• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Cracking Chip & PIN

Cracking Chip & PIN



Chris Jarman, one of the original technical architects of the Chip & Pin scheme, explains its development and how various hacks have been attempted.

Chris Jarman, one of the original technical architects of the Chip & Pin scheme, explains its development and how various hacks have been attempted.



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Cracking Chip & PIN Cracking Chip & PIN Presentation Transcript

    • Risk Management
      First lesson of Banking – no Risk, no Profit.
      Financial Security models are always a balance.
      No System is Secure but it can be judged Secure Enough.
      Bankers have been evaluating risk and profit since the days of barter.
      No Security model exists in isolation.
      Chip & PIN builds on a considerable existing security framework
    • Business Objectives
      Driven by simple commercial proposition
      Augmented by reputational elements
      Incorporate behavioural evolution
      Needs to account for and predict technology.
      Needs to be viable for all parties.
      Subject to review and planned to continuously evolve.
    • Crypto
      Basis of Trust
      RSA Public Key Scheme
      Static Data Authentication
      Dynamic Data Authentication
      Triple (Double Length) DES
      Online mutual Authentication
      What you have: Token
      What you know: Crypto engine / Keys / PIN
    • Attack Scenarios
      Forced attack / threat e.g. Theft
      Card not present / non PIN verified e.g. Internet
      Mobile Commerce
      International e.g. Fallback
    • Attack Scenarios
      Hard Attack of Crypto – RSA or 3*DES
      Exploit Procedural Elements e.g. Relay
      Transaction flow logistics e.g. Terminal Minder
      Disintermediate parties e.g. Wedge
      Technology Element e.g. Differential Power Analysis
    • Investment / Reward
      800 Million cards and growing.
      Fraud is a commercial business.
      Cost / Benefit model based.
      Requires significant resource dedication.
      Limited skill set availability.
      Requires greater resource to exploit.
      Active detection methods can rapidly terminate activity.
    • Chip & PIN Today
      Overall scheme security remains intact and strong
      Hard card attack scenarios provide poor business case
      Soft card attack scenarios exploit interfaces and provide little business case
      Largest exposure remains non-chip usage
      New channels building in support to leverage chip and PIN – e.g. HomePay reader at home
      Still fit for purpose !!
    • Chip & PIN @ Home
      • Secure e-commerce payments with Chip & PIN
      • Remote authentication to remote services such as home banking
      • P2P, B2B, and G2P payment processing