Online payment methods are gaining popularity at a furious pace. Tens of electronic payment systems are available presently with strong levels of security; however, attack procedures and hacking techniques are also advancing at a high rate. University of Paris published a survey that examined the security of various electronic payment systems. The research focused on dominant systems as well as innovative and experimental systems in an attempt to improve the current security level of various payment systems.
The survey examined Card-present (CP) transactions while reviewing its dominant system, i.e. EMV, including some studies done at Cambridge University to delineate variant attack types against this standard which has proven that “offline” authentication methods are inheritably insecure and that is the reason underlying the use of smart cards rather than magnetic stripe cards which don’t take part in the authentication process. The survey also examined the security level of the following payment systems:
1- Card-not-present transactions methods such as 3D SET, 3D Secure, SET/EMV and EMV/CAP.
2- The effect of Tokenization concept and the impact of schemes based on Blon Signatures such as E-payment systems and electronic cash.
3- Using quantum key distribution (QKD) with various electronic payment systems in order to achieve unconditional security levels rather than utilizing traditional cryptography for computational assurance of the level of security.
4- Near Field Communication (NFC) payment methods.
5- Contactless payment methods including Apple Pay, Android Pay and Google Wallet.
6- Various electronic currencies and peer-to-peer (P2P) systems such as bitcoin.
In this article, we will point out some of the security vulnerabilities associated with card present transactions and bitcoin which were presented in this survey.
Card Present Transactions, or EMV (Europay, Mastercard and Visa ):
Europay, Mastercard and Visa, also known as EMV, represents a complex protocol that is designed to permit communication between a credit smart card and a payment terminal. EMV cards are used to replace magnetic strip cards, possess a microprocessor that secures transactions in a manner that is not possible via magnetic strip cards and the merchant will use one terminal to transact all brands of cards.
Attack against Static Data Authentication SDA:
Static Data Authentication (SDA) represents the simplest way to authenticate a card, yet it doesn’t protect against message replay. The card consists of a certificate, signed by its issuing bank, to validate authenticity of its data. As a static certificate is used, it can be copied and used via a counterfeited card which comes with an application that accepts any PIN; these cards are known as “Yes-cards”.
With, SDA only a symmetric key is used and after PIN verification by the card, the terminal sends to the card the transaction data and then the card calculates a MAC over this data which is known as a transaction certificate‖. It is not practical to give all terminals this key due to the possibility of forgery if the key is revealed. Accordingly, the a card’s authenticity can be proven, only if the point-of-sales connects to the bank. As such, in case of offline transactions, SDA smart cards are even less secure when compared to magnetic stripe cards, due to no need to know the PIN, due to the fact that the purpose of the card is to verify the PIN and the attacker is able to create a counterfeit card that can verify any PIN.
MITM Man-in-the-middle Attack Against EMV:
Before delving into the MITM attack against EMV, the study described the card holder verification process in which in case of correct PIN, the card‘s response is 9000 and otherwise is 63Cx, (x: number of PINs entered by the client). However, the main vulnerability and flaw in this process is the inability of the terminal to accurately identify who has sent the response of the card. This flaw makes plan of a MITM attack. The below figure illustrates this attack.
The authenticated data which is sent to the bank includes “Terminal Verification Results” (TVR) and the “Issuer Application Data” (IAD). TVR consists of all possible failed card authentication states which are demonstrated in the below tabble. But one of the flaws of this process is that in case of successful authentication, it is not mentioned which method‖ has been used (ex. PIN or signature)
Accordingly, an attacker exploiting this flaw is able to perform a MITM attack to intercept the connection between the card and the point-of-sale to conceive the terminal by sending a 9000 response, without sending the PIN to the genuine card and thereby the genuine card will assume that the point-of-sale does not have “PIN verification” method and uses the signature method to verify the cardholder. Nevertheless, because the card has not received the false PIN, the number of attempts to enter the PIN (i.e. x) will not increased. Accordingly, the TVR bits are not set, because there are neither attempts nor failure, so both the point-of-sale and the card are deceived. The point-of-sale believes that the PIN authentication is successful after receiving 9000 response and then produces a zero value for TVR, thus the card will assume that the terminal does not support a PIN verification method after it fails to receive the PIN and so accepts the terminal‘s zero byte.
Other types of attacks against EMV:
The study also presented other types of attacks against EMV including unpredictable number in EMV, relay attacks and problems related to elliptic curve cryptography in EMV smart cards.