Security issues for EMV payments

For contactless cards, along with the standard set of security threats typical for contact microprocessor cards, there are special threats associated with the use of a radio channel for data exchange between the reader and the card. Here we can start with the fact that today’s contactless card technology violates certain provisions of the PCI Data Security Standard (PCI DSS). Since the terminal and card dialog data are not encrypted (asymmetric encryption is too slow to meet the requirements for contactless payments), the PCI DSS requirement to encrypt card data when transmitting it over open/public networks, which include any wireless communications, is obviously violated!
Only the security threats specific to contactless cards will be discussed below.
For General reasons, it is clear that the radio interface between the card and the reader is less secure than the contact interface. Indeed, when using the radio interface, it is possible to perform a non-cash payment operation on the contactless card holder’s card without being noticed (in fact, to steal the card during the operation). You can also eavesdrop on the card’s dialogue with the terminal and as a result get the information necessary to commit a “fake card”type of fraud.
The most typical attacks for contactless cards can be classified as follows:
relay attack: an authorized reader (a reader registered with a certain payment system service Bank) initiates and performs payment operations using the client’s contactless card in an unauthorized manner, i.e. without the client’s consent;
pick-pocketing: an unauthorized reader (a reader that is not registered with any of the payment system’s servicing banks) is used to perform an unauthorized transaction by the cardholder in order to use the data received in the “cartarider” dialog to make a fake card and perform payment operations using it in authorized terminals;
eavesdropping: intercepting data from the “card reader” dialog, especially data transmitted by the card, in order to use the information obtained to fake the card;
data corruption: an attacker tries to make it impossible to exchange data between the card and the reader (a Denial of Service attack); however, the fraudster is not able to manipulate the card and reader data for their own benefit;
data modification: the attacker tries to modify the data dialogue “card terminal” profitable to him; for example, in collusion with card holder a fraudster may reduce the size of the operation and/or to modify the reply card terminal requiring authorization operations in an offline mode;
man-in-the-middle attack: the fraudster (or rather, his technical means) is located between the card and the reader, intercepting the card and reader dialog in order to modify it in a profitable way;
Radio Frequency Analysis (RFA): an attack aimed at obtaining the value of a card’s secret cryptographic key by measuring the magnetic field next to the card’s chip.
At the same time, it should be recognized that the area of space in which you can eavesdrop on the card or initiate an operation on it is physically limited. Remember that when using a standard reader, the operation on a contactless card is performed from a distance of several centimeters.
Studies show that using the available relatively inexpensive equipment, attack relay attack and pick-pocketing can be arranged within a distance of about 40-50 cm, eavesdropping card (eavesdropping attack) — at a distance of about 80-100 cm, and the eavesdropping reader — from a distance of no more than a few meters (3-4 m). In order to initiate and execute relay attack and pickpocketing attacks, it is necessary to create an alternating magnetic field with an amplitude of at least 4 A/m in the area of the contactless card. In Radioelectronics, it is proved that the power of a transmitting Omni-directional antenna with a carrier
at a frequency of 13.56 MHz is defined by the equality
P = 0,00025 · H2 · D3 · B,
where P is the transmitting power Omni-directional antenna (watts); H — magnetic field strength (A/m);
D is the distance between antenna and tag (m);
B — the frequency width of the signal transmitted from the reader to the chip (Hz).
It is easy to obtain values of power transmission Omni-directional antennas for different values of the distance between the card and the reader. Assuming that B = 1 MHz, H = 4 A / m, we have:
D = 0.05 m, P = 0.5 W (transmitter power meets Federal Communications Commission (FCC) and European telecommunications Standard (ETS) restrictions)
D = 0.5 m, P = 500 W (difficult to implement using a battery, requires a battery)
D = 5 m, P = 0.5 MW (an electromagnetic field of this power kills a person).

It follows that the relay attack and pick-pocketing attacks can be organized from a distance of no more than about 40-50 cm.
Let’s now consider the fraudster’s interception of the card and terminal dialog data (eavesdropping). In this case, the distance limit between the card / terminal and the eavesdropper is determined by the signal-to-noise ratio in the eavesdropper area for the card signal and the reader signal. Previously, it was shown that to ensure a satisfactory quality of signal reception, it is necessary that this ratio is not lower than 8 decibels.
The figure below shows the characteristic dependence obtained by em-
pyrically, the ratio of the contactless card signal to the SNR noise from the distance from the card.

