more RFID stupidity on the horizon

Wired has an article about the latest moronic RFID push: "Wave the Card for Instant Credit." It's moderately head-explodey, so I feel the need to pick it apart...

<LJ-CUT text=" --More--( 6%) ">

For more than a year, MasterCard and American Express have been testing "contactless" versions of their credit cards. The cards need only be held near a special reader for a sale to go through -- though the consumer can still get a receipt.

The card companies say the system is much faster and safer because the card never leaves a customer's hand.

"In some instances it's faster than cash," said Betsy Foran-Owens, a MasterCard vice president. "You're eliminating the fumble factor."

This must mean that these RFID credit cards would not require a signature either. It couldn't ever be "faster than cash" without that. It seems hard to imagine how dispensing with the signature step makes it "more secure", even given how seldom the kid behind the counter bothers to check it.

While old-fashioned credit cards store account information on a magnetic stripe that has to be swiped, the contactless cards keep their data on chips inside the plastic.

Oh, chips! That must be better!

American Express' ExpressPay uses a keychain fob, like the ones used by ExxonMobil Speedpass and similar to the tags in supermarket discount programs.

"I like that it's on your keychain and it's fast to use," said Kristie Beenau, 36, of Peoria, Ariz., who has used ExpressPay for about six months at a CVS Pharmacy and fastfood restaurants. "I charge everything anyways. Now I wave it rather than get my card out. It's more convenient."

I'm going to make a fortune by selling an invention that lets you punch a hole in a credit card so that you can wear it on your keychain. Then later I'll repurpose that invention to let you punch a hole in a $20 bill, so you can wear that on your keychain too!

The contactless cards have no battery or power. When they near a reader, they are jolted to life by the reader's electromagnetic waves. A small radio antenna in the cards instantly transmits account information to the reader. The transaction then proceeds through the credit card network just as if the card had been swiped.

In theory, the transaction could be intercepted without a consumer's knowledge by a technologically savvy thief intent on cloning a card. That's because RFID transmissions themselves are not encrypted.

However, the thief would have to get quite close to his target or have a very sensitive reader.

Thank god there's no chance that anyone will ever build a very sensitive reader, then. Or stand close. They'd have no incentive to that, surely.

Also, the account number on the contactless cards is useful only in the RFID system -- it's not the same as a user's credit card number. A crook would thus not be able to use the card number to go on a fraudulent Internet shopping spree, for example.

Oh, that's a relief, then. Because:

Credit cards that incorporate the technology could be used anywhere regular plastic is accepted, as long as stores install the new readers.

They'd only be able to go on a fraudulent shopping spree at any store that used the new card readers! Whew!

American Express makes the RFID reader verify the card's authenticity with a "challenge-response" exchange that depends on 128-bit encryption encoded on the chip. That strength of encryption is considered safe against "brute force" attacks, in which a hacker tries every possible combination.

MasterCard says it uses a different security system but would not provide specifics.

[...] Simson Garfinkel, another MIT researcher who follows RFID, said credit card companies ought to be using "smart" cards with public key cryptography, a very strong form of security.

I don't know what to make of this. It seems to be saying two things: "the cards use crypto in some way", and yet, "the cards do not use public key crypto." Also, from above, "RFID transmissions themselves are not encrypted."

If those statements are true, then I think this probably means something like, there is one master key that every card uses, that only needs to be cracked once. It seems to imply that there is not a key per card, or at least, not one that has anything to do with the transaction.

This is so obviously a step backwards for security that it's impossible to believe that the credit card companies don't realize this: they are very good at running the "fraud" numbers, and what they do is, pass those costs along to the vendors. Some of you may not know this, but stores make less money when you use credit cards, because they're contractually not allowed to charge more for credit card transactions, and yet, they have to pay a per-transaction fee.

And that fee gets higher the "riskier" the credit card companies perceive the transaction to be. For example, they charge more if you don't take a physical imprint of the card; they charge more if you don't have the new "card verification number" from the back; they charge more if the shipping and billing addresses don't match; and so on.

So I have to assume that they're going to totally shaft the vendors on this one: they're going to ship this amazingly insecure technology, and then pressure the vendors into both supporting it, and paying for it.

The RFID lobby is shaping up to be quite a juggernaut...

Tags: , , ,

64 Responses:

  1. curgoth says:

    "Security is hard! Let's go shopping!"

    On a related note, apparently Canadian banks are covering up debit card fraud, telling victims not to go to the police, fudging numbers, etc.

    Debit usage in Canada is apparently a lot heavier than in the US; people are more likely to use it as a cash substitute than a credit card when possible.

