hanco...@bbs.cpcn.com writes:
> As I understand it, years ago in foreign countries telephone capacity
> was limited and phones were expensive, thus many people did not have
> them. When cell phones came out, it represented a whole new
> infrastructure that exploded, and many people got connected that way.
expensive/scarcity of telco also shows up in slow-adaption of
point-of-sale terminals and magstripe plastic payment cards in europe
as a result, saw chipcards that could do "offline" point-of-sale
transactions in europe ... i.e. point-of-sale terminal interacted with
chipcard and wasn't required to go online for every transaction.
lot of these were "stored-value" cards ... that had "secure" mechanism
for storing & recording value ... somewhat like some of the US metro
cards. in the 90s, some of these made pilot excursions into the US
... and we got asked to design&cost dataprocessing infrastructure for
scaled-up, country-wide deployment (mostly backup dealing with loading
valud into the cards). I also did some financial analysis and nearly all
of the infrastructure value motivating the programs was that the
operator got the float on the unspent value in the cards. In some case
it was like a pyramid scheme where the international license holder
effectively got all of the float ... with individual country operators
not getting any. then to spur the uptake, there were announcements that
the international license holder would split the float with the
individual country operators. Then the EU central banks decreed said
that interest would have to start being paid on unspent value in the
cards ... and the programs just slowly dwindled away.
About that time, some operators in the US introduced an online magstripe
stored value ... similar in concept to the EU chipcards but leveraged
existing online point-of-sale & telco infrastructures to do
account-based operation. they are now marketing as gift and merchant
cards ... large racks of them can be seen near checkout counters in some
grocery stores.
a variation of the stored-value chipcards ... were more sophisticated
association chipcards for standard credit operation. the merchant
point-of-sale terminal would interact with the chipcards ... and the
chipcards could be trusted to tell the merchant POS terminal whether or
not to go online, as well as how much available credit limit was
available on the card and whether the current transaction was approved
or not. these required PIN operation (as countermeasure to lost/stolen
cards unauthorized use) and supposedly had lots of security to prevent
other forms of fraudulent activity. Point of the card was specifically
for security ... but would allow merchant point-of-sale terminals to do
offline transactions (to avoid high telco charges) and could batch large
number of transactions to be done in one telco transaction at
end-of-shift or end-of-day.
There was a large pilot in the US of these cards in the early part of
the century. However, the cards interacted with the terminal using
"static" authentication data. There turned out that effectively the same
terminal compromise that would skim static magstripe data (to create
counterfeit magstripe cards) could be used to skim static chipcard
authentication data. This then could be used to create counterfeit
chipcards that were called "YES CARDS"; once authenticated the card
would always answer "YES" to the following three question: 1) was the
correct PIN entered ("YES"), 2) should this be an offline transaction
("YES") and 3) is the transaction within the account credit limit
("YES"). It was not too long later that the pilot disappeared w/o a
trace.
I had tried to tell the pilot operators about the vulnerability ... but
they apparently had such a myopic focus on the chips ... that they
responded by saying they could address the problem by changing the
programming in valid chips. The problem was that the compromise wasn't
of valid chips ... but a merchant terminal compromise (and changing
programming in valid chips had no impact on creation of fraudulent
counterfeit "YES CARDS").
At the ATM Integrity Task Force meetings ... early part of this century
when the "YES CARD" problem was explained, somebody in the audience made
the observation that they managed to spend billions of dollars to prove
chipcards are less secure than magstripe cards. The issue is that a
countermeasure to counterfeit magstripe card is to deactivate the
account (and prevents/blocks future online fraudulent transactions).
However for "YES CARDS", deactivating the account has no effect, since
the merchant terminal doesn't go online until long after the crooks are
gone.
old reference (gone 404 but lives on at wayback machine) to "YES CARD"
presentation at cartes2002:
http://web.archive.org/web/20030417083810/http://www.smartcard.co.uk/resources/articles/cartes2002.html
past posts mentioning "YES CARDS":
http://www.garlic.com/~lynn/subintegrity.html#yescard
--
virtualization experience starting Jan1968, online at home since Mar1970
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
