that can be pretty secure, but which
can also be pretty awful. There is good
news, and bad news. The good news is
that EMV systems have been deployed
in Europe for 11 years now, and there
is a lot of experience to build on. Almost everything that could go wrong,
has gone wrong: several protocol flaws
that allowed attacks nobody had anticipated; tamper-resistance that did
not work; certification schemes that
turned out to be a sham; and evidence-collection systems that were not fit for
purpose. These should not just be academic case studies for security engineering classes, but should be studied
by engineers who want to build robust
The bad news is that the interests
of banks, merchants, vendors, cardholders, and regulators diverge in significant ways. In Europe, many failures
were due to banks dumping liability on
merchants and cardholders, who were
in no position to defend themselves.
In the U.S., the dynamic is different
and more complex, with the main fight
being over the interchange fees the
merchants pay the banks for processing their transactions. These fees are
an order of magnitude greater than
the fraud is, so we may find that the
security of the system will be a side effect of the project rather than its main
goal. The details may be fought over for
years to come in the courts and by lobbyists in Washington, D.C.
1. Bond, M., Choudary, O., Murdoch, S.J., Skorobogatov,
S., and Anderson, R. Chip and skim: Cloning EMV cards
with the pre-play attack. In Proceedings of the IEEE
Symposium on Security and Privacy (San Jose, CA,
May 18–21, 2014).
2. Drimer, S. and Murdoch, S.J. Keep your enemies close:
Distance bounding against smartcard relay attacks.
In Proceedings of the USENIX Security Symposium
(Boston, MA, Aug. 6–10, 2007).
3. Drimer, S., Murdoch, S.J., and Anderson, R. Thinking
inside the box: System-level failures of tamper
proofing. In Proceedings of the IEEE Symposium on
Security and Privacy (Oakland, CA, May 18–21, 2008).
4. Murdoch, S.J. and Anderson, R. Security protocols
and evidence: Where many payment systems fail.
In Proceedings of Financial Cryptography and Data
Security (Barbados, Mar. 3–7, 2014).
5. Murdoch, S.J., Drimer, S., Anderson, R., and Bond, M.
Chip and PIN is broken. In Proceedings of the IEEE
Symposium on Security and Privacy (Oakland, CA, May
Ross Anderson ( Ross.Anderson@cl.cam.ac.uk) is
Professor of Security Engineering at the Computer
Laboratory, University of Cambridge, U.K.
Steven J. Murdoch (Steven. Murdoch@cl.cam.ac.uk) is a
Royal Society University Research Fellow at the Computer
Laboratory, University of Cambridge, U.K.
Copyright held by Authors.
in banks. When disputes arose with
magnetic-strip cards, the consumer
typically got the benefit of the doubt as
these were widely known to be forgeable. EMV systems, on the other hand,
create large amounts of log data that
appear to be impressive but are often
not understood, and can sometimes be
the result of forgery by merchants (as
in the Turkish case) or by malware on
merchant terminals (as in the recent
Target case, which would likely have
been unaffected by the move to EMV).
Also, the move from signature to PIN
verification shifted dispute resolution
in the banks’ favor. Any forged signature will likely be shown to be a forgery
by later expert examination. In contrast, if the correct PIN was entered the
fraud victim is left in the impossible
position of having to prove that he did
not negligently disclose it.
The main lesson to be learned from
these experiences is that the collection, analysis, and presentation of
evidence is a function that needs to be
specified, tested, and debugged like
any other. Simply dumping many pages of printout on a court and leaving it
to an expert to pore through the digits,
comparing them with EMV manuals,
is not a robust way to do things; often
the necessary evidence is not even retained. The forensic procedures also
need to be open and transparent to
stand up in court, and their governance needs to be improved; this problem cannot just be left to a disparate
vendor community. 4 Here, some guidance from the Fed would be welcome.
The EMV protocol is not a rigid way of
doing card payments so much as a tool-kit with which banks can build systems
The bad news is that
the interests of banks,
in significant ways.
27 November and
28 November 2014
ECSE_RevisedAd.indd 1 5/1/14 1:00PM
Have a question
212 • 626 • 0686