    In both places, the plastic provider wants to have thier toys take over for cash, so they can charge a transaction fee on every purchase anyone makes.

    • mendel says:

      Well, "debit card" means something slightly different up here, by my understanding -- they're issued by the bank, completely unassociated with credit-card companies, and immediately debit your bank account by the amount charged against it; the POS terminals work pretty much identically to tiny little bank machines, as far as the accounting is concerned. So, it is a cash substitute, and I don't think anyone up here associates debit cards with credit cards except that they're both magstripe cards.

      I think the US equivalent is "bank card", but I'm not sure.

      • kallisti says:

        The closest to a "debit" card in the States is a "Check Card". The money comes out of your account right away, but they use the credit card infrastructure. I guess the real problem here is that there is no infrastructure like the "Interac" network which connects all the Canadian Banks to each other.

        In many ways, the banks in the US are way behind Canadian banks,technology wise. Nowhere near as many stores and fast food places have "debit" terminals, and banks still use delayed batch processing for deposits...that is, if you deposit a check before, say 2 pm, it will be posted to your account after 2pm, and if you deposit after 2 pm, it doesn't go into your account until the next day. Most Canadian banks will put the money in your account right away! And it's a real pain in the posterior to deposit using a bank machine, as you need to have a normal bank deposit slip to put in the envelope with your deposit in the States, while in Canada, they just keep track of the information on the bank machine, or at worst, print a small printout to put in the envelope with your deposit. In Canada, many banks will credit you up to your withdrawl limit when you desposit in a bank machine, but put a hold on the rest of the check until they verify it the next day, when the full amount goes into your account. And in the States, lots of the bank machines use Windows, and thus were vulnerable to worms and virus's, unlike most Canadian bank machines which run OS/2.

        I must tell you, moving to the US has been a major downgrading in the bank service...I am going to see if the Royal Bank of Canada's Contura down here is any better. It would be nice to deal with a bank that isn't so backwards!


        • coldacid says:

          Here's yet another reason why I'll stay here in Canada. Banking is sooo much easier...

        • dzm6 says:

          That's all crazy. What kind of backwards bank do you use? You're making me think that Wells Fargo doesn't suck as bad as I thought.

          Nowhere near as many stores and fast food places have "debit" terminals

          Damn near every store, restaurant, and gas station I go into in the Bay Area has the ability to accept:

          1. Cash
          2. Credit Card/Che(ck|que) Card
          3. ATM transacation (the same as the Che(ck|que) Card, but not run through the credit card network)

          And it's a real pain in the posterior to deposit using a bank machine, as you need to have a normal bank deposit slip to put in the envelope with your deposit in the States, while in Canada, they just keep track of the information on the bank machine, or at worst, print a small printout to put in the envelope with your deposit.

          That just can't be right. In twenty years of making deposits through ATMs I've never been asked to do anything more than endorse the che(ck|que), hit the buttons, and slide the envelope into the gaping greedy maw of the machine.

          In Canada, many banks will credit you up to your withdrawl limit when you desposit in a bank machine, but put a hold on the rest of the check until they verify it the next day

          I've never needed to do this myself, but I had a friend in High School that used to do this all the time with his Bank of America account.

          • nymec says:

            I've had the same experience as you except my bank (Bank One) does allow immediate withdrawal on checks. When I make a deposit, I put the check in the envelope and that is usually it. There doesn't seem to be much point in filling out the form on the envelope as the ATM prints information on it (least sounds like it).

      • curgoth says:

        I'm Canadian, so that's the debit card I was talking about.

        The comparison I was going for was that, in both cases, the plastic company gets to charge the vendor for each transaction that uses the repsective bit of plastic.

        So, Canadian debit cards are like cash, expcet the banks get to add an extra "tax" into the mix.

        • grumpy_sysadmin says:

          Perhaps I'm ill-informed, but I have a check card with a Visa logo on it in the US. Any time I use it at POS, I tell them it's a debit card. This is partly because I think my typing in my PIN is better than their not bothering to check my signature (not that that helps me much if they palmed a magstripe reader across my card), but it's mostly because I've been led to believe that businesses get screwed less (or, "about the same as if I'd written a check") by my bank for the check card than they do by the VisaMasterDinersClubCard juggernaut for the credit card.

          Am I confused?

          Is it actually different in .ca?

          • dzm6 says:

            Am I confused?

            Nope. It costs a place of business more to do a CC transaction than it does to do an EFT (Electronic Funds Transfer) transaction.