It is obvious that the implementation of a Data Corruption attack is not a problem for a fraudster. In this case, it is sufficient to send the card a noise signal in the same frequency range as the main signal of the reader. Moreover, sending a powerful signal to the card can even destroy the chip. However, there is no obvious interest for a fraudster in implementing such an attack.
When talking about a data modification attack, note the following. Since the ISO 14443 Type A Protocol uses a modified Miller code and 100% amplitude modulation in the forward channel, it is obvious that only two consecutive 1s can be modified in the forward channel into a sequence (10). To do this, when transmitting the second bit ‘1’ during the pause when transmitting the second half of this bit, the fraudster must send the carrier signal to the card. In this way, the card receives a signal without pause, corresponding to the case when bit ‘0’ is passed after bit ‘1’.

The forward channel of the ISO 14443 Type B and FeliCa protocols, as well as the reverse channel for all ISO 14443 and FeliCa protocols, does not use 100% amplitude modulation, which means that there are no pauses in the signal. The presence of pauses in certain places of the signal is the only obstacle to modifying the bit of information, since it is almost impossible to simulate a pause in the signal. This requires very high accuracy (tenths of a microsecond) of syncing the fraudster’s transmitter with the reader’s transmitter in a short processing time. This means that all bits of transmitted data can be modified in the channels listed in this paragraph.
Note that the extended Hamming code (ISO 13239) used for transmitting data over the radio channel does not solve the problem of data modification. In some cases, the use of the code allows to detect modification of data. The commands passed to the card specify exactly the size of the data in the command data field and the expected (usually upper bound) size of the data in the card response to the command. Therefore, a fraudster who modifies the command data can calculate the new value of the CRC sequence and insert it into the data block used for transmitting the command if there is a computing tool of sufficient performance.

In the reverse channel, the fraudster generally does not immediately know when to calculate and insert the value of the CRC sequence. As a result, when transmitting the response for the first time, a modification of the response data will be detected with a high probability of 1-2-16 ” 99.998%. However, after a failed attempt of modification of the answer card fraud is to know the size of the transmitted response card and the next card you attempt to send a response to the terminal will be able to paste in desired location has calculated the CRC value sequence. Thus, noise-tolerant encoding is not able to cope with the problem of modifying the card and reader dialog. This problem, as we will see below, is solved by other methods.
Let’s now consider the man-in-the-middle attack. Alice and Bob have a conversation over the radio channel. An attacker named Eve appears between them.

Let us now consider two cases.
Alice plays the active role of the reader, while Bob is passive and plays the role of the card, responding to Alice’s queries. In this case, a man-in themiddle attack is not possible, because when Eve passes the intercepted and modified Alice data to Bob, Alice continues to pass the carrier to Bob. As a result, due to the superposition of two unsynchronized signals, Bob will not hear anything.
Alice and Bob are active and able to initiate data transfer independently. This option may be relevant when using the NFC Protocol. In this case, when Eve passes the intercepted and modified data to Alice for Bob, Alice also hears it and understands that instead of the expected response from Bob (response to the command), it receives its own modified message (command).
In addition, in both cases, during the time period when Eve intercepts Alice’s data so that this data is not received by Bob, Eve puts a jam on Bob, which is audible to Alice as well.

Thus, a man-in-the-middle attack due to the omnidirectional radiation of antennas when making contactless payments is impossible!
Finally, let’s focus on the RFA attack. This attack belongs to a class of so-called side-channel attacks described in clause 2.8. Attacks of this class allow you to determine the values of individual bits of the card’s secret key by various parameters (the time of processing a cryptographic operation, the power consumed by the card when performing a cryptographic function, the value of the electromagnetic field in the area of the card’s chip). These attacks are aimed at obtaining the values of individual bits of the card’s private asymmetric key used in its dynamic authentication procedures. All attacks are based on the fact that the sequential squaring method is used to calculate the power of a number from the secret exponent. In the RSA algorithm, signing data m consists of raising m to the power of d, where d = (dk–1,…, d0) is a closed exponent of length k bits, k = [log2d] + 1, and the sign [x] denotes rounding x to the nearest integer smaller than x.
Then the sequential squaring method for calculating the power of xd (mod n) looks like this:
Let s: = m
For i = k – 2 down to 0 Let s:=s2
If d1 = 1 then s:=s · m (mod n) Output: s = xd (mod n)
The algorithm shows that depending on the value of the secret key bit, either one squaring operation is performed at each step, or two operations are used — squaring and multiplication (it is clear that squaring is also multiplication). Obviously, performing two operations requires on average more time and energy consumed by the card. This is what side-channel attacks are based on.
The RFA method belongs to the class of non-penetrating attacks (you do not need to extract and clean the card micro-module filler and destroy the chip passivation layer). The essence of the method is to measure the magnetic field strength using a tiny coil of copper wire placed next to the card chip. It can be assumed that when the chip processor processes a bit equal to 1, and therefore squaring and multiplication are necessary, the chip requires more energy received from the magnetic field around the chip. As a result

