Commonwealth Bank of Australia has said it was not necessary for customers to enclose their new contactless payment cards in a wallet that stops the card from being read by rogue scanners on the street.
One of the new readers
Yesterday, CBA said it will roll-out 15,000 terminals this year that are capable of taking payments less than $100 from certain cards without the card being swiped or the customer entering a PIN or signing. National Australia Bank has rolled out 2500 similar readers.
There has been some concern voiced about whether unauthorised payments could be made by rogue scanners. Some companies even sell wallets with a metal fibre mesh that acts like a Faraday cage so that similar cards can't be read.
But Commonwealth Bank executive general manager of business products and development Kelly Bayer-Rosmarin considered such measures totally unnecessary for the MasterCard PayPass or Visa payWave. "They've got triple DES encryption on them," she said. Triple DES is the encryption used as the base for the standard used in chip cards.
There wasn't any stored value on the card, so money couldn't be taken directly, according to Bayer-Rosmarin. In order for someone to carry out a fraudulent transaction, they would have to build a scanner, get the encryption software and hook it into the bank, she said.
National Australia Bank said that it wasn't necessary to use a blocking wallet since the card didn't have transmitting or receiving ability. It only became active when it was in range of a Visa contactless payment terminal during a transaction. Like the CBA, the bank also emphasised the encryption protection.
"Each Visa payWave-enabled card contains a tiny embedded computer chip that sends payment information to a contactless card reader via short-range radio frequency waves," a spokesperson for the bank said. "The information includes an encrypted security code that is unique to each transaction, making counterfeit fraud virtually impossible."
However, according to Wade Alcorn, NGSSoftware general manager Australasia, the scammer doesn't need to break the encryption for a relay attack to work. In a relay attack, a fake reader is put in proximity to a real card, and a fake card is put in proximity to a real reader.
"The [legitimate] reader and the [legitimate] card are tricked into thinking they are in close proximity," Alcorn said.
I'd consider buying one based upon their cost and availability.
Wade Alcorn, NGSSoftware general manager Australasia
Gerhard Hancke from Cambridge University carried out a project (PDF link) that showed how such an attack could be carried out successfully.
The attack plays on the fact that a card and reader generally confirm that they have a secret shared key to authenticate a transaction, after which all communications are encrypted, according to Hancke. The payment institutions assume that even if authentication is breached, the attacker wouldn't have access to the secret key and any data received would be protected.
However, with the relay attack, the fake reader can relay information via the fake card to the real reader which will make the real reader think it is close to an actual card. It doesn't matter that the attacker can't read the information flowing between the two, in essence he has access to the card and is able to make a payment using it at the real reader.
The condition for this sort of attack is, according to Alcorn, that the attack occurs in real-time.
Commonwealth Bank's Bayer-Rosmarin said that even if a hacker was able to sidestep the encryption, the rogue reader would have to be within four centimetres of a customer's card for the reader to be able to access the card. For National Australia Bank it was five centimetres. The card also needed to be correctly oriented, the NAB spokesperson said.
Hancke's investigation showed that although the nominal range of the contactless cards that the project looked at was 10 centimetres, the range was actually dependent on factors such as the transmitted power and the antenna diameter of the rogue scanner.
"An attacker should therefore have no problem in increasing the operating range of contactless cards," Hancke said. Hancke and his group successfully executed a relay attack up to a distance of 50 metres.
Commonwealth Bank and National Australia Bank said that even if the encryption and proximity difficulties were overcome by a fraudster, the bank covered its customers against attacks which breached their defences.
Commonwealth Bank pointed out that, in any case, the cards were only allowed to make transactions of up to $100, although any number of those could potentially be made in a day as there was no limit. The small scale of the payments that were able to be made has made it unlikely that the card would become a victim of criminals, according to Bayer-Rosmarin. In other countries that had introduced the technology, she said fraud levels had been low. She considered there to be a much higher risk of someone taking down the details of a customer's credit card in a restaurant.
Despite Bayer-Rosmarin's belief that it was useless to use protective wallets out of fear for being defrauded, she admitted that some people would do it anyway. She didn't know if they would work, as the bank hadn't tested them.
Hancke said in his report that companies like banks could look to checking delays due to the distance between readers and the real card to protect against a relay scam. He also said that enclosing a card in a Faraday cage consisting of metal or foil could prevent access, although it would need to be extracted for use which would provide a window of opportunity for attackers.
Alcorn said that blocking wallets available on the market weren't perfect. "They try to be Faraday cages and they're not," he said, although he admitted that they did inhibit the RFID, making it more difficult for criminals as they would have to spend more money on expensive equipment to get access to the card.
"I'd consider buying one based upon their cost and availability," he said.
Of course, if the card was stolen, the attack would not be necessary at all, as the person who had stolen it would not have to provide a PIN or signature to make payments. Bayer-Rosmarin believed people would cancel their cards in such an event, and that the low transaction value would provide little incentive for thieves.
Intelligent Business Research Services analyst James Turner said that current cards use two factors, something you have and either something you know (a PIN) or something you are (your handwritten signature). With a contactless smart card, it's brought back to one factor authentication — something you have.
"This is a classic example where the organisation has done the maths and considers that the risk is worth lowering security. The dilemma is obvious, the easier you make a transaction for a consumer, the easier it is for the transaction process to be abused. Even disregarding rogue readers or dodgy merchants, there will also be excellent social engineering opportunities for the criminally inclined," Turner said.