            One report I've read states that a EFT/Debit transaction costs the store about $.09 per $100 of transaction, where a CC transaction (even a debit card charged through the CC network) costs about $1.50 per $100 of transaction.

            Some NPR stories about this can be had:

            from April '03
            from November '02
            from November '02 (followup)

            (Mozilla seems to not understand rtsp://, so you may need to Copy/Paste the URL into your favorite Real player).

            There's more NPR stories here.

          • curgoth says:

            The only real difference is that in .ca, your "debit card" is just your regular bank card that you use at your ATM. Since Canada's baking industry is more closely knit than the US banking industry, all the significant banks agreed on a single network (interac), so when I buy something, I just swipe my regualr ATM card, put in my regular ATM PIN, and the money comes out of my account. It's actually easier than getting cash from a bank machine, since most ATMs will charge a service fee if you use a rival bank's machine, but there's no extra cost to the customer for doing POS debit transactions, regardless of which bank's name is on the unit.

            The end result is basically the same, just the implementation is slightly different.

            • grumpy_sysadmin says:

              in .ca, your "debit card" is just your regular bank card that you use at your ATM.

              How is this different than in the US? My debit card is just my regular bank card that I use at the ATM. As it happens, it also has a Visa logo on it and can be used as a credit card where credit cards are accepted but debit cards are not (or, far more often for me, for online purchases). In all cases it results in a near immediate (maybe just, "same business day"; I don't check very closely) debit from my checking account for the amount of the purchase.

              but there's no extra cost to the customer for doing POS debit transactions, regardless of which bank's name is on the unit.

              I never see an added fee for doing POS debit transactions. Perhaps this is because I live on the east coast where all of those debit machines are "MAC machines"? (I have a MAC card through PNC Bank, which is based in Pittsburgh.)

              It was my impression that all of MAC, STAR, and whatever else is used in the US mostly interacted just fine at this point. I can see how having a single standard would be nice, but I don't think the US situation, at least in large urban areas, is any different now, though it may have taken longer to get there.

              • aitp says:

                Most ATM's that I see have approximately 2**18 ATM network logos on them. Even friends from France have no problem getting cash from a local ATM.

                My bank (a credit union, which kick ass, BTW) maintains a real-time monitor on cash in my account so it knows whether to authorize a transaction with my (also Visa-branded) check card, but the transaction usually doesn't actually post until (*double-checks*) two days later.

                I'm really not seeing this mythical Canadian plastic advantage yet....


                • curgoth says:

                  At this point, I suspect it comes from the situation being different 10 years ago, and the word of mouth not keeping up with reality; the "Canadian plastic advantage" has become a facet of our national identity , just like not having guns and eating poutine.

  2. rcr203 says:

    Now, if they coupled that with a biometric.. like you had to have your thumb on a spot on the credit card while it was being read, and it checked your thumbprint.. that I might be ok with.

    • wfaulk says:

      Why? If someone can capture that transaction, it doesn't matter whether there's a trigger that authenticates the authentication for the transaction or not. They can still play it back or use it to crack the encryption (depending on whether there's actually encryption or not) as much as if there wasn't a pre-trigger. You're only guarding against losing the card and calling the bank is a much more logical solution for that, since you're going to need to get it replaced anyway. After all, <paranoid>cash will no longer exist for you to use</paranoid>.

      • rcr203 says:

        True.. and your idea seems like the perfect solution.. use the biometric info as part of the key needed within the encryption.

        The whole idea that they aren't concerned about encryption is a cause for serious concern, regardless.

      • gfish says:

        Well, it would at least prevent me from getting a reader and walking around a mall with it in my backpack, stealing the CCN of everyone I pass. Of course, it would mean people would, gasp, have to fumble getting the card out. Since this whole thing seems targeted at the 'too incompetent to get twenties from the ATM' market, that's obviously unacceptable.

    • jwz says:

      Biometrics are every bit the snake-oil that RFID is.

      Biometrics are unique identifiers, but they are not secrets. They are analagous to your name: it can be used as an indicator, but pretty much anyone can find out what it is.

      A "key" is a secret. Everybody wants to use biometrics as keys, but that's not what they are. The point of a key is that it is revocable. If you lose the key to your house, you can get your locks changed. If you use a non-secret as a key, then anyone who knows that non-secret can open the door. And non-secrets are not easily revocable: it's a big hassle to change your name. Or your fingerprints.

