It's time to fix Banking security from the ground up

It's time to fix Banking security from the ground up

Summary: The fundamental problem with Banking security for both ATM and credit cards is that it's still using shared secret keys in the first place and not whether retailers are doing a good enough job keeping the secret keys secret or not. When you use a Smartcard (or any kind of cryptographic token), it never divulges its secret keys in the first place.

SHARE:
TOPICS: Security
90

In recent news on a massive compromise on ATM debit cards and secret pin numbers, the real problem with banking security has been largely overlooked.  All the attention is on the ineffective rules and regulations pertaining to PIN storage procedures but that isn't root cause of our banking woes.  Security Certification standards like PCI are mostly a bureaucratic exercise that are slim on security standards and fat in process.  In a discussion on our TechRepublic forums, many of our readers expressed anger at the retailers who were careless about the ATM card PIN secrets, but I see this as a more fundamental issue.  The fundamental problem with Banking security for both ATM and credit cards is that it's still using shared secret keys in the first place and not whether retailers are doing a good enough job keeping the secret keys secret or not.

PKC (Public Key Cryptography) - which uses Public and Private Keys - is the strongest and most practical cryptographic authentication ever invented.  PKC has been around for three decades and Smartcards are essentially cryptographic tokens that implement PKC by securely storing and processing Public and Private Keys.  European nations have already adopted Smartcard technology on a wide scale.  When you use a Smartcard (or any kind of cryptographic token), it never divulges its secret keys in the first place.  Had the banking industry standardized on Smartcards, there would be no opportunity for retailers to compromise ATM cards and secret PIN numbers in the first place.

Even if you walked up to a fake ATM machine set up for the purpose of stealing ATM cards and PIN numbers, the Smartcard would not be compromised.  The only way to compromise a Smartcard is to physically steal it, but that would alert the owner of the card that it's missing.  That whould immediately prompt the owner of the card to report the loss and the Bank would immediately issue a certificate revocation making the stolen Smartcard worthless.  The way ATM security is now, the only way to know something is wrong when you find out someone has cashed out your entire Bank account.

Having a simple numeric PIN pad on the Smartcard would strengthen security further.  If such a Smartcard is stolen, the thief would have to know the PIN to use the Smartcard.  Having the PIN on the Smartcard itself instead of some external PIN verification mechanism would also protect a user's PIN against sloppy retailers since the PIN would never actually leave or be used outside of the Smartcard.  All the PIN does is activate the Smartcard and it's no one else's business what your secret PIN is, not even your Banks.  Another option is use a biometric finger print reader to ensure that only the owner of the Smartcard can use it, but this is usually a lot more expensive and reliability of finger print readers come in to question.  (Note that this is actually the proper use of Biometrics since a Biometric is essentially a really long constant secret that's hard to replicate.  Biometrics by themselves should never be though of as an elixir of security.)

The other huge benefit of using Smartcards is that it would be possible to consolidate all of your ATM and Credit cards in to a single Smartcard or some other standardized cryptographic token.  A cryptographic token can store multiple profiles and credentials of numerous entities making it ideal for consolidating multiple authentication tokens.  I raised this possibility last year in my blog "Why stop with single sign-on, why not universal sign-on".  Why in age of the Internet we should still be carrying a separate electronic car key, building badge, VPN token, 10 different ATM and Credit cards, and Driver's license most of which use weak authentication is beyond me.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

90 comments
Log in or register to join the discussion
  • Live without ATM / CA$H

    Some insist that they can't live without ATM.

    I for one avoid both debit cards and ATMs like the plague.

    Something about it that bothers me.

    I'll stick with budgeting how much cash to carry and go to the bank teller to do my transactions, thank you. It's un unbeatable system.

    The teller and bank officers know me, but, the ATM, well, fast, efficient maybe, but problematic as you've pointed out.

    Besides, how many folks are getting lopped over the head paying a usurious ATM fee to get to their own money!!? Geesh. Is it me?

    I guess I am old-fashioned.

    Ok. I feel better. Thanks George.
    D T Schmitz
    • Not the point of the blog

      The point is a secure alternative in smartcards exists and it's not being used.
      george_ou
      • Oh Sure

        Sure. But, the question is *why*?

        That by itself is enough to worry me about not only about ATMs but forms of internet-base electronic bank transactions--WHICH by the way I don't use either!!

        I'll do my banking face-to-face with a [i]real[/i] human being--besides it gives them a job!

        Oh, Thank You George for the article. :)
        Ok, go out on the town!
        D T Schmitz
        • Cards (physical) = State of the Ark

          I heard the British are studying implementation of ID cards. Is this "state of the art"? Well, I think they've been done before, they've been forged lots, easily. They tie the majority ordinary folks down to carrying something they almost never need to use, and the crooks aren't effected, as they have forged cards. So it's a loss to the majority. A huge government departmental waste for no reason, when the funds could be spent on real security.
          In this day and age, anything that makes you carry anything is going to be instantly "state of the ark". The world is an should be moving away from the need to carry ID, licence, credit Card, ATM, etc, etc. Why waste the time developing a "state of the ark" system?
          zdnet reader
          • So what's your proposal?

            "The world is an should be moving away from the need to carry ID, licence, credit Card, ATM, etc, etc. Why waste the time developing a "state of the ark" system?"

            What's your proposal? Anarchy? We should just go by the honor system?
            george_ou
          • Obvious, read your own article!

            Here you go.
            Your article was titled "fix from the ground up".
            You mentioned "biometrics".

            Ok, you can spend a gazillion units of cash to create systems/hardware/top 100 corporations that would look after the new security you are thinking about.
            Where does that take you. Gazillions of units down an outdated path. It would all be waste.

            Your article mentioned Biometrics (or you could use something similar). You even know about it, therefore it's right round the corner (half of the things you don't know about are coming round the corner in less than a year).

