The Dutch news agency 'ANP' reported that on the April the 27th three suspects of card-fraud had their first hearing in court. Several media publicized the news (in Dutch). The suspects are part of an international operating group of criminals and the investigations spread over several European countries.
One detail of the news caught my attention: the skimming was done by replacing the card-readers used for two-factor authentication at internet banking. The catch: these readers can't read the magnetic strip of the card at all, they only talk to the chip on the card. And exactly this chip is introduced to make skimming impossible. So I decided to dig a bit deeper in this case.
Lets start with a bit background: originally the European payment cards all had only only a magnetic strip, just like the cards in the USA today. To be able to offer extra services, the payment companies and banks decided to introduce chips on their cards. Last years, to stop the fast rise of skimming, payment cards the European payment companies and banks have decided to speed-up the introduction of the chips, because the chip should provide better protection against skimming.
An other use of the chip on the banking cards is two-factor authentication for internet banking. The two-factor authentication for internet banking is done by placing the card a special reader. This reader has two modes of operating: identifying and signing. For identifying, the PIN entered on the keypad of the reader is passed to the card. If the PIN is valid the card returns an one-time-password to the reader, that displays it on its screen. Signing is done quite similar except that after entering the PIN you also need to enter one or more numbers given by your bank. One of them can be the amount of the transaction. This way, even when the computer you are banking from is compromised, you can notice it when you do your on-line banking.
To understand what the criminals did, a final piece of background information is needed: many banks in the Netherlands have in their offices terminals where customers can log in to their internet banking account. This is a service for customers who can not or do not want to do their internet banking at home. Beside each terminal there is a card-reader to do the authentication.
So what did the criminals do? They simply switched the card-readers in the bank-office for compromised readers. After some time they returned to read out the data collected from the chips and the PINs entered in the reader. That data was used to steal money from the customers accounts. So far the facts that have been confirmed by both the prosecutor and the ABN-Amro bank.
The impact of this theft for the security of internet banking and the use of the chip is quite dramatic:
- There are such things as 'compromised readers' and they are used by criminals. Because the reader is an essential step in creating safety while internet banking, you should guard your reader like you would guard your payment card.
- You can't trust the facilities in offices of your bank any more. Doing your internet banking in the office of your bank is just as insecure, or even maybe more insecure, than doing it in an internet cafe.
- And last but not least, the chip cards, widely presented as solution for skimming, apparently is not that resilient against skimming after all. It can be skimmed about as easy as the old magnetic strip.
That last point needs some more investigation: how is it possible that a chip that is designed to cryptographically guard its secrets, reveals its secrets so easily? I asked the ABN-Amro bank, the one who's cards were skimmed, for details on this incident but they refused to give any comments on this incident except that 'the e.dentifier' (the name they gave their card-reader) is still safe – a statement proven to be false by this incident. So I have to make an educated guess. One possible answer comes from the the security research group of the computer laboratory at the university of Cambridge (UK). Their weblog lightbluetouchpaper.org contains a wealth of information on the security of payment cards. This posting and this paper (pdf) seems to deal with exactly this attack: They describe a possibility to skim the type of chip that is used by the ABN-Amro bank: EMV for payments and EMV-CAP for internet banking (see note 1). Before all the cryptography kicks in, the card sends some identification numbers. If the identification number send by the chip is the same as the one used on the magnetic strip, then that number can be used to counterfeit the magnetic strip. Such a copied card can be used in any ATM that doesn't support the chip, for example any ATM in the USA. On many newer cards these two numbers are different, but it is unknown how many cards are in use where these numbers are the same. And if they are the same, skimming the card is easy.
So what really happened is open to speculation. But there are three ways the criminals could get to the money:
- By using the magnetic strip. In this case the chip revealed enough information to counterfeit the magnetic strip. To make this possible, the ABM-Amro has used the same identification number for both the chip and the magnetic strip.
- By using internet banking. In this case the chip revealed enough information to reproduce the challenge and response for the internet banking. That would mean the EMV-CAP protocol used by the chip for internet banking is big time broken.
- By using the chip. In this case the criminals managed to counterfeit an EMV-chip. That would mean that the whole EMV-protocol is even bigger time broken.
I go for the first one. That one is the most probable because this weakness is documented and it is known more banks have made the same error. It is 'just a little' screw-up by ABN-Amro.
But what really annoys me in the whole case, is lack of information from ABN-Amro (and other banks in similar cases). As customer, I want to be able to asses the risks connected to modern payment systems. I want to know when my card is extra vulnerable, I want to know what situations to avoid. I asked them, beside a lot of other questions, to confirm my suspicion and I asked them what cards are vulnerable, but they refused to give any comments. I had to find out from the newspaper that this all took place months ago and it is unknown if there are more cases of skimming the chip. Banking is all about trust, but there is little to trust like this.
note 1
ABN-Amro made the transition from a card reader produced by the Belgic firm Vasco to a new card reader, produced by the Swedish firm Todos. I couldn't get any confirmation yet which card reader, the old one from Vasco or the new one from Todos was compromised. In this press release (which tries to counter the paper 'Optimized to Fail' but doesn't address the problem I describe) Todos reveals the new card reader uses the EMV-CAP protocol. It is almost certain the old reader by Vasco uses the same protocol, the ABN-Amro cards can be used for example also in the reader of the Rabobank. Also note that the ABN-Amro originally didn't use the signing-function to authorize transactions, but the one-time-password function. This was against the guidelines of Vasco and opened the road for the 'banking in silence' trojan. See this blog from me in (in Dutch).
History
4 May 2010: original release
5 May 2010: added the confirmation of the use of EMV-CAP and the note about the different versions of the card reader