Chip-and-PIN readers can be tricked into accepting transactions without a valid personal identification number, opening the door to fraud, researchers have found.
Researchers at Cambridge University have found a fundamental flaw in the EMV — Europay, MasterCard, Visa — protocol that underlies chip-and-PIN validation for debit and credit cards.
As a consequence, a device can be created to modify and intercept communications between a card and a point-of-sale terminal, and fool the terminal into accepting that a PIN verification has succeeded.
"Chip and PIN is fundamentally broken," Professor Ross Anderson of Cambridge University told ZDNet UK. "Banks and merchants rely on the words 'Verified by PIN' on receipts, but they don't mean anything."
The researchers conducted an attack that succeeded in tricking a card reader into authenticating a transaction, even though no valid PIN was entered. In a later test, they managed to authenticate transactions, without the correct PIN, with valid cards from six different card issuers. Those issuers were Barclaycard, Co-operative Bank, Halifax, Bank of Scotland, HSBC and John Lewis.
The central problem with the EMV protocol is that it allows the card and the terminal to generate ambiguous data about the verification process, which the bank will accept as valid.
In particular, the terminal can record that a PIN verification has taken place, while the card itself receives a verification message that does not specify that a PIN has been used. The resultant authorisation by the terminal is accepted by the bank, and the transaction goes ahead.
This means that while a PIN must be entered, any PIN code would be accepted by the terminal, the researchers said in a paper entitled Chip and PIN is Broken.
The researchers said the engineering and programming skills necessary to make a man-in-the-middle device to conduct the attack are elementary.
"The attack doesn't require too much technical skill [to emulate]," said Steven Murdoch, who took part in the Cambridge University research, alongside Anderson and Saar Drimer.
Behind the attack
The attack targets the way the various security mechanisms interact in the cardholder verification process. In this process, the chip in the card and the terminal decide how to authenticate the transaction. The cards examined by the researchers all recognised as authentication, in descending order of preference: PIN verification; signature verification; and no verification.
The majority of transactions require PIN verification. The customer enters their number on a PIN entry device. The PIN is then sent to the card, which compares it to a PIN...