      Also, bear in mind that in the real world, a biometric is not a "fingerprint", it's a sequence of ones and zeroes. A fingerprint scanner looks at your finger, takes a few dozen samples, and constructs a hash, which then turns into electrical impulses on a wire. You don't have to cut off someone's hand to fake that: you just have to tap and replay the wire. It's probably just USB.

      (Schneier on biometrics.)

      • rcr203 says:

        Very interesting stuff.. I hadn't thought about the fingerprint being translated into code that was then analyzed.. I was thinking too one-dimentional and not into the actual technology needed behind it.

        In any case, I still thought that some sort of encryption based on a personal key would be needed.. I wasn't thinking that the biometric (fingerprint) would be *used* as the key, but really as the key for the encryption.. the random number generator input to the encryption method.. like a pin code.

        Of course, to answer the revokation issue around that, the technology would have to have multiple methods of analyzing the fingerprint.. perhaps using hundreds of different schemes for picking ridges and valleys in different sequences. So a single fingerprint would actually have hundreds or thousands of key combinations/possibilities.

        At least I wouldn't have to remember ten thousand passwords, pin codes, auhorization codes.. they'd just travel around on my finger.

      • mackys says:

        I agree with you totally that biometrics are not secrets, and because of that they are not suitable for use by themselves as keys.

        That said, I think biometrics are VERY useful as one part of a multi-part security system. I think it was in Applied Crypto that Schneier divided security "keys" into three subgroups:

        - Something you know
        - Something you have
        - Something you are

        Conventional tumbler lock keys are "something you have." A secret password or passphrase is "something you know." And biometrics are obviously "something you are" - they identify you uniquely. (Well, replay attacks aside at least. And I agree those are a problem. But they're not a problem with the biometric itself, they're a problem with the physical security of the machine that reads the biometric.)

        Schneier said that for a really good security system you need to use more than one just one of the three kinds of keys. For instance, you need a SecureID Card (something you have) AND your conventional unix password (something you know) to log in to a UNIX machine that uses SecureID's security system. If you're missing either, you don't get to log in.

        I see biometrics as a kind of "something you have" that, while it can be copied, can't be lost. For that reason, I see biometrics in conjunction with "something you know" as a significant improvement on current security systems - and with almost no hit to convenience. (Or perhaps even an added benefit in that it's much more difficult to lose your eye or finger than it is to lose your keyring.)

        So, while I am opposed to biometric-only auth systems, I think that in the long run, when properly used as part of a multi-key security system, biometrics will be a big win for security in general.

        Of course, "properly used" is always the rub, isn't it...

      • aitp says:

        The goal is not to ensure that only you can use your majikal card-wavey thingamagiggy, it's to protect against two attacks:

        1. The acquisition of an attempted payment session in a situation in which no payment has been requested by the user. This is the "anti-guy-walking-down-the-street-with-a-high-power-reader" technology.
        2. The blind usage of transmitted RFID sessions during a replay attack. This is similar to CVV2 codes, they way they should have been; it is intended to ensure that the user actually has had physical access to the tag at some point, since even several "overheard" transactions do not a perfect copy make.

        No, this doesn't protect against anybody using your tag if they have physical access to it, but physical access is a pretty tall order for most thieves, who prefer to traffic in hundreds (at a minimum) of credit cards at a time, and is certainly better than a traditional credit card, which, once swiped, can be duplicated for no more than the cost of a Memorex tape.

        So, in other words, don't leave your tag out where the maid can find it, just as your don't leave a wallet stuffed with cash on your front doorstep. So long as you protect the tag like you'd protect travelers' cheques (replaceable money, but it's a hassle!), you'll be fine.


    • grumpy_sysadmin says:

      That'd be swell if fingerprints weren't easier to fake than the new $20US bill...

  3. lusercop says:

    What this article also doesn't say (quite aside from the security issues) is what's going to happen when you have more than one credit card in your wallet, I imagine that this must be true for a fair proportion of the credit card holding population.

  4. marm0t says:

    They seriously charge more when the shipping addx differs from the billing? So every time I buy a gift online using a credit card (dear internet hax0rs, i never actually do this, love, marm0t) and have it shipped directly to the recipient, I'm shafting the vendor?

    • waider says:

      That would be correct, yes. Vendors also get shafted in different ways depending on which card you use; for example, AmEx can take up to three months to pass any actual cash back to the vendor, for which reason I've encountered many places which refused to take AmEx.

      • marm0t says:

        I hate AmEx with the fire of a thousand suns. I once had a green card -- paid off, zero balance -- and an Optima card with a small running balance. For months, those idiots applied the payments I sent in for my Optima card balance to my zero-balance green card. They then had the balls to send me dunning letters and threaten me with a degraded credit rating because of "late" payments on the Optima. I had to kick it fairly high up the food chain to get it taken care of, and as soon as I got confirmation my accounts had been straightened out, I cancelled both cards and never looked back.


