[Clips] Contactless payments and the security challenges
R.A. Hettinga
rah at shipwright.com
Sun Sep 18 11:09:07 EDT 2005
--- begin forwarded text
Delivered-To: clips at philodox.com
Date: Sun, 18 Sep 2005 10:39:58 -0400
To: Philodox Clips List <clips at philodox.com>
From: "R.A. Hettinga" <rah at shipwright.com>
Subject: [Clips] Contactless payments and the security challenges
Reply-To: rah at philodox.com
Sender: clips-bounces at philodox.com
<http://www.nccmembership.co.uk/pooled/articles/BF_WEBART/view.asp?Q=BF_WEBART_171100>
Principia
The Membership Organisation For IT Professionals
A division of the National Computing Centre
Contactless payments and the security challenges
David Birch reports on the latest developments in contactless payment
systems and reviews the associated security implications.
The announcement of schemes such as MasterCard's Paypass, American Express
ExpressPay and Visa's contactless initiatives is a sign that contactless
smart cards are moving out of mass transit (e.g. London's Oyster card) and
into the mass market. Indeed, Datamonitor have forecast that the market for
these 'payment tokens' will grow at 47 per cent per annum over the next
five years [1]. The international payment schemes' interest is obvious. At
a time when it's hard to explain to a consumer why a contact smart card
(such as the 'chip and PIN' payment cards being deployed around the world)
is better than a magnetic stripe card, payment tokens immediately
differentiate themselves by offering a completely different (and
significantly more convenient) consumer experience.
Why? Because the token needs only to be waved close to the terminal. In
many cases, it will work fine while still in a bag or briefcase providing
it is close enough to the terminal. The distance depends on the type of
device used; the type of 'proximity interface' chip being discussed in this
article will work up to a few centimetres from the terminals.
With advances in chip and antenna technology, payment tokens now have
almost identical functionality to contact smart cards, including high
strength cryptographic functions, and can even be in a 'dual interface'
package sporting both contact and contactless interfaces. RFID technology,
while new to consumer payments, has actually been out in the field for some
time. Mass transit was one of the driving sectors. Operators in Hong Kong,
London, Paris, Washington and Taipei, amongst others, already have millions
of tokens in place using the same technology and many other cities are
planning similar schemes. Their switch to RFID based tokens has three main
drivers:
* Lower lifetime cost of ownership - for commercial use, the
initial cost of RFID readers is already price comparable to motorised
contact readers. The elimination of all moving parts, however,
significantly improves reliability and operational reader life reducing the
overall life cycle cost of ownership. The inherent vandal proof properties
are also ideal for unattended vending or payments, delivering overall
improved system availability.
* Faster transaction times - for historical reasons, and because of
their origin in the mass transit sector (which needs high throughput at
gates), the interfaces to RFID chips are many times faster than the
interfaces to chip contact smart cards.
* Flexible form factors - as it operates remotely from the reader,
the physical size and shape of the token is unimportant. Many tokens come
in the traditional bank card form; others have been built into consumer
goods like Swatch watches, pagers or key fobs.
So momentum is building, and even industry observers historically bullish
about using tokens for payment (e.g. the author [2]) have been surprised by
the speed of deployment. The reason might be that while the rational
reasons for choosing tokens for payments (e.g. speed, lifetime cost of
ownership) are good, the irrational reason is even better; they're
interesting, particularly because of the flexible form factor.
Of the various forms factors noted above, two token-carrying devices seem
to stand out; the key fob and the mobile phone. Whether you are waving your
keys at a petrol pump before you fill up your car or in Burger King to pay
for your meal, using the bunch of keys you already have in your hand
instead of getting out your wallet makes this a clear proposition. But we
all have our mobile phones with us all the time as well, and the phone
(unlike the keys) can be used to manage the payment account in various
ways, a synergy that is sure to be exploited.
Nokia have said that they think payment tag technology is better than
Bluetooth or Infra-red for mobile payments [3] and, in Japan, NTT DoCoMo
and Sony have formed a joint venture (FeliCa Networks) to develop a version
of the Sony FeliCa contactless chip for embedding into mobile phones and to
operate the FeliCa platform for m-commerce [4]. For many consumers, this
will be the ultimate in convenience because the phone provides the
communications link for managing the payment account as well as the
physical payment device. The dreams of the mobile payment community will
come true, but not in the way that they thought.
Payment tokens
So how do payment tokens work to deliver the appropriate levels of both
security and privacy? To answer this question, it's necessary to understand
how they work. In the general case, the payment token comprises a
microprocessor with hardware support for cryptographic operation and an RF
interface. There are various standards in this space, but the one most
widely used for payment tokens at present is ISO/IEC 14443.
In a typical retail environment the retailer's point-of-sale (POS)
terminal and the payment token both contain a microprocessor; the
microprocessors communicate using a payment protocol (on top of the ISO
14443 protocol for basic data exchange).
When it is time to pay, the customer brings their tag close to the POS
terminal. The terminal interrogates the card and gets back the serial
number and a cryptogram (a one-time code calculated inside the token). It
feeds these to the acquiring bank, which passes them back to the issuer.