            Put just a few of the Gazillions into developing the Biometrics a little more - focus on the future - and it will be here. A whole lot less waste, monetary, environmental, etc, etc. It's where it's at.
            zdnet reader
          • Biometrics are not an elixir!

            I said Biometrics was one auxiliary method as a second factor for activating the smartcard, but not the primary factor let alone standalone method of authentication. Biometrics is just a really long secret that's not so secret since you practically leave it everywhere you touch. Biometrics are just harder to reproduce and that's about it. It offers ZERO ability to do public key crypto in and of itself. I mentioned biometrics as an alternative to the pin pad but I don?t favor them.

            Like I said in the blog, Biometrics are not an elixir.
            george_ou
          • id cards

            we are past our government looking into them and are now having them pushed on us. blair has spent years telling us they will combat terrorism, which they won't, yet he never explained how.

            this is, however, slightly different and also has a good use (replacement of credit cards) and i would like to see this implemented. nice article george.
            Scott W
          • Thanks

            In the states here, we already have an unofficial national ID in the form of the easily spoofable driver?s license which some states even see fit to distribute to illegal aliens and terrorists. We have a national ID one way or another; I just want one that someone can't steal my identity with.

            I'm not a fan of the RFID passport solutions since they're not securely implemented. I would much rather the government let me carry my own digitally signed file that where I can decide how I want to carry it. Heck, I should even be able to hand it to the airport with a $10 USB memory stick if I wanted to. All it would store is my ID and Photo which is digitally signed by the Government so that it can't be forged.
            george_ou
    • While it is possible..

      until recently, it was not very practicle for me. My bank has just extended their hours so that I could, theoretically, get to them to get cash and not use the ATM. And most banks only charge you an ATM fee when you use another bank's ATM.

      Although, after fighting it for years, I have come to love my debit card. No running to the ATM, no do I have enough cash on me, just swipe and go.
      Patrick Jones
    • Funny

      It costs me $1.40 to see a teller to take out cash or I can do it for free at the ATM. Which would you choose?

      The only time you get dinged for using an ATM is when it's not your bank. Then there are those private ATMs that charge you as well on top of the bank service charge.
      voska
  • Potential answer

    For "Why in age of the Internet we should still be carrying a separate..."

    Fighting Fat-Wallet Syndrome
    Wired commentary by Bruce Schneier
    http://www.wired.com/news/technology/0,70167-0.html
    prelog
    • Bruce is strange, he is against smartcards

      Mostly because he fears it will enable DRM. He goes out of his way to spread FUD about Smartcard authentication.

      My point is NOT a single ID and a single authority. My point is that we need a single STORAGE system of multiple strong digital IDs where everyone from the bank to the government can issue their own certificates using their own trust infrastructure. This would allow us to carry one, maybe two or more devices like a car key or cell phone to handle this sort of security for us. If any one is lost, the PIN on the card or phone will buy us time to revoke the device and get a new one.
      george_ou
      • The point he made was BRANDING is the answer

        Nobody wants to part with wallet advertising. Your wallet real estate. Never mind that it would enable all kinds of different, efficient, friction-free commerce.

        Wehn will knuckleheads in charge see that there are bigger business models than the ones they're used to? Or is it a case of bird in the hand vs two in the bush?
        ordaj@...
      • In agreement with ordaj

        I assume you must be refering to his writing elsewhere, because the article I linked to was definitely FUD free. Regardless of how you feel about Mr. Schneier personally (as you pointed out in another reply), it's a well argued piece.

        In fact, I posted the link as a direct answer to your last muse, as he puts it in his commentary : "Any technologist who looks at the pile would reasonably ask: why all those cards?" He argues that businesses 'want to be in control of their own cards', they worry about reliability and, most importantly he concludes, in their world, branding is king.
        prelog
        • He makes all the wrong arguments

          Those arguments are legitimate, but it's on the wrong side. Who cares what the bankers want? I care about what the people want. People want convenience, and they want to be safe. Bruce simply reinforces all of the bad stereotypes.

          This particular piece was a subtle assult on smartcards and he basically declares smartcards dead. In his other articles, he argues that since smartcards aren't perfect, we should stick with the broken password system. When I tried to figure out why he has such a ludicrous stance, I finally figured it out that it was because he was against DRM.

          It's not what I think of Bruce personally, it's what I think of his arguments.
          george_ou
      • From what I see Debit cards on are the way out

        Where I live they are piloting a cell phones that using digital keys to purchase products. You just go to the till and enter your pin into your cell phone and the does the job the debit card used in more secure manner.

        I've heard in Europe that they do this already and you can just walk up to pop maching enter you pin and authorize the purchae then bottle of pop drops out.

        Cell phone companies would love this to be the way to purchase.
        voska
      • Bruce is a heck of alot smarter than you about security...

        ...and perhaps in general. Single storage? I hope you don't mean centralized...but instead standardized. And I hope you see the danger of requiring biometrics along with the card. I'll stick with cash, thanks.
        Techboy_z
        • No doubt Bruce is smart, but

          But Bruce puts politics over strong authentication technology.

          All we're talking about here is strong authentication and nothing else. Bruce knows all about strong authentication, but he fears the DRM monster like the GPL 3 crowd to the point that he will play scorched earth and nuke anything that might be used for DRM.

          Arguing against smartcard technology is like telling people they shouldn?t use HTTPS and SSL and should instead stick with clear text HTTP.
          george_ou
    • schneier

      Schneier is right about why multi-application smart cards have failed in the states, but as contactless cards continue proliferating and the same technology is being applied in PDAs, cell phones, USB dongles, the are will new devices that take the place of cards but provide the same service. Look at Japan and Korea.
      dgbrown