        • waider says:

          Ah, while you're talking about the hell that is AmEx - I had a green card courtesy of an employer, which I handed back and which they cancelled when I quit the job. Shortly thereafter I got an AmEx bill which included a £10 charge for card renewal. I called their customer service, pointed out that I no longer had the card, was told it was a mistake and would be cleared up.

          Four months later, after many calls to customer service, two calls to my employer to verify that they'd cancelled the card, and a bill for the outstanding £10 telling me that it had been marked for "special collection", I finally got acknowledgement that the card had been cancelled and that there were no outstanding charges.

          Special people.

          • jes5199 says:

            i used to be employed, as a contractor, for American Express.

            every aspect of their credit card service is that bad. even if you're a high-roller with a Platinum card, if a mistake happens, there is no one to talk to.
            If you try to call them, the policy is to transfer you from one wrong, useless department, to another, indefinately.

    • mhat says:


      You can even shaft the vendor by having a hotmail/yahoo email address or by using a big ISP like TimeWarner/AOL or a "known" public internet terminal. In most cases the vendor can simply not give this information to VISA. As you might have guessed not giving the information to VISA will also cause the vendor to be shafted!

  5. jamiemccarthy says:

    The strange thing is that the pitch for this, as I've seen it described, is that the card will now never have to leave the owner's hand.

    This is described as "safer," which it is not. Not for the owner. Presumably n% of credit card transactions in which the card is swiped by the checkout staff result in the card being accidentally left behind. This is a problem for the credit card companies because it means they have to cancel cards and eat charges. By federal law, the card owner assumes no risk in such a case. So the concept of a card that is less likely to be left sitting on the counter is safer for the *company*, not for the card owner.

    The next question is whether the card will be any different from existing cards, as far as having to "leave the owner's hand" or being "faster." I can't see how there will be any difference. For most things I buy nowadays, I swipe the card myself while the checkout is in progress. The only time the card leaves my hand is when I hand it to the checkout staff so they can type in the last 4 digits (and often the CVV2 number on the back), and to check my sample signature against the scrawl I make in person.

    If the new cards don't leave my hand, that means they are less secure because there will be no number check, no CVV2 check, and no signature check. Not to mention the other concerns raised (what if I have two such cards, what if my card got triggered by the guy ahead of me in line, etc.).

    If they do leave my hand, they have to go through just the same handover, confirm, handback process, and will take just as long. The only time saved will be the delta between the time it takes me to swipe a card and the time for an EM zap to be applied to my card -- and that time is already subsumed within the whole ringing-up-the-purchases time anyway, so the delta is zero!

    So, yeah, this is a big PR scam. At best its benefit to us card owners is zero. More likely, it would transfer risk from the credit card companies to us, and we get no benefit in exchange. Shove it up your stocking, Visa.

    • jes5199 says:

      where do you shop that checks the CVV2? i've never seen that happen.
      some clerks want to check to "see if the signatures match", which seems a little silly.

      • inoshiro says:

        Like one of the places I'm currently working. Our policy is to always verify the signature (that is, do not complete the transaction or hand back the credit card until the slip is signed & confirmed). In the event of the transaction being over 200$, or the signatures not matching, valid photo id is required to continue.

        If the number on the card must be punched in to the POS manually (IE: it won't read on the debit/cc/interac machine), then a physical impression is required.

        Some people get mighty bitchy when you do these checks, to which I always remind them that it's for their own safety. They don't really understand nor care most of the time.

        The best thing you can do is just write "SEE PHOTO ID" on your signature strip of your CC. Whenever you use your card, your photoID is verified -- if not, feel free to charge them back after signing your name as John Thompson ;)

        • jes5199 says:

          but are you trained to compare signatures?
          were you given a class on how to recognize forged sigs?

          • inoshiro says:

            I just use a nearest fit with the loops. If something is different (instead of on a different scale), I double check. It takes only a couple of seconds for people to produce additional id, and relatively few complain.

        • dbaker says:

          Some people get mighty bitchy when you do these checks, to which I always remind them that it's for their own safety. They don't really understand nor care most of the time.

          No, you don't understand which is perhaps the more likely reason why people get bitchy. It's not for their protection. It is for the protection of the vendors or the credit card company, depending on the situation. No modern cardholder agreement holds the consumer liable for any false charges.

