Interesting People mailing list archives
Contactless payments and the security challenges
From: David Farber <dave () farber net>
Date: Mon, 19 Sep 2005 11:57:41 -0400
Begin forwarded message: From: "R.A. Hettinga" <rah () shipwright com> Date: September 18, 2005 11:09:07 AM EDT To: cryptography () metzdowd com Subject: [Clips] Contactless payments and the security challenges --- begin forwarded text Delivered-To: clips () philodox com Date: Sun, 18 Sep 2005 10:39:58 -0400 To: Philodox Clips List <clips () philodox com> From: "R.A. Hettinga" <rah () shipwright com> Subject: [Clips] Contactless payments and the security challenges Reply-To: rah () philodox com Sender: clips-bounces () philodox com<http://www.nccmembership.co.uk/pooled/articles/BF_WEBART/view.asp? Q=BF_WEBART_171100>
Principia The Membership Organisation For IT Professionals A division of the National Computing Centre Contactless payments and the security challenges David Birch reports on the latest developments in contactless payment systems and reviews the associated security implications.The announcement of schemes such as MasterCard's Paypass, American Express ExpressPay and Visa's contactless initiatives is a sign that contactless smart cards are moving out of mass transit (e.g. London's Oyster card) and into the mass market. Indeed, Datamonitor have forecast that the market for these 'payment tokens' will grow at 47 per cent per annum over the next five years [1]. The international payment schemes' interest is obvious. At a time when it's hard to explain to a consumer why a contact smart card (such as the 'chip and PIN' payment cards being deployed around the world)
is better than a magnetic stripe card, payment tokens immediately differentiate themselves by offering a completely different (and significantly more convenient) consumer experience.Why? Because the token needs only to be waved close to the terminal. In many cases, it will work fine while still in a bag or briefcase providing it is close enough to the terminal. The distance depends on the type of device used; the type of 'proximity interface' chip being discussed in this
article will work up to a few centimetres from the terminals. With advances in chip and antenna technology, payment tokens now have almost identical functionality to contact smart cards, including highstrength cryptographic functions, and can even be in a 'dual interface' package sporting both contact and contactless interfaces. RFID technology, while new to consumer payments, has actually been out in the field for some time. Mass transit was one of the driving sectors. Operators in Hong Kong, London, Paris, Washington and Taipei, amongst others, already have millions
of tokens in place using the same technology and many other cities areplanning similar schemes. Their switch to RFID based tokens has three main
drivers: * Lower lifetime cost of ownership - for commercial use, the initial cost of RFID readers is already price comparable to motorised contact readers. The elimination of all moving parts, however,significantly improves reliability and operational reader life reducing the overall life cycle cost of ownership. The inherent vandal proof properties
are also ideal for unattended vending or payments, delivering overall improved system availability.* Faster transaction times - for historical reasons, and because of their origin in the mass transit sector (which needs high throughput at
gates), the interfaces to RFID chips are many times faster than the interfaces to chip contact smart cards.* Flexible form factors - as it operates remotely from the reader, the physical size and shape of the token is unimportant. Many tokens come in the traditional bank card form; others have been built into consumer
goods like Swatch watches, pagers or key fobs.So momentum is building, and even industry observers historically bullish about using tokens for payment (e.g. the author [2]) have been surprised by
the speed of deployment. The reason might be that while the rational reasons for choosing tokens for payments (e.g. speed, lifetime cost of ownership) are good, the irrational reason is even better; they're interesting, particularly because of the flexible form factor.Of the various forms factors noted above, two token-carrying devices seem to stand out; the key fob and the mobile phone. Whether you are waving your keys at a petrol pump before you fill up your car or in Burger King to pay
for your meal, using the bunch of keys you already have in your handinstead of getting out your wallet makes this a clear proposition. But we
all have our mobile phones with us all the time as well, and the phone (unlike the keys) can be used to manage the payment account in various ways, a synergy that is sure to be exploited. Nokia have said that they think payment tag technology is better thanBluetooth or Infra-red for mobile payments [3] and, in Japan, NTT DoCoMo and Sony have formed a joint venture (FeliCa Networks) to develop a version of the Sony FeliCa contactless chip for embedding into mobile phones and to operate the FeliCa platform for m-commerce [4]. For many consumers, this
will be the ultimate in convenience because the phone provides the communications link for managing the payment account as well as thephysical payment device. The dreams of the mobile payment community will
come true, but not in the way that they thought. Payment tokensSo how do payment tokens work to deliver the appropriate levels of both security and privacy? To answer this question, it's necessary to understand
how they work. In the general case, the payment token comprises amicroprocessor with hardware support for cryptographic operation and an RF
interface. There are various standards in this space, but the one most widely used for payment tokens at present is ISO/IEC 14443. In a typical retail environment the retailer's point-of-sale (POS) terminal and the payment token both contain a microprocessor; themicroprocessors communicate using a payment protocol (on top of the ISO
14443 protocol for basic data exchange).When it is time to pay, the customer brings their tag close to the POS
terminal. The terminal interrogates the card and gets back the serialnumber and a cryptogram (a one-time code calculated inside the token). It feeds these to the acquiring bank, which passes them back to the issuer.
