Successfully reported this slideshow.
NEW SCIENCETransaction SecurityJOURNALul.com/newscience
NEW CHALLENGESCALL FOR NEW SCIENCEProgress is an unstoppable, transformative force. New technologies,product advances and ...
Transaction SecurityOVERVIEWUL Transaction Security is advancing into new and important areas tobetter enable safe, effici...
Vulnerability analysis      BRAND test tool       smartwave box        tsm test suite
contextThe direct costs associated with global consumer hacking are calculated at $110 billionover the past 12 months.1 It...
To effectively attack sensitive application security, it is necessary to take intoconsideration the fact that the code is ...
Vulnerability analysis      Brand test tool      smartwave box        tsm test suite
contextConsumers expect their credit or debit cards to work wherever they are and wheneverthey need them: in stores and re...
Vulnerability analysiS      BRAND test tool      smartwave box        tsm test suite
contextContactless smart chip technology is rapidly coming into use globally in a wide rangeof applications. This includes...
Vulnerability analysis      Brand test tool      smartwave box        tsm test suite
contextWith the advent of mobile payments, consumers are using smart phones as virtualpayment cards. It is imperative that...
sources1   “2012 Norton Study: Consumer Cybercrime Estimated at $110 Billion Annually,” Press Release, 5 Sept. 2012,    We...
NEW CHALLENGES. NEW RISKS. NEW SCIENCE.WANT TO LEARN MORE? Download THE OTHER JOURNALSIN OUR NEW SCIENCE SERIES at UL.com/...
Upcoming SlideShare
Loading in …5
×

New Science Transaction Security Journal

308 views

Published on

Technology is transforming transactions — offering greater ease, speed and mobility — but also creating potential security risks. New Science is working to safeguard innovation and protect transactions.

Inside this journal:
Brand Test Tool, Smart Wave Box, TSM Test Suite, Vulnerability Analysis

About New Science Journals:
This journal is part of New Science, dedicated to showcasing how UL is advancing and innovating safety in our fast changing world through the demonstration of fundamental discovery, testing methodologies and equipment, procedures, software and standards.


Inside this journal:
Air Quality Databases, Paint and VOCs, Semi-VOCs, Environmental Chamber To Go

About New Science Journals:
This journal is part of New Science, dedicated to showcasing how UL is advancing and innovating safety in our fast changing world through the demonstration of fundamental discovery, testing methodologies and equipment, procedures, software and standards.

