Secure PIN Management How to Issue and Change PINs Securely over the Web

  • 1,085 views
Uploaded on

With 25 years of security industry leadership, SafeNet provides card issuers with a solution that …

With 25 years of security industry leadership, SafeNet provides card issuers with a solution that
prevents disclosure of the PIN across the entire transaction, ensuring that the customer is the only person able to view their PIN online. SafeNet’s solution, ViewPIN+, allows PINs to be securely issued and managed over the Web, providing benefits
such as improved customer
service, cost savings, and peace
of mind to both the cardholder
and the card issuer.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,085
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
28
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Secure PIN ManagementHow to Issue and Change PINs Securelyover the WebwhiTepaperTable of ContentsExecutive Summary............................................................................................................. 2The Evolution of the PIN ...................................................................................................... 2Properties of a Robust PIN .................................................................................................. 3PIN Issuance ....................................................................................................................... 3Failures and Limitations of Traditional PIN Issuance ........................................................... 4SafeNet ViewPIN+: A Paradigm Shift for PIN Management .................................................. 5ViewPIN+ Security .............................................................................................................. 6ViewPIN+ Return on Investment .......................................................................................... 6ViewPIN+ Ease of Use ......................................................................................................... 6ViewPIN+ Ease of Deployment ............................................................................................ 6Conclusion .......................................................................................................................... 7About SafeNet..................................................................................................................... 7Secure PIN Management Whitepaper 1
  • 2. executive Summary Overview More and more credit and debit cards are being issued by banks, credit card companies, an With 25 years of security industry retailers, resulting in hundreds of thousands of PINs being sent through the mail daily to leadership, SafeNet provides customers worldwide. Security is at the core of all PIN-based transactions. While cardholders card issuers with a solution that must be cognizant of keeping their PIN secret, the matter of PIN privacy originates with the card prevents disclosure of the PIN issuer. The ability to securely deliver PINs to cardholders must be a priority of every card issuer across the entire transaction, and financial services provider. Sending PINs through traditional mail delivery is costly, time ensuring that the customer is consuming, and highly insecure. In short, it is inefficient for today’s digital, on-demand world the only person able to view their With 25 years of security industry leadership, SafeNet provides card issuers with a solution PIN online. SafeNet’s solution, that prevents disclosure of the PIN across the entire transaction, ensuring that the customer ViewPIN+, allows PINs to be is the only person able to view their PIN online. SafeNet’s solution, ViewPIN+, allows PINs to securely issued and managed be securely issued and managed over the Web, providing benefits such as improved customer over the Web, providing benefits service, cost savings, and peace of mind to both the cardholder and the card issuer. such as improved customer service, cost savings, and peace This white paper addresses the security challenges faced by card issuers, financial services of mind to both the cardholder providers, and telecom operators in relation to the management of Personal Identification and the card issuer. Numbers (PINs) used to authenticate cardholders and authorize credit card transactions, such as ATM withdrawals or retail purchases. Readers of this paper will learn how card issuers can simplify and secure the rocesses associated with PIN issuance and management, and how cardholders can be provided with a safe and convenient way to retrieve their PIN over the Internet. The evolution of the piN Historically, recognition-based identification worked in small, closely-knit communities. Once people started traveling, once migrant populations grew in numbers, once cities grew in size, visual recognition did not suffice. Over time, methods of personal identification have evolved from simple name and face recognition to today’s electronic-based techniques. Much of the impetus for this evolution has been the advancement of computer-based financial transactions. Invented more than 40 years ago, the Automated Teller Machine (ATM) has revolutionized access to personal financial accounts. [1] The account card and corresponding Personal Identification Number (PIN) came into existence at the same time as a means of authenticating the cardholder. Today, the PIN is still most commonly used with ATM and credit/ debit cards, but is gaining momentum with retailers who link their customers to membership accounts using a PIN card. Today, more than 20 percent of Currently, debit and credit cards rely on two-factor authentication—something you have (the the payment cards in the world card) and something you know (the PIN). Two-factor authentication provides the basis for nonrepudiation of transactions, which