Combating illegal use of EMV cards

Stolen (lost, not received) microprocessor cards (lost, stolen, NRI)

The microprocessor card is also a powerful tool in the fight against such type of fraud as stolen (lost, not received) cards. Using the Chip&PIN approach, adopted today in the UK and considered by international payment systems as the most preferred method of cardholder authentication, allows you to significantly reduce these types of fraud. The DDA/CDA + PIN Offline method is the most reliable of all known methods of protection against card fraud.

It is important to note here that the implementation of the Chip&PIN approach should be carried out from two sides — both from the issuer and from the servicing bank. To encourage the servicing bank to install terminals that support PIN offline, payment systems introduce the Chip&PIN liability shift, as well as other rules that introduce an element of economic attractiveness of using such terminals.
To formulate the Chip;PIN liability shift shift, we introduce the following definitions. We will call the microprocessor card a Chip&PIN card if the PIN verification method is offline (regardless of the PIN transmission method – in protected or unprotected form) is the highest priority in the CVM list under the conditions of this operation. We will also say that the terminal supports the PIN Offline method if it supports secure and open PIN code transfer to the card.
Then the Chip&PIN Liability Shift is formulated as follows: if the Chip&PIN card is used in a terminal that does not support PIN Offline, then all responsibility for lost (stolen) (lost, stolen) cards and non-received cards (NRI) is transferred to the servicing bank.

Fraud in the field of CNP transactions

With the migration to the chip (especially in the Chip&PIN version), there will be a decrease in fraud such as “Fake Card”, “stolen (lost, not received) cards” and an increase in fraud of the CNP and ID Theft types. Unfortunately, the use of microprocessor cards so far does little to combat these types of fraud, except for providing a convenient opportunity to authenticate the cardholder in a transaction performed using the 3D Secure protocol by the issuer’s access control server (chip authentication program/dynamic passcode authentication technology). CAP technology allows you to generate one-time passwords, which are also a means of combating theft of cardholder identification data.
Fraud on the part of an unscrupulous trading company

One of the serious “holes” in the security model of operations performed using IPC is the practical possibility of a fraudster creating a false public key of the system. By producing certificates of the issuer’s key under a false key, you can issue fake cards that will work successfully in terminals with a loaded false key.

A natural way to combat this kind of fraud is to create a signature of the system keys entered into the terminal on the key of the servicing bank (possibly a symmetric key). Such a signature ensures the integrity of the key information of the system on the terminal. In this case, without having the key of the servicing bank, it is impossible to successfully create (use) a false public key of the system.
Unfortunately, in order to circumvent the mentioned protection of the system’s public keys, a fraudster may not follow the path of compromising the secret key of the servicing bank. To commit fraud, it is enough for him to upload a fake executable module to the terminal, which, unlike the application of the servicing bank, will not verify the signature of the key used. In this case, the protection described above does not work.

To deprive the fraudster of the possibility of replacing the terminal application, it is necessary to connect the resources of the operating system and the terminal’s cryptoprocessor. We will not dwell here on the problem of ensuring the integrity of the terminal application. Note only that for terminals that accept microprocessor cards, this problem is solved using a special microprocessor card that performs the function of controlling access to operations, for example, deleting/downloading executable files.

At the same time, we note that the problem of ensuring the integrity of the terminal application is not far-fetched. According to experts in the field of card transaction security, as the security of cards increases, the attention of fraudsters will increasingly turn to the environment of their service. The terminal is a close environment of the card, and therefore, undoubtedly, will become a target for attacks. Since the terminal today is actually a personal computer, the same methods will be used for attacks. In particular, the use of special programs (similar to spyware, Trojan horse, keyboard (screen) logger, viruses) will allow a fraudster to obtain information about the card that interests him (for example, recording the second track of the magnetic stripe of the card, the value of the random sequence of the terminal and the random number of the card used to encrypt the PIN block, the value of the encrypted PIN block, etc.).

The problem of replacing the real POS terminal of the bank with a terminal installed by fraudsters is also important. The cost of the terminal is small — $ 400-600. Therefore, such substitution is very plausible when a fraudster colludes with the cashier of a trading company (there are cases of installing even false ATMs!). There may also be cases when a merchant uses a POS terminal only for the purpose of collecting information about cards.