          Yes, it's true that any costs associated are ultimately passed down the consumer. But, fundamentally and directly -- it's not for the consumers protection.

          The best thing you can do is just write "SEE PHOTO ID" on your signature strip of your CC. Whenever you use your card, your photoID is verified -- if not, feel free to charge them back after signing your name as John Thompson ;)

          Um, no. The card is not valid unless it is signed. This is part of the cardholder agreement. It invalidates a card to write "SEE PHOTO ID" on it. You can read more about this on VISA's web site.

          And there is no requirement that the signature on the receipt match the one on the back of the card although there's no reason why you can't compare them if you want.

          • lovingboth says:

            On my first trip to the US, it amused me greatly to see 'sorry, but your credit card has to be signed before we'll accept it' signs at Amtrak stations.

            Because in the two weeks, no-one else ever even looked at the back of our cards.

            • jlindquist says:

              The US Post Office also has that requirement, and I'm told it's explicitly in the DMM, which is as much holy writ to postal employees as the periodic maintenance manuals for their rifles...

              Otherwise, I've yet to run into a merchant who cared whether the card was unsigned or had "ASK FOR ID" written on the line as long as you have a photo ID to back it up.

  6. nickhalfasleep says:

    I'm going to sell a line of locking, faraday cage wallets

    • leolo says:

      A simple RFID frying device will be the tinfoil hat of the Naughties. If RFIDs take off, I hope to be able to fry all the ones entering my house.

      • flipzagging says:

        yeah, I have wanted the same thing.

        Even better: RFID-frying device that I can use surreptitiously, in public areas. I will liberate the masses despite themselves!!1!!!

  7. aaronsw says:

    It sounds to me like what's happening is:

    Reader: Cards? Any cards? Any cards?

    Card: I'm a card! My ID is cardID

    Reader: cardID, here's a random nonce

    Card: sha1(nonce + secretFunction(cardID)), cardID

    [Reader calls up the bank, and asks for secretFunction(cardID). Then it calculates the same thing and makes sure it matches what Card sent.]

    Reader: Sold!

    (SHA1 is a 128-bit hash.)

    I can't think of any obvious holes here.

    • mhat says:

      I don't think the cards are smart enough to perform any sort of crytographic operations. They're just dumb transmitters like a proxy card, right?

      • robot_overlord says:

        as far as i know, yes. they only power up when hit with enough juice and send out an ID.

      • aaronsw says:

        jwz's quotes it as saying the cards do 'a "challenge-response" exchange that depends on 128-bit encryption'

    • novalis says:

      SHA1 is a 160-bit hash. Anyway, there's a hole here -- that is, an evil reader could ask for secretFunction (randomId), and charge to that. A better way to do the authorization is to send the nonce and the output of the card up to the bank, which simply sends back a "yes" or "no". Even so, there's a risk of evil readers charging arbitrary amounts at arbitrary times (perhaps without you even noticing). In fact, readers ought to at the very least (a) be issued by the bank, (b) be tamper-evident, and (c) require a PIN.

    • jwm says:

      I expect they're using either a 128bit HMAC - therefore probably MD5 based, as SHA1 is 160bit - or a 128bit symetric key algorithm, probably tripleDES.

      Replace secret fucntion with a key on the chip, and set the card verifier up to just send the resulting reponse back to the
      credit card system to be checked, so you don't send the secret over the wire to the store, and you have a reasonable challenge -response system.

      The interesting security aspects are the particulars of the implementation, like how big is the secret? It should be a 128bit key generated by a cryptographically strong RNG at
      the card providers end. Where is the response examined? Doing it at the terminal by sending the secret over the wire is obviously dumb, as it gives the store a primo opportunity to steal secrets. How easy is it to get the secret out of a card, once programmed? This defines the window of time before
      a misplaced card can be duplicated.

      Of course, without a biometric or password, a stolen card is instantly usable by any thief. They really need to couple it with a photo and require you to wave the card in front of the check out, but obviously they seem to want to chase convenience over security.

      I wonder how quickly a card can be disabled if reported stolen. And how particular they are about who reports it.

  8. octal says:

    I'm doing some contracting in this area, and IMO the security is overall pretty decent. Most of the systems use either a challenge-response counter using a strong crypto hash, or PKC operations ("DDA"). See also EMV specs for contactless.

    And it's still more secure than magstripe.

    • mackys says:

      Credit card companies using wireless credit cards that can be read by people walking past you in the mall.


      Or Journalists who don't understand the proposed wireless credit card systems they're reporting on?