is essential to card-based commerce, particularly in anconform to a standard referred to online environment. For even stronger security, a third authentication factor—biometrics— as the EMV standard provides an enhanced level of authentication. Today, more than 20 percent of the payment cards in the world conform to a standard referred to as the EMV standard[2]. The EMV standard was devised by Europay, MasterCard and Visa in the 1990s as a means of reducing card fraud by replacing the magnetic stripe on a card with an embedded chip. The chip contains either encrypted or non-encrypted personal data of the cardholder to authenticate the user’s identity, including the PIN itself. As such, most chip cards now require the use of a PIN, instead of a signature to authenticate the cardholder making transactions with a debit or credit card. EMV also standardizes the use of a cryptogram to further enhance nonrepudiation of a transaction. This cryptogram relies on, among other things, successful PIN verification by the EMV chip on the card. [1] See http://news.bbc.co.uk/2/hi/business/6230194.stm for information on the origins of ATM and PIN. [2] Source : MasterCard International. Secure PIN Management Whitepaper 2
  • 3. Within a financial institution, a validated PIN and its associated card carry the same legal binding as a signature on a check. The PIN, as an equivalent to the signature, is an essential part of a bank’s fiduciary obligations in maintaining a cardholder’s account. Properties of a Robust PIN Secrecy is a fundamental tenet of a PIN. As having someone’s PIN goes a long way towards gaining access to that person’s financial resources, it is important to protect it and keep it confidential. This is why card issuers stress the following to their cardholders: • Do not disclose your PIN to anyone • Do not write your PIN down or carry it in written form anywhere. Traditionally, card issuers have While much responsibility to safeguard their PIN lies with the cardholder, another key factor sent the PIN to the cardholder of PIN privacy is the robustness of the security protecting the PIN. Robustness is the ability ofusing PIN mailers, which can be the PIN to remain secret even under attack. One way to enhance robustness is to use a random, machinegenerated PIN as opposed to a cardholder-selected PIN, since cardholders will typicallyintercepted en route, along with select a number that is personal and easy to remember and, therefore, easier for fraudsters tothe card, resulting in fraudulent crack. transactions on the account The PIN will always be a target because it is a valuable piece of information in a system that deals with financial assets. PIN Issuance Card issuers provide PINs to their cardholders as part of the overall card issuance process. The card itself is prepared and personalized to a given cardholder and, at that time, a PIN is assigned and linked to the card permanent account number (PAN). Traditionally, card issuers have sent the PIN to the cardholder using PIN mailers, which can be intercepted en route, along with the card, resulting in fraudulent transactions on the account[3]. Some card issuers prefer to issue cards and PINs in the local bank branch, where the cardholder will be asked to select a PIN either through a dedicated terminal or at an ATM. Problems occur here when fraudsters place overlays on ATM PIN pads to register cardholder key strokes, or switch out dedicated terminals with dummy terminals to gather the sensitive PIN and cardholder data, often unbeknownst to the ATM or terminal owners. Others perform PIN issuance through an Interactive Voice Response system that allows a computer to detect voice and touch tones through a phone call. Unfortunately, these systems cannot be secured in an effective manner. Chip-based cards have the PIN stored in a secure zone on the chip itself; however, at some point, the chip needs to be updated with the new PIN. In addition, some issuers use a PIN offset that is encoded on the magnetic stripe, which must be re-encoded each time the PIN changes. ATMs can accommodate PIN changes easily, while other technologies require the use of a PIN change script to update the PIN in the chip. Chip cards provide the ability to either unblock or change a PIN without having to visit a branch. This process uses scripting commands that are described in EMV standards. Statistics available from the U.K.’s implementation of Chip and PIN indicate that two percent of cards issued need the PIN to be unblocked on a yearly basis[4]. Up to now, banks and retailers have not found an easy way to deliver a secure PIN to their cardholders. Most card issuers have relied on paper-based PIN mailers, which create a delay between issuance and usability of the card, along with a significant risk factor. Other issuers allow customers to select their own PINs, which is costly to set up and often results in an insecure PIN selection. Let’s face it—today’s mode of delivering a PIN to the cardholder needs a paradigm shift. [3] Fraud statistic : TBC [4] Source : 2007 UK Chip and PIN Report, APACS Secure PIN Management Whitepaper 3