If a false terminal is used, not only the contents of the magnetic track of the card can be recorded, but also the value of the PIN code of the cardholder. Taking into account the use in practice of hybrid cards with a magnetic stripe, having received information about the magnetic track of the card and the value of its PIN code, a fraudster can make “white” cards for their use at an ATM.
To solve the problem of a false terminal when processing transactions online, it is necessary to implement MAC codes everywhere for messages circulating between the terminal and the host of the servicing bank. This will ensure the integrity of the information exchange and authentication of the POS terminal.

Meanwhile, using MAC codes can effectively solve the problem only for online operations. Information about offline transactions performed on the terminal can also be signed for transmission to the servicing bank. However, a fraudulent terminal may not transmit this information to the bank for a long time or never at all. In the case when the terminal operates offline, unfortunately, apart from organizational measures to combat this kind of fraud, there is nothing to offer yet.
A fairly effective way to combat the replacement of terminals would be the introduction of a mutual authentication procedure for the card and terminal into the EMV standard. The establishment of a pair of secret and open asymmetric keys of the servicing bank and the certificate of this key on the system key on the terminal, as well as the support of the terminal authentication procedure by the card and the storage of hash functions of the system’s public keys on the card will eliminate the substitution of the terminal. Storing hash functions of the system’s public keys on the card is necessary in order to avoid a situation where a fraudster himself comes up with a false system key and generates a key pair of the servicing bank with a certificate calculated on a false system key for entering the terminal.

Of course, storing hash functions of system keys (obviously, you will have to store information about keys generated for the future, so that it does not happen that during the life cycle of the card, system keys unknown to the card will appear on terminals) imposes restrictions on the size of EEPROM memory. The terminal must store up to 6 system keys. Therefore, taking into account the keys being stored for the future and the size of the SHA-1 hash function value equal to 20 bytes, it will be necessary to reserve about 200 bytes of EEPROM memory for one payment system.

Let’s focus on one more type of fraud, possible on the part of an unscrupulous trading company. In a simplified form, fraud looks like this.
When a microprocessor card holder applies to a merchant for a purchase, the merchant completes any decision of the terminal (card) by rejecting the transaction. At the same time, the cardholder either leaves the trading company with nothing, or pays for the goods in cash.

Next, the fraudulent trading company sends the data on the unsuccessful transaction to the servicing bank, as if the operation was successfully performed offline. At the same time, the servicing bank is presented with all evidence that the transaction was completed successfully: a forged cryptogram information data value indicating the completion of the operation by generating a TC cryptogram card, a cryptogram value that does not depend on its type (TC, ARQC, AAC), an ICC dynamic number value. All this data, with the exception of cryptogram information data, could only be generated by a real microprocessor card.
The servicing bank, based on the data received, forms segments that it sends to the payment system and reimburses the merchant for the funds for the operations “performed” in it.
After some time, some cardholders initiate chargebacks on fraudulent transactions performed using their cards. However, it will be difficult for the issuer to initiate them, since the servicing bank has presented the TC cryptogram in the presentation or at the request of the issuer (retrieval request message).

In this case, the payment system will be able to understand the situation, which after a while will discover that a strange situation has arisen when customers complain, clearing messages transmitted by the servicing bank look convincing, unusually often happens at one point of sale. To understand this situation, the payment system will take time. During this time, the scammers will have time to escape.
Another way to combat the fraud described above is to use the CDA method for offline authentication of the card and the requirements for the trading company, which consists in the fact that the company provides the signed dynamic application data element to the servicing bank, and not just a cryptogram. In this case, the servicing bank extracts the correct cryptogram information data value from the signed dynamic application data element and the fraud scheme described earlier does not work.

Combating ATM fraud

When using a microprocessor card online, knowing the PIN code and any other card data available to the terminal is not enough for a fraudster to successfully complete the operation. A necessary condition in this case is the knowledge of the card’s secret key, which is not available to the fraudster, which is used to generate a cryptogram. The key is necessary for mutual authentication of the card and the issuer, without the successful completion of which the transaction will be rejected (we do not consider a rare enough case today when the issuer does not support the processing of “chip” card data).
Thus, in a world in which all cards are microprocessor-based, and terminals support EMV, skimming through ATMs does not give scammers anything.