in accordance with the law of conservation of energy, the value of the magnetic field strength next to the cryptographic coprocessor of the chip at this time should decrease. In practice, this is what happens.
An obvious way to deal with an RFA attack is to use additional “camouflage” multiplication, which is performed when no square calculation is required. Using “camouflage” multiplication does not allow the fraudster to determine the values of the secret key bits based on the analysis of the magnetic field in the vicinity of the card chip, since it makes the processing of bits ‘0’ and ‘1’ in the degree calculation algorithm the same. In other words, the above degree calculation algorithm should look like this.
Let s: = m
For i = k – 2 down to 0 Let s:=s2
If di = 1 then s: = s · m (mod n) else s¢: = s · m Output: s = xd (mod n)
The consequences of the attacks described above for participants of non-cash payments are discussed below.
In the event of a relay attack, direct financial damage is inflicted on the cardholder. At the same time, a terminal that performs operations that are not authorized by the cardholder will not be able to exist for a long time. Obviously, upon receipt of chargeback payments made in this terminal, it will be identified (as a CPP point) and disconnected from card service.
In the case of a pick-pocketing attack, the data received during operation processing is then used to repeat the transaction in the present terminal. In this case, the fraudster clones the card that was attacked by pick-pocketing. It creates a card that simulates the operation of a real card whose behavior was set during the execution of a transaction on an unauthorized terminal. In this case, it is also possible to use the intercepted card details in order to use them to perform fraud on a fake contact card (crosscontamination). The use of intercepted data to perform CNP operations is particularly dangerous.
The eavesdropping and pick-pocketing attacks are used to get data about real card details in order to create a fake chip card or a card with a magnetic stripe (cross-contamination) based on them.
The RFA attack is aimed at determining the private asymmetric card key used for dynamic card authentication. Since many contactless card transactions are performed offline without using cardholder verification, knowing this key is critical for the security of these transactions.
Let’s now focus on ways to counter these attacks. First of all, note that the pick-pocketing and eavesdropping attacks are ineffective if you try to use them to fake a chip card. Indeed, if a contactless card is used in the magnetic stripe mode, then, as explained above, the transaction is authorized online and the card generates a dynamic CVV/CVC value, which cannot be forged without knowing the card’s secret key. If the contactless card is used in the EMV mode, then for successful dynamic authentication of the card application, knowledge of the card’s private asymmetric key is required. Therefore, it is not recommended to use the SDA method for authentication of a contactless card application.
When using the Combined Dynamic Data Authentication/Application Cryptogram Generation (CDA) method for application authentication, the problem of ensuring the integrity of information exchange between the card and the reader is resolved. In this case, the data modification attack becomes impossible. Recall that the CDA method can be used on MasterCard PayPass M / Chip cards. Moreover, this method should be used on contactless MasterCard cards.