>From the serial number, the issuer knows which account to authorise and
from the cryptogram the issuer knows that the token is valid.
The cryptogram is made up from the serial number and a transaction
counter, encrypted using the token security key. This key is inserted in
the token during manufacturing; it is derived from the serial number and a
bank master key. Once in the token, it is never divulged. This kind of
solution provides:
* Privacy, because the token ID is meaningless to anyone other than
the issuing bank which can map that ID to an actual account or card number;
* Security, because knowing the token ID is insufficient to create
a cloned token. Also, a cloned token would not generate a correct
cryptogram because it would not have the right security key and if the
transaction is replayed the transaction counter will be wrong.
Please note that this is an example given for the purpose of discussion;
it is not meant to represent any of the operational schemes discussed in
this article. The security of this typical example scheme is not absolute.
There is no cardholder verification (i.e. a signature or a PIN), but all
transactions are authorised online, so a lost or stolen card can be blocked
as soon as it is reported (although it has to be said that consumers will
generally notice the loss or their keys or mobile phone pretty quickly).
For this example scheme, it might be useful to add an online PIN only for
transactions above £20 or so.
Next steps
RFID technology continues to evolve. Sony and Philips have been working on
the next generation of standards in this field, known as near-field
communication (NFC). Using NFC, devices can operate in active or passive
modes. In one case, where an active terminal communicates with a passive
token, the situation is just as noted above for RFID. However, when an
active device communicates with another active device, they can swap data
at a couple of hundred Kbits/s over distances of a few centimetres.
NFC is targeted at the mass consumer market; it will be built into
consumer devices of all kinds (e.g. video cameras, games consoles, hi-fi
and so on) and will work without configuration or even consumer awareness.
The idea is to make something that just connects when devices are in close
proximity (or, to put it another way, the act of bringing devices together
is taken to be the consumer statement of intent to interact). One
especially interesting way that NFC might be used is to trigger
communications over other wireless channels by taking care of initial set
up and parameter exchange. You can imagine how useful this might be in
practice; put your DVD player next to your TV and they say hello to each
other using NFC and then trigger a WiMax link to carry video from the DVD
player to the TV. Goodbye cables and goodbye hassle; NFC seems to be a
genuine attempt to get rid of wires once and for all.
With the first trials of NFC devices expected later in the year, Sony,
Nokia and Philips have now formed the NFC Forum to develop and promote the
technology. Why Nokia? Well, one of the most interesting category of
devices capable of carrying an NFC chip (known as Personal Carrier Devices,
or PCDs in the jargon) that could operate in passive or active (i.e.
requiring power) mode are mobile phones [5]. The introduction of active NFC
in the handset accelerates the possibilities for new services well beyond
the passive RFID payment token examples discussed above.
To see this, imagine that your mobile phone has an NFC interface. When
your phone is switched off or the battery is dead, it functions as a
passive RFID carrier and can be used for all of the applications commonly
discussed in this context; it could act as a door key, a membership card
or, indeed, a standard payment token. When the phone is switched on and the
NFC interface is powered, it can communicate with other passive RFID
tokens. So, you might use the phone to trigger WiFi access in a café, or to
act as a merchant point-of-sale (POS) terminal to accept other peoples'
payment tokens.
Given this trend, one of the most interesting medium term developments in
the world of retail electronic payments will the combination of RFID/NFC
technologies and the ubiquitous mobile phones [6]. The addition of the
token to the handset - whether as an integrated component as DoCoMo and EDY
in Japan, or as a clip-on cover as in the Paypass trial in Dallas, or as a
sticker that the consumer chooses to stick on to the phone as with Dexit in
Canada - creates a new kind of 'active' (because it has a communications
channel) payment device. The combination of the local RFID/NFC wireless
interface with the GSM/GPRS/3G connectivity will undoubtedly transform the
retail electronic payments landscape for everyone [7].
The author
David Birch is a director of Consult Hyperion, an IT management
consultancy that specialises in electronic transactions.
(ITadviser, Issue 38, July/August 2005)
References
1. Contactless Cards 'Meet Industry's Needs' in American Banker. (24th Jan.
2003).
2. Birch, D. Contactless Cash in Reach. p. 72-73 (Spring 2003).
3. Why Nokia gives contactless the nod over Infrared and Bluetooth in Card
Technology. p. 34-35 (Jan. 2004).
4. NTT DoCoMo and Sony Team Up on M-Commerce in Card Technology. 8(14): p.
6-8 (Dec. 2003).
5. Birch, D. NFC and Mobile in proc. of Contactless Cards, SMi (London:
Jun. 2004).
6. Birch, D. Chips That Chat in proc. of Wireless World, Digital World
Research Centre (University of Surrey: Jul. 2004).
7. Birch, D. Retail Electronic Payments Security: Trends and Implications
for Mobile in proc. of Mobile Payments, Informa (Brussels: Mar. 2005).
Categories:
Special Feature, IT adviser, Business and IT
--
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
_______________________________________________
Clips mailing list
Clips at philodox.com
http://www.philodox.com/mailman/listinfo/clips
--- end forwarded text
--
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list