Conclusion

Summarizing the above, we can conclude that with an increase in the number of microprocessor cards and the expansion of their reception infrastructure, the level of card fraud is steadily decreasing. However, the effectiveness of combating card fraud by switching to the use of EMV cards depends on the synchronicity of banks’ migration to the chip. Even if the banks of some country completely migrate to the chip, but there will be countries in which the process is slow, the banks that migrated to the chip will suffer from countries less advanced in terms of migration. Therefore, European countries that have achieved significant results in migration to the chip cannot but worry about the situation with the state of affairs in the United States. Indeed, all the efforts of the European bank that issued the microprocessor card are canceled by the possibility of performing an operation on a fraudulent card made on the basis of the magnetic stripe data of this microprocessor card in the “magnetic” terminal (a terminal that accepts only cards with a magnetic stripe) of the American bank.
The same statement about the importance of synchronicity of migration of banks to the chip is true for a single country. Despite the fact that the above-mentioned shift of responsibility may operate within the country, and the bank that has replaced its cards with microprocessor (hybrid) cards, all responsibility for fraud on a fake hybrid card in magnetic terminals is transferred to the servicing bank, moral damage inflicted on the cardholder.

Designations:
I – fraud will occur and the responsibility for it lies on the issuer’s side;
A – fraud will occur and the servicing bank will be responsible for it;
0 – fraud will not happen.

Note that we believe that if a fraudulent EMV card is used in an EMV terminal, then the probability of fraud is 0. This is true with reservations, because:
• the EMV terminal can be used successfully stolen/lost EMV card if the card is not used offline PIN verification code (we have assumed that our Bank to do so, but realize that this situation is not typical);
• you can get data from the magnetic stripe of an EMV card and transfer it to the blank of a fraudulent card, while changing the service code to 1 and using the card in offline authorization mode (unlimited operation).
Let’s take the typical values of the model parameters for an advanced bank card issue (40% of the cards are EMV-compatible): a = 0,96, b = 0,03, c = 0,01, f1 = 6 bp, f2 = 40 bp, f 3= 60 bp, A = 0,4, B = 0,1.
Then, as a result of the bank’s migration to the chip, the level of fraud will fall from about 7.56 bp to 4.5 bp. At A = 0.6, the level of fraud in terms of emissions will drop to 3 bp.
Of course, the above model does not take into account many aspects, in particular, the migration of fraud to regions with poorly developed infrastructure for servicing microprocessor cards. At the same time, it can be used to assess the country level of fraud separately for issuing and servicing cards.

The migration of banks to use microprocessor cards has already proved its effectiveness in terms of combating fraud. The UK, which has carried out an almost complete migration to the technology of chip cards that support offline PIN verification, has become a vivid example of this. According to data for 2005, the total annual volume of losses from card fraud in the country decreased by 13% compared to 2004, and if we take into account all categories of fraud, except for CNP transactions, the losses of English banks from the actions of criminals decreased by 28%! In particular, the volume of fraud on counterfeit cards decreased by a quarter, and on stolen (lost) cards – by 22%!
The Asia-Pacific region (APR) can be considered as another example of the effectiveness of combating fraud by migrating to microprocessor card technology. According to Frost&Sullivan, card fraud in this region reached $600 million in 2005. Migration to microprocessor cards has reduced the level of fraud to 3 basis points, which is more than 2 times lower than the global average.

The level of fraud on intra-country transactions in France, where microprocessor cards have been used internally for more than 15 years, is 3.3 basis points, which is also an outstanding result confirming the effectiveness of IPC technology.

Obviously, criminal structures will not accept the loss of their income and will adapt to the new living conditions in the world of chip cards. Unfortunately, they have quite a few opportunities for this.
First of all, it should be noted that magnetic (hybrid) cards and magnetic terminals (terminals that do not work with a chip) will be present on the card market in the next 10-15 years. As a result, fraudsters will have the opportunity to use a poorly protected magnetic stripe to commit crimes such as:
* using the data of the magnetic stripe of the card (including the hybrid card) to create a fake card with its subsequent use in the magnetic terminal in offline mode;
* using hybrid cards in magnetic terminals;
* forgery of hybrid cards (incorrect personalization of the chip and the use of a fallback to a magnetic stripe or changing the card service code when transferring data to a blank with a magnetic stripe and using the card in floor limit mode).
A significant gap in operations with microprocessor cards is created by the use of Fallback mode by banks. Payment systems have already obliged banks to abandon this mode in ATM transactions (Fallback is allowed under the responsibility of the servicing bank). Moreover, in the near future, the mandatory use of Fallback mode in POS terminals will be replaced with an optional solution for country markets. In this case, in countries where the level of compliance with the standards of international payment systems is high, banks will refuse to use backup authorization by magnetic stripe.