  • Be the first to comment

  • Be the first to like this

New Science Transaction Security Journal

  1. 1. NEW SCIENCETransaction SecurityJOURNALul.com/newscience
  2. 2. NEW CHALLENGESCALL FOR NEW SCIENCEProgress is an unstoppable, transformative force. New technologies,product advances and globalization are arriving one on top of anotherat a dizzying pace. Innovation makes us more efficient, more productiveand more connected. But there is a cost, and that cost is risk. To helpmitigate the emerging risks, UL is developing New Science. Throughfundamental discovery, testing methodologies and equipment,procedures, software and standards, UL is creating new and importantways to make the world safer.
  3. 3. Transaction SecurityOVERVIEWUL Transaction Security is advancing into new and important areas tobetter enable safe, efficient and seamless delivery. For mobile paymentsand chip and PIN technologies, UL is innovating new techniques andtests to provide greater reliability, security and interoperability. We alsocontinuously develop aggressive attack approaches, utilizing advancedstatistical analyses on cryptographic algorithms. Understandinghow to get past a system’s security allows us to identify effectivecountermeasures and to stay ahead of the hackers. UL is also part of theBiometric Alliance Initiative, helping define regulatory and proprietarycompliance requirements and producing test specifications to facilitatecomplete user acceptance of this technology in the fields of wirelesscommunication, payment applications and security.TRANSACTION SECURITY JOURNAL 3
  4. 4. Vulnerability analysis BRAND test tool smartwave box tsm test suite
  5. 5. contextThe direct costs associated with global consumer hacking are calculated at $110 billionover the past 12 months.1 It is a massive issue for the individuals targeted as well as forfinancial institutions and governments. Advanced smart cards that use chip and PINtechnology are not immune to the predations of hackers. Maintaining the cryptographicsecurity of the smart credit and debit cards that carry this technology is critical toprotecting individuals and to promoting the adoption of more advanced mobilepayment technologies. The UL Security Lab is focused on staying one step ahead ofhackers in order to help protect the security of transactions.What did UL do?UL uses advanced simulation to test chip security on credit cards by subjecting chips tomultiple types of attacks. Specifically, we examine whether the cryptographic algorithmimplementations achieve a high standard of security. This requires us to continuallymonitor the latest scientific advances in the field of cryptographic security and stayon top of the most recent attack techniques and the corresponding countermeasures.We do this to assess the cryptographic algorithms executed on smart cards and securedevices. UL researchers and scientists use observation techniques from the collectionof physical signals during the cryptography execution or innovative fault-inductionattacks. The aim is to malevolently extract the confidential information from the securedevice or to compromise the defenses of the secure application. The UL Security Lab is focused on staying one step ahead of hackers in order to help protect the security of payment and other technologies.TRANSACTION SECURITY JOURNAL / VULNERABILITY ANALYSIS 5
  6. 6. To effectively attack sensitive application security, it is necessary to take intoconsideration the fact that the code is hardware-processed. Some attacks have beendeveloped to take advantage of the physical aspect of the hardware processing,defeating the apparent robustness of specifications or designs. To investigate potentialattacks, we employ two primary methods: • Observation analyses can use hardware to understand internal processing and potentially modify code execution, and it can result in the disclosure of confidential data through analysis of inevitable hardware leakages. • Fault-injection attacks take advantage of errors induced during a code execution in order to reveal secrets or to change the device behavior to mitigate the security. For these attacks, the most advanced techniques are being used to stress the robustness of a secure code. Innovative techniques such as laser systems can be used to stress a secure chip with the highest level of accuracy and power.Every day, UL develops new ways to attack and defeat security. We use these techniqueson smart cards, terminals and mobile phones. Hackers will continue to find ways tobreach security. Our work is to get there first so we can help financial institutionsdevelop effective countermeasures.IMPACTUL is working with most of the large banks, credit card companies and standardsagencies, and is playing an important role in facilitating the adoption of chip and PINtechnology in the U.S. and in advanced mobile technologies globally. Hackers will continue to find ways to breach security. Our work is to get there first so we can help financial institutions develop effective countermeasures.TRANSACTION SECURITY JOURNAL / VULNERABILITY ANALYSIS 6
  7. 7. Vulnerability analysis Brand test tool smartwave box tsm test suite
  8. 8. contextConsumers expect their credit or debit cards to work wherever they are and wheneverthey need them: in stores and restaurants at the point of sale, at ATMs and online. ULresearchers recently developed an innovative Brand Test Tool to make it easier and moreefficient for financial organizations to provide trouble-free transactions within theirentire payment infrastructures.What did ul do?UL developed a unique testing device that enables terminal acquirers and vendorsto validate the payment brand testing of their Europay, MasterCard, Visa terminalsat a POS or an ATM. Brand testing is a vital component of the overall certificationprocess. Its core purpose is to validate payment brand compliancy of EMV terminals.These brands include associations such as Visa, MasterCard and American Express, aswell as domestic scheme operators such as Interac in Canada and Hipercard in Brazil.The Brand Test Tool automates the required tests, enabling a shorter time to marketand allowing a user to determine that a terminal