      I hope your version is a lot more accurate than the story Jamie posted. As explained by the story, wireless credit cards are just begging for millions of dollars a day worth of fraud.

    • jwz says:

      So these are actually smartcards, not RFID? My understanding was that RFID chips could not do computation, they could only spit back their serial number.

      What do you mean by "secure" in this case? What attacks does this mitigate? I see a bunch of attacks it enables.

      • naturalborn says:

        RFID chips have actual smarts in them, although they tend to be seriously underpowered. I'm a little hazy on whether they have the power to do a basic challenge-response, but I'd guess they can, since the amount of computation involved is quite small. No public key operations involved.

        Challenge/response pairs protect against an attacker reading the data on the RFID and then using it to purchase something later. However, it's still possible to man in the middle it by having a setup where your purchases wind up getting paid for by the person behind you in line. The feasibility of doing that I don't know, and one could of course set up a detector for such devices, resulting in an arms race...

        Just about anything which does an online verification will be better than a credit card number. The extra numbers on the back of the card are particularly humorous. Yeah, let's make the number longer...

        • jcurious says:

          So, are you saying that the cards have a table? How large of a table can it hold?

      • octal says:

        smartcards. actual crypto. challenge response, crypto functions, etc.

        there are some specs which use public-key crypto with 1024+ bit RSA keys.

        read EMV specs for an example of security info; they actually DO know what they're doing. I didn't think they did, but then I learned -- some parts are insecure because they're legacy, but as a whole, the system works, and the new crypto stuff is actually secure. stuff like ansi x9.24 handles symmetric key management fairly well using things like DUKPT.

        i'm not sure which things I do are under NDA, but I'll probably do a survey paper on a lot of this stuff soon once I can clear the various NDAs (most of the material received under NDA is ALSO public elsewhere, so I just need to find it)

      • unabomber says:

        There are two different types of RFID: passive and active. The passive tags are much cheaper and smaller, and are powered by the reader. They don't do anything more than return their serial number, like you said.

        There's also active RFID, which has its own internal battery, more guts to it, and a larger size and cost. They can store up to a meg of data internally, and are easier to read at a distance or with a lower power reader. The data in active RFID can be read and written by an external reader, or through attached electronics. So you can get crazy with the integration of active RFID and some other electronic device, like having your car write updates from its onboard diagnostics to the RFID's memory, which is then interrogated with a reader.


  9. chrislightfoot says:

    People use words like "secure" and "security" about credit cards without saying whose security is in question. Here there are three parties: the card issuer, the vendor, and the customer. The card issuer wants to increase their income from transaction fees, perhaps by making fraud harder; the vendor wants to decrease transaction fees and chargebacks, perhaps by making fraud harder; and the customer wants to make the chances they'll lose any money in this racket smaller, and perhaps make shopping more convenient.

    Ignore the card issuer and vendor. For the customer, the major protection from fraud is the refund guarantee offered by the card issuer, rather than any fancy cryptography or whatever. The fancy cryptography is there to protect the vendor and issuer -- hence the recent nonsense about replacing signatures with PINs. For the customer, the questions to ask are probably, "Will this make it easier or harder for fraud to take place against me?", and -- and more importantly -- "Will this make it easier or harder to prove fraud against me?"

    I don't know about the situation in the US, but in the UK the answer to the second question is not promising. In cases of fraudulent withdrawals from ATMs, banks have successfully argued that their computers are "infallible", and therefore that claims of fraud must be false. It's much harder to do this for a conventional cardholder-not-present transaction or one where a questionable signature has been given.

    To me, this RFID idea looks like it fails on the second question. I don't know if it will make fraud more common; that probably depends on how quickly the technology to spoof the things becomes available and whether this new transaction method makes any difference to the numbers of other types of transactions which take place. But it will probably make it harder for cardholders to recover their money when fraud takes place.

  10. structurefall says:

    my first thought is, if credit card companies charge vendors some enormous price for the lack of security, maybe the vendors just won't buy the new machines and won't take the transactions. of course, if the trends already in place hold, that may mean credit card companies -requiring- vendors to take them... ah, the stupid.

  11. baconmonkey says:

    it's funny, they talk about the time saved by such technology, as if the extra 3 seconds makes that much of a difference. "Every time I wave my Visa Credstick, it gives me 3 seconds more in my fast-paced high stress life to think about work and how I'm going to pay all my bills"

    and the keychain fobs? great, so now when you lose your keys, someone has access to your car, home, and credit. talk about identity theft.

    yesterday I was at an albertsons that had a 4-station self-checkout system. it has one human attendant who pushes the "it's all good" button every time the system goes batshit. I guess grocery store checkers are getting paid a lot, if it's worth it to the company to install a million dollar robot system to save the cost of paying 3 employees.