  • 4. For years, card issuers have benefited from the lucrative nature of a business that reshaped personal banking and account access, but the PIN itself seems lagging in the promise of instant access. Sending PINs through traditional mail is costly, time consuming, and more important, highly insecure. In today’s digital world, consumers have become accustomed to instant and secure delivery of financial services, be it shopping, banking, investing, etc. The Internet offers the prospect of secure PIN issuance and management, providing a wide range of benefits to both the cardholder and the card issuer. Failures and Limitations of Traditional piN issuance The traditional methods of PIN issuance, delivery, and management have been shown to fail in many ways. With issues of cost, time, and weak security of the current methods, it’s clear that there is an opportunity for innovative means of issuing PINs to cardholders. Every card issuer and financial service provider must focus squarely on providing secure delivery of PINs to cardholders. Here are a few examples of how current methods fail to deliver on this fundamental principle: • attacks on piN Mailers - PIN mailers are notoriously insecure. There are known technical issues with PIN mailers, as well as the fact that they are easy to intercept before they reach the cardholder, which remains one of the leading causes of loss in the payment card business. For example, tamper-evident laser-printed PIN mailers are used by many institutions to issue PINs and other secrets to individuals in a secure manner. These mailers are created by printing the PIN with a normal laser onto special stationery and with a special font. The background of the envelope and stationary disguises the PIN so that it cannot be read with the naked eye without tampering. Although a standard method of issuance, these tamper-evident, laser-printed PIN mailers are known to be vulnerable to attacks that reveal the PIN without tampering[5]; for instance, angled-light attacks, where the reflective properties of the toner and stationery are exploited to allow the naked eye to separate the PIN from the backing pattern. In fact, all laserprinted mailers examined so far have been shown to be insecure.[6] • Social engineering - PINs are prone to capture through social engineering, where people are The traditional methods of tricked or manipulated into divulging confidential data either through information gathering PIN issuance, delivery, and or computer access. As a result, PINs may need to be changed regularly, which presents management have been shown issuers with many significant challenges [7]. to fail in many ways. With issues Back End System Attacks - PINs have shown vulnerability to various attacks on the card of cost, time, and weak security payment systems. For example, according to an article on PIN cracking, new attacks directly of the current methods, it’s clear target the financial PIN processing API, and apply to network switches, as well as to verification that there is an opportunity for facilities. According to the research, ’the attacks are extremely severe allowing an attacker toinnovative means of issuing PINs expose customer PINs by executing only one or two API calls in order to expose a PIN. One of to cardholders. the attacks uses only the translate function, which is a required function in every switch. The other attacks abuse functions that are used to allow customers to select their PINs online. Some of the attacks can be applied on a switch even though the attacked functions require issuer’s keys which do not exist on a switch. This is particularly disturbing as it was widely believed that functions requiring issuer’s cryptographic keys cannot do any harm if the respective keys are unavailable’.[8] [5] Fraud statistic : TBC [6] Source : http://www.cl.cam.ac.uk/~mkb23/research/PIN-Mailer.pdf [7] Emily Finch, of the University of East Anglia, has researched criminals and how they adapt their fraud techniques to identity cards, especially the “chip and PIN” system that is currently being adapted in the UK. [8] Source : http://www.arx.com/documents/The_Unbearable_Lightness_of_PIN_Cracking.pdf Secure PIN Management Whitepaper 4
  • 5. • point-of-Sale attacks - Fraudsters gather PIN and cardholder information by tampering with PIN pad readers at the point-of-sale (POS) terminals. Recent criminal investigations have found fraudsters switching out POS terminals with dummy terminals right before stores close. They then go home that night and extract the cardholder and PIN information from the POS terminals. The next morning, they return to the store and replace the terminal once again, unbeknownst to the shop owner. • iVr attacks - Interactive voice response (IVR) systems are impossible to secure as they use public telecom networks and phones that cannot provide for end-to-end encryption of the message. With such a system, the PIN is always available in the clear during its transmission to the card issuer.SafeNet ViewpiN+: a paradigm Shift for piN ManagementSince card-based payment is convenient and effective, the industry strives to better secure thesystem to reduce fraud while maintaining its usability. SafeNet ViewPIN+ revolutionizes the PINissuance process by providing cardholders with a secure and easy way to quickly retrieve theirPIN over the Web. This fully automated solution saves card issuers millions of dollars each year,is safe, fast, and environmentally responsible. The level of security provided by ViewPIN+ farsurpasses that of paper-based PIN mailers or voice-based interactive systems, thereby reducingfraud and identity theft.ViewPIN+ introduces a competitive advantage by offering an enhanced customer experience ofinstantly issuing a new PIN over a secure Web session. With ViewPIN+ card issuers eliminateany delay between the time an account holder requests a new PIN and the time they receive it,thereby minimizing the opportunity for a customer to use a competitor’s card during the waitingprocess. Cardholder Card Issuer Datacenter DMZ Private Network Retail Banking Transaction System Authorization Web Server System Internet Firewall Firewall PIN Database SafeNet ViewPIN+ ATM, POS SafeNet ViewPIN+ PIN Agent Branch PIN AuthorityFigure 1: SafeNet ViewPIN+ DeploymentSecure PIN Management Whitepaper 5
