a real ATM for prolonged periods until you can empty it (you can do it only as fast as the real transactions come in, and they do so at unpredictable intervals), which gives a nice opportunity to capture the involved people. It's a very powerful proof of concept, but harder to scale than the current "cashout crews"/mules - the logistic problems are somewhat comparable to the classic approach of setting up a completely fake ATM.
Not all terminals in the States support chip functionality, so for the time being chip & pin cards here still have normal mag strips and can be run as older, regular cards - the mag strips can still be read/stolen & used.
IMO it's super dumb that we're going through the whole business of replacing card readers to get chip support but NOT getting pin requirements. I've had a few CCs stolen from my mailbox (apartment with a large shared mailbox with simple padlocks). The new chip-only doesn't protect against this at all. MasterCard SecureCode was also a step in the right direction IMO, but the adoption rate seems very low. Basically, I want to require a second factor for every purchase. There's no way to do that right now with US cards that I know of. Debit cards can do it in person, but the fraud liability is different from CCs, and I don't get the fat 3% back or help my credit score. The best option online seems to be PayPal, which again loses the CC benefits. Thus, I just accept the inconvenience of getting my CC stolen a few times per year, since I'm not liable for the fraud, but it makes me cringe how this is currently the best solution available because of how messed up the incentives in the payment industry are here.
Given that the transition from magstripe to chip-and-sign hasn't been so smooth (confusion among customers and cashiers for a few months), I can see why we haven't moved towards it yet. Merchants would be more nervous about additional lost sales because of customers not knowing what to do or not being used to having to memorize PINs for their credit cards.
PINs really only just deter someone from physically stealing your card and then using it, so until card theft becomes a problem, I don't think we're going to be moving to chip-and-PIN any time soon.
(On the bright side, Android/Apple Pay are generally good enough to function as chip-and-pin: it's as secure as a chip card, and don't allow thieves to use your cards unless they're either sophisticated enough to get past the fingerprint sensor, or they know your passcode. It's just a bit awkward to set up.)
My current bank considers a purchase using a PIN to be sufficient for automatic instant activation of the card. I was surprised given my previous bank required a phone call to confirm my identity. I guess the policy varies from bank to bank.
And it's unlikely that this will change anytime soon due to the lack on incentives on all sides.
Funny as it may be my debit card for some reason has a $500 (unmodifiable) limit on chip&pin purchases, but it has no such limit for swipe purchases. When I asked them how is that more secure, I got a verbal shoulder shrug.
Banks are in the business of underwriting. I believe at least on the corporate level they probably don't like the idea of fully secure, verifiable payments, because that would mean you don't need them anymore.
Banks are also in a business of storing your money, transferring your money, and borrowing you money. Note that "storing" here is actually "letting the bank invest the money". I don't think any of these activities are undermined by completely verifiable purchase transactions.
Can you explain what you mean by "unmodifiable"? I have a limit, but on the banks app and website I can lower it (and I keep it very low) in the hope that any issues I have would be limited by this. Is this not actually worth doing?
That's true, but the shimmers in question clearly have smart card pins. What you're describing is the traditional skimmer; a shimmer is not merely a thinner skimmer.
These devices read the data between the chip and the terminal. This would be fine, if payment processing consistently used iCVV/EMV, but it turns out they don't.
If the answer is yes, secret keys that never leave the chip are used to sign each transaction and the signature is verified by the bank, I'm not sure how these "shimmers" would be useful, since the secret key would presumably not be compromised and so the shimmer may obtain some data identifying the card and transaction but not the ability to sign new transactions. If the answer is no, none of this is happening, then I'm not sure what the point of the switch was in the first place.
Maybe the answer is something in between? Banks suck, so they've implemented chip cards in a half-assed way with gaping security holes?