    • curgoth says:

      According to my admittedly Evil Corporate Bosses, the self-checkout things are necessary because "no one wants to work a check-out counter any more". The claim is that (in Canada at least) there's a shortage of human checkout droids.

  12. bitwise says:

    I love the idea of crap technology making its way into wide public use. Think of the fun projects that become possible:

    1. Build a man-in-the-middle device that pretends to be a valid card, while reaching out to other cards in the store and using their numbers instead.

    2. Build jammers that work on the same frequency, and carry them into The Gap. Watch the fun that ensues as all wireless transactions stop working. Extra points for building battery powered jammers and hiding them near the checkout area so you can happily take down an entire mall in an afternoon. For extra malicious fun only turn on the jammer when people of a chosen ethnicity or skin color are at the register. Watch the fun as the store manager tries to talk their way out of that one!

    3. Assuming RFID devices can be fried by some sort of narrowband EMP, try it in the bank, the post office (where shiny new cards are on their way to their new owners), movie theaters, houses of congress, meetings of credit card company executives... so much more effective than just bringing a bulk eraser to Blockbuster.

    4. If you're a sleazy retailer (or want to make people think your retailer is sleazy), just start charging people for merchandise they don't want. After all, you just need to get near them. Crooked store owners will sit around and laugh about the bad old days when you actually needed to see or swipe someone's card to rip them off. Oh, and make sure you actually take the merchandise, because you wouldn't want to mess up the store's inventory numbers, now, would you?

    • jwz says:

      I think there might be a position available for you in my Secret Organization.

    • unabomber says:

      I think these RFID-type payment devices will eventually morph into something more PDA-like when the cost of a cheap display comes down. This will be under the guise of having a display so you could see how much money is in your account or whatever, but inevitably, it would be used so when you walked near or in a store, you could get devastated by stupid popups telling you what jeans are on sale.

      I'm all for this, only because I think it would be high entertainment to broadcast my own "ads" to people as they walk around the mall...


  13. cheruborg says:

    OK, I disagree with you in general, I think RFID is going to be the bees knees, but I won't go into that in general. I did want to point out the usability value in the keychain thing, which you poked fun out of once directly and once indirectly.

    > I'm going to make a fortune by selling an invention that lets you punch a hole in a credit
    > card so that you can wear it on your keychain.

    Laugh if you will, but I, personally, like my speedpass and like having my video store, library, etc., cards on my keychain. I'd LOVE to carry my credit cards on my keychain, as long as they are small (e. g. little squares of plastic). It's a pain in the butt to have to dig out my wallet, pull the card out of the slot, etc. but my keys are usually quicker to find. That's not everything, though. Oh, and I know plenty of people who DO punch a hole in their ID card to carry on a keychain

    > They'd only be able to go on a fraudulent shopping spree at any store that used the new
    > card readers! Whew!

    Right, which would be every store rather quickly. More to the point, though, the person who stole my credit cards would also have the keys to my car and house. I point that out not to say thieves will be more likely to steal your keys... I just mean that your keychain ALREADY has a lot more direct value than any credit card, and you're not liable for more than - what, $50? on a credit card. You're more likely to keep solid tabs on your keychain, and it's easier to fasten to your body. I suspect fraud rates would stay the same or go down, anyway. Sure, they pass the cost of fraud to the retailer, but it still eats the credit card companies' profits.

    I'm more interested in how it's going to work when you have four credit cards on your keychain. When they say short range, and how a thief would have to get very close to register the transaction, they must mean SHORT RANGE, as in 2-3 cm, or else the reader would pick up all 4 of your cards and have to ask which you mean.

    It's coming, and it will catch on like crazy. The real enterprising person would start designing something like a keychain, but specifically for credit cards.

  14. zoe_bat says:

    no, no.... I never loose my car keys.

    RFI vendors are going to have more business than they can handle - Walmart is requiring to have their vendors go this way for products, etc. The chips are about 5 cents each and it's the credit card companies driving this.

    Go take a class and have some fun with this....

    and watch this industry

    and I know alien is avoiding anything that has privacy issues like people tracking. They may even avoid this, and strictly follow high volume consumer goods.

    my cousin cracks puzzles as a hobby so I SERIOUSLY DOUBT he would go for such a wimpy encyrption scheme.

    -Zoe, I am going to KILL my cousin for not taking his company public some day.