The following methods are used to combat cross-contamination. First, static CVC/CVV values are not used in contactless cards. Therefore, it is almost impossible for a fraudster to create a magnetic stripe for a fake card based on cross-contamination data.
Secondly, for issuing contactless cards, the Issuer is recommended to use separate ranges of card numbers for which CNP operations are prohibited. Ideally, in order not to reduce the functionality of the card and make it possible to use it for CNP operations, we recommend using different card numbers for the contact and contactless mod cards. In this case, the ban on CNP operations can only be defined for card numbers used in the contactless mode.
Note that the use of different card numbers may require further development of the Issuer’s authorization systems. For example, on MasterCard PayPass M / Chip cards, the card key for generating the cryptogram is shared (the same one) by the contact and contactless mod card applications. This limitation is eliminated in The MasterCard m/ Chip 4 R2 specification. However, today the cryptogram generation key is the same for both applications. Therefore, when using different card numbers for contact and contactless applications, an Issuer that outputs the card key using PAN and PSN (PAN Sequence Number) in its system should remember that the contact application’s PAN must be used to output the key when processing a contactless transaction.
Third, when using the magnetic stripe mode, the cardholder’s name must not be specified in the data of the first track of the contactless card.
These methods are an effective way to combat cross-contamination.
The most severe attack when using contactless cards is the relay attack. As noted earlier, this attack is detected fairly quickly. In addition, payment systems and banks impose restrictions on the maximum size of a contactless card transaction. This reduces the interest of fraudsters in such transactions. Still, the relay attack undermines the confidence of cardholders and banks in contactless card technology.
Today, payment systems offer two approaches to solving the problem. The first approach is to store the card in a special metal case (in-mail shielding). In this case, the card is isolated from the external magnetic field, and therefore it is impossible to influence the card in an unauthorized way.

The second approach is to have a special button on the card, which you need to click to activate the contactless interface of the card (Cardholder Card Activation). Apparently, with the development of contactless cards, these methods of protection from the relay attack will be used. In particular, the New MasterCard m/Chip 4 R2 specification has a mechanism for enabling the card’s contact interface (Contactless Interface Switch). Enabling the contactless interface can be performed by pressing the button already mentioned.
Summarizing the above, we can make the following summary. If you limit the transaction size (up to $25/€15) and use dynamic offline authentication methods (DDA, CDA), contactless cards are recognized by payment systems as a reliable means of payment.
The above-mentioned methods of fraud prevention for contactless cards are listed below:
dynamic card authentication methods (DDA, CDA) allow you to avoid pick-pocketing and eavesdropping attacks, as well as card forgery;
the CDA method ensures the integrity of information that circulates between the card and the terminal;
the Secure Messaging method ensures the integrity and confidentiality of information contained in Script Processing commands when using the full VSDC profile; no other contactless application (profile or mod) uses Script Processing;
Cross-contamination: using separate BIN/PAN for contactless cards / contactless apps;
In-mail shielding or Cardholder Card Activation (easily implemented in a cell phone) to combat a relay attack.

Of course, the technology of contactless payments is at the very beginning of its development and as it spreads, we expect significant changes. It is obvious that instead of MasterCard PayPass and VISA Contactless, banks want to see a single universal offer for the market, implemented as part of a single universal application on the card. For sure, such a universal application will eventually appear, just as it happened with the Common Payment Application for contact microprocessor cards.

The changes will also affect communication protocols. Along with the ISO/IEC 14443 standard, other protocols will be used for making non-cash payments. Here, first of all, we should mention the ISO/IEC 18092 Protocol, better known as NFC (Near Field Communication). Using the same frequency range (13.56 MHz) and even being compatible with the ISO 14443 Type A Protocol, this Protocol provides higher data transfer rates and allows a symmetrical mode of data exchange when the reader and card are active objects of information exchange (have their own power source). The introduction of NFC will allow you to use cell phones, pocket computers, laptops as both a card and a terminal, significantly expanding the possibilities of contactless payments.
Great attention to the issues of contactless payments is paid by the company EMVCo. Within two working EMVCo working group MPWG (Mobile Payment Working Group) and CLWG (Contactless Payment Working Group). The CLWG group is responsible for standardizing all aspects related to the introduction of contactless cards, and the MPWG group is responsible for standardizing aspects related to the introduction of mobile payments. The concept of “mobile payments” also includes the use of phones for contactless payments based on the NFC Protocol. At the time of writing, the MPWG group was developing the following documents:
General overview document on the architecture of the mobile payment system;
EMVCo Application Management Specification, which defines the procedure for selecting a mobile payment instrument by the client and how the client can change the priorities of instruments/ details for making a payment;
EMVCo GlobalPlatform UICC Configuration Profile specifications for the SE element used for storing the payment application;
requirements for a telephone device (in parallel with the GSMA requirements) used for mobile payments;
requirements for SE elements and their testing / certification procedures (Type Approval for SE); requirements are defined, including for GlobalPlatform testing procedures and application selection, as well as for card and reader communications(NFC);
requirements for using the PIN code as a means of verifying the cardholder in contactless payments.