  • 6. ViewpiN+ Security Traditional SSL-secured Web sites are not entirely secure because they require encrypted data to be decrypted at the Web server as part of the delivery process. SafeNet’s award-winning ViewPIN+ overcomes this critical vulnerability by providing an end-to-end encrypted transaction between the cardholder and the card issuer. First, ViewPIN+ provides increased security over current PIN issuance processes through the use of two-factor authentication of the cardholder. To obtain a PIN with ViewPIN+, the customer submits their online banking user ID and password, and the card PAN and CVV. In contrast, with a PIN mailer, anyone can intercept the card and the PIN mailer; all they need is access to a mailbox! With an IVR system, the PIN is transmitted in the clear over a public telecom network; yet another highly insecure environment. With ViewPIN+, the PIN is always encrypted using robust, proven encryption algorithms and robust keys. SafeNet’s award-winning To provide the highest level of security, ViewPIN+ FIPS 140-2 Level 3-validated hardware security ViewPIN+ overcomes critical modules (HSMs) combine an integrated secure application execution environment with key vulnerability by providing an management at the card issuer’s data center. All cryptographic keys and processes are stored and managed exclusively within HSM at all times, making compromise of the system virtually end-to-end encrypted impossible. In addition, code signing and verification maintain the integrity of the ViewPIN+ Java transaction between the application code, which is only executed within the confines of the HSM to prevent unauthorizedcardholder and the card issuer. application execution. To provide further protection against compromise, ViewPIN+ also maintains separation between the cardholder identity and the PIN. Security is further enhanced by the separation of PIN data management from system administration, keeping critical data hidden from administrators. In addition the ViewPIN+ server only deals with CVV2 and PIN data; therefore, the user is anonymous to the system, meaning any probing cannot associate a PIN to a card. ViewpiN+ return on investment ViewPIN+ reduces operational costs, increases revenue, and saves resources for card issuers. SafeNet’s first ViewPIN+ customer was U.K.-based Egg Banking, plc, a Citigroup company. With over 3.2 million customers, Egg is the world’s largest online-only bank and one of the U.K.’s leading online financial services providers. Using ViewPIN+, Egg eliminated paper-based PIN issuance, saving thousands of resource hours and upwards of $6 million annually. These savings will continue as new card customers come to Egg, or existing customers need new PINs or replacement cards. ViewpiN+ ease of Use ViewPIN+ provides both the cardholder and card issuer with a secure, reliable, convenient, and easy-to-use PIN access solution. Used not only for original PIN issuance, additional functionality allows for PIN reminders, changes, and reissuance, in the case of lost or forgotten PINs. For the cardholder, there is virtually no learning curve when interacting with the issuer’s Web site, resulting in drastically reduced support calls. ViewpiN+ ease of Deployment ViewPIN+ uses the card issuer’s existing Web site and user authentication system to facilitate the delivery of PINs across the Internet, or other communications network, to the customer. The ViewPIN+ application is delivered and runs on the SafeNet Luna SP HSM as a secure application, using standard Web security protocols that require no applets or browser plug-ins on the customer side. The browser requirements are simple, making ViewPIN+ available from any browser, including those on mobile devices. The issuer will need to integrate ViewPIN+ to its back end systems in order to retrieve the PIN or, if the option is offered to cardholders, to transmit a PIN change request and record the new PIN. Secure PIN Management Whitepaper 6
  • 7. ConclusionFor card issuers, retailers, and financial institutions, SafeNet has revolutionized the PINissuance process with its award-winning ViewPIN+, the only secure Web-based PIN issuanceand management solution on the market. ViewPIN+ delivers powerful security, cost-savingadvantages, and unprecedented customer satisfaction by eliminating expensive, vulnerable, andtime-consuming paper-based PIN mailers.Using a card issuer’s existing Web site and user authentication system, SafeNet’s ViewPIN+solution makes use of standard Web security protocols without any requirement for applets orbrowser plug-ins on the customer side. By leveraging existing authentication and processingsystems, no changes need to be made to the core architecture and, therefore, no potentialvulnerabilities can be introduced to these sensitive areas.The level of security provided by encryption far surpasses that of paper-based PIN mailers orvoicebased interactive systems, thereby reducing fraud and theft. With customers retrievingtheir own PINs, they feel more in control. They no longer worry as to when their PINs will arriveand no longer have to wait for days or weeks before they can use their card. ViewPIN+ has beenproven to save card issuers millions of dollars each year and provides a level of security that farsurpasses that of traditional PIN issuance and management,about SafeNetFounded in 1983, SafeNet is a global leader in information security. SafeNet protects itscustomers’ most valuable assets, including identities, transactions, communications, dataand software licensing, throughout the data lifecycle. More than 25,000 customers acrossboth commercial enterprises and government agencies and in over 100 countries trust theirinformation security needs to SafeNet.Contact Us: For all office locations and contact information, please visit www.safenet-inc.comFollow Us: www.safenet-inc.com/connected©2010 SafeNet, Inc. All rights reserved. SafeNet and SafeNet logo are registered trademarks of SafeNet.All other product names are trademarks of their respective owners. WP (EN)-11.23.10Secure PIN Management Whitepaper 7