is EMV-compliant and payment With the proliferation of creditassociation-certified.2 and debit cards as well as POS/ATM devices around the world, interoperability is a significantWhy It Matters and growing requirement.With the proliferation of credit and debit cards as well as POS/ATM devices aroundthe world, interoperability is a significant and growing requirement. If interoperabilityis not reliable, there is a risk that the customer’s card will not be accepted, which willimpact both customer satisfaction and loyalty.IMpactThe Brand Test Tool enables a terminal to be tested within the environment of use andwithin the brand settings that will be used in the field. More important, the Brand TestTool can detect interoperability issues before new terminals are released in the field.This creates greater efficiencies, minimizes system errors, saves money in the long termand delivers a more reliable process when the terminals go live.3TRANSACTION SECURITY JOURNAL / BRAND TEST TOOL 8
  9. 9. Vulnerability analysiS BRAND test tool smartwave box tsm test suite
  10. 10. contextContactless smart chip technology is rapidly coming into use globally in a wide rangeof applications. This includes delivering fast, secure transactions with credit anddebit cards as well as transit fare payment cards. It encompasses protecting personalinformation on government and corporate identification cards, electronic passports andvisas. Contactless smart chip technology improves speed, convenience and security butis a highly complex technology, particularly regarding implementation. Testing is crucialto show that contactless smart cards, e-identification documents and terminals/readerswork correctly and reliably.What did ul do?UL researchers in Europe recently developed an innovative hardware device thatfunctions as a complete testing tool. The SmartWave Box reads and simulatescontactless smart cards and e-identification documents. The Box also analyzes thecommunication between a contactless card and a terminal or reader. 09 93 05 9With its various modes of operation, the SmartWave Box is the most versatile tool 40 50 05930 04 44050 03 0 09 0593available today for contactless testing. The Box can operate in active, passive or 22 23 303 00 0202303 04 00 4050 10 0 2 001 10 0intercept mode in order to allow stakeholders to spy on and analyze the communicationbetween a smart card and a terminal. The Box can also simulate all the interactionsacross the relevant infrastructure players. In both cases, the SmartWave Box identifiesinteroperability and security issues prior to system implementation.4 The SmartWave Box reads and simulates contactless smart cardsWhy It Matters and e-identification documents.Contactless technology has the ability to revolutionize payments and identification,but the technology and its supporting infrastructure are complex. There are numerousstakeholders with differing needs and capabilities. With its innovative SmartWave Box,UL makes implementation smarter, more efficient and easier.IMpactThe SmartWave Box is an easy-to-use tool that facilitates interoperability acrossa contactless infrastructure and reduces implementation costs by providing errordetection during system development. In so doing, the SmartWave Box is paving theway for a migration to contactless technologies.TRANSACTION SECURITY JOURNAL / SMARTWAVE BOX 10
  11. 11. Vulnerability analysis Brand test tool smartwave box tsm test suite
  12. 12. contextWith the advent of mobile payments, consumers are using smart phones as virtualpayment cards. It is imperative that interoperability and security be certified to link allthe stakeholders that must cooperate as part of a near field communication ecosystemfor mobile payments to work.What did ul do?UL developed first-of-its-kind research to simulate all the stakeholders in an NFCecosystem so interoperability and security can be validated in advance of systemrollout. The TSM Test Suite covers complete functional groups and checks compliancewith GlobalPlatform Messaging Specifications and GP Card Specifications.The use of the Test Suite’s innovative built-in simulators allows dependencies to besolved during development. This innovation reduces time-to-market in the complexNFC/TSM infrastructure.5 38% 35 MILLION OF SMART PHONE USERS HAVE NFC ENABLED SMART PHONES PURCHASED SOMETHING USING THEIR PHONE 7 SHIPPED IN 2011 6Why It MattersMobile payments are the wave of the future, a natural extension of smart phone usage.But setting up systems to promote interoperability and security across the NFCecosystem is complex and could hinder the growth and acceptance of mobile payments.IMpactThe TSM Test Suite is a state-of-the-art tool that assists key audiences in the NFCecosystem to determine the suitability of their mobile payments implementation byproviding validation as well as simulation. For companies interested in participatingin mobile payments, the Test Suite helps them determine that their infrastructure canconnect to a TSM in a straightforward manner.TRANSACTION SECURITY JOURNAL / TSM TEST SUITE 12
  13. 13. sources1 “2012 Norton Study: Consumer Cybercrime Estimated at $110 Billion Annually,” Press Release, 5 Sept. 2012, Web: 12 Oct.2012. http://www.symantec.com/about/news/release/article.jsp?prid=20120905_02.2 “Collis Brand Test Tool,” Collis Sell Sheet.3 “Collis Brand Test Tool,” Collis Sell Sheet.4 “Collis SmartWave Box,” Collis Sell Sheet.5 “Collis TSM Test Suite,” Collis Sell Sheet.6 “The growth of mobile commerce: infographic,”Econsultancy, 4 Apr. 2012, Web: 12 Oct. 2012. http:// econsultancy.com/us/blog/9527-the-growth-of-mobile-commerce-infographic.7 “Will m-commerce overtake e-commerce?” Bigcommerce, n.d., 12 Oct. 2012. http://www.bigcommerce. com/infographics/will-m-commerce-overtake-e-commerce/.TRANSACTION SECURITY JOURNAL / SOURCES 13
  14. 14. NEW CHALLENGES. NEW RISKS. NEW SCIENCE.WANT TO LEARN MORE? Download THE OTHER JOURNALSIN OUR NEW SCIENCE SERIES at UL.com/newscienceNEWSCIENCE@UL.COM+1 847.664.2040New Science Transaction Security cannot be copied, reproduced,distributed or displayed without UL’s express written permission. V.18.UL and the UL logo are trademarks of UL, LLC © 2012

×