[Cryptography] chip+pin, cost-watch - the cost of the Target breach

[John Levine]

>> Ross Anderson has been analyzing chip&pin for years & found that there are
>> just as many problems with chip&pin as with the magstripe cards.
>
>No he really didn't.
>
>Chip and PIN is really difficult to defeat if the legacy magstripe channel
>is disabled. Card present fraud is virtually non existent on chip and pin
>and in particular large scale breaches like Target are not an issue.
>
>If they were, it would be fixable.

As I understand it, the fundamental design is pretty good, but the
implementation can leave a lot to be desired.  The problems are things
like legacy networks kludged together in a way that loses crypto material
on the way from the card terminal to the issuing bank.

The US chip+signature is not as good as chip+pin since there's no to
validate the signature like it can validate the PIN, but c+s prevents
the mag stripe cloning attacks since the terminal doesn't read the mag
stripe.  This works with both the contact cards with visible chips and
the contactless cards that are currently more common in the US.

R's,
John