From the serial number, the issuer knows which account to authorise and
from the cryptogram the issuer knows that the token is valid. The cryptogram is made up from the serial number and a transactioncounter, encrypted using the token security key. This key is inserted in the token during manufacturing; it is derived from the serial number and a
bank master key. Once in the token, it is never divulged. This kind of solution provides:* Privacy, because the token ID is meaningless to anyone other than the issuing bank which can map that ID to an actual account or card number;
* Security, because knowing the token ID is insufficient to create
a cloned token. Also, a cloned token would not generate a correct cryptogram because it would not have the right security key and if the transaction is replayed the transaction counter will be wrong.Please note that this is an example given for the purpose of discussion; it is not meant to represent any of the operational schemes discussed in this article. The security of this typical example scheme is not absolute. There is no cardholder verification (i.e. a signature or a PIN), but all transactions are authorised online, so a lost or stolen card can be blocked as soon as it is reported (although it has to be said that consumers will generally notice the loss or their keys or mobile phone pretty quickly). For this example scheme, it might be useful to add an online PIN only for
transactions above £20 or so. Next stepsRFID technology continues to evolve. Sony and Philips have been working on
the next generation of standards in this field, known as near-fieldcommunication (NFC). Using NFC, devices can operate in active or passive modes. In one case, where an active terminal communicates with a passive
token, the situation is just as noted above for RFID. However, when anactive device communicates with another active device, they can swap data
at a couple of hundred Kbits/s over distances of a few centimetres. NFC is targeted at the mass consumer market; it will be built intoconsumer devices of all kinds (e.g. video cameras, games consoles, hi-fi and so on) and will work without configuration or even consumer awareness. The idea is to make something that just connects when devices are in close proximity (or, to put it another way, the act of bringing devices together
is taken to be the consumer statement of intent to interact). One especially interesting way that NFC might be used is to triggercommunications over other wireless channels by taking care of initial set
up and parameter exchange. You can imagine how useful this might be inpractice; put your DVD player next to your TV and they say hello to each other using NFC and then trigger a WiMax link to carry video from the DVD
player to the TV. Goodbye cables and goodbye hassle; NFC seems to be a genuine attempt to get rid of wires once and for all.With the first trials of NFC devices expected later in the year, Sony, Nokia and Philips have now formed the NFC Forum to develop and promote the
technology. Why Nokia? Well, one of the most interesting category ofdevices capable of carrying an NFC chip (known as Personal Carrier Devices,
or PCDs in the jargon) that could operate in passive or active (i.e.requiring power) mode are mobile phones [5]. The introduction of active NFC in the handset accelerates the possibilities for new services well beyond
the passive RFID payment token examples discussed above.To see this, imagine that your mobile phone has an NFC interface. When
your phone is switched off or the battery is dead, it functions as apassive RFID carrier and can be used for all of the applications commonly discussed in this context; it could act as a door key, a membership card or, indeed, a standard payment token. When the phone is switched on and the
NFC interface is powered, it can communicate with other passive RFIDtokens. So, you might use the phone to trigger WiFi access in a café, or to act as a merchant point-of-sale (POS) terminal to accept other peoples'
payment tokens.Given this trend, one of the most interesting medium term developments in the world of retail electronic payments will the combination of RFID/NFC
technologies and the ubiquitous mobile phones [6]. The addition of thetoken to the handset - whether as an integrated component as DoCoMo and EDY in Japan, or as a clip-on cover as in the Paypass trial in Dallas, or as a sticker that the consumer chooses to stick on to the phone as with Dexit in Canada - creates a new kind of 'active' (because it has a communications channel) payment device. The combination of the local RFID/NFC wireless interface with the GSM/GPRS/3G connectivity will undoubtedly transform the
retail electronic payments landscape for everyone [7]. The author David Birch is a director of Consult Hyperion, an IT management consultancy that specialises in electronic transactions. (ITadviser, Issue 38, July/August 2005) References1. Contactless Cards 'Meet Industry's Needs' in American Banker. (24th Jan.
2003). 2. Birch, D. Contactless Cash in Reach. p. 72-73 (Spring 2003).3. Why Nokia gives contactless the nod over Infrared and Bluetooth in Card
Technology. p. 34-35 (Jan. 2004).4. NTT DoCoMo and Sony Team Up on M-Commerce in Card Technology. 8 (14): p.
6-8 (Dec. 2003).5. Birch, D. NFC and Mobile in proc. of Contactless Cards, SMi (London:
Jun. 2004). 6. Birch, D. Chips That Chat in proc. of Wireless World, Digital World Research Centre (University of Surrey: Jul. 2004).7. Birch, D. Retail Electronic Payments Security: Trends and Implications
for Mobile in proc. of Mobile Payments, Informa (Brussels: Mar. 2005). Categories: Special Feature, IT adviser, Business and IT -- ----------------- R. A. Hettinga <mailto: rah () ibuc com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips () philodox com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga <mailto: rah () ibuc com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing ListUnsubscribe by sending "unsubscribe cryptography" to majordomo () metzdowd com
------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- Contactless payments and the security challenges David Farber (Sep 19)
- <Possible follow-ups>
- Contactless payments and the security challenges David Farber (Sep 19)