Carder
Professional
- Messages
- 2,619
- Reaction score
- 1,932
- Points
- 113
The content of the article
CARD NUMBER
Historically, payment by card number is the oldest. Previously, there was nothing on the cards except this number. The number was "embossed" - squeezed out on the map. When paying, the card was "rolled" on a special device, which allowed the seller to quickly enter the number into the ancient replacement of the database, that is, to print it on a sheet of paper.
At the end of the working day or week, this data was collected and transmitted to the acquiring bank. Then the bank sent requests to write off this money from cardholders through issuing banks. It was so long ago that few people know where the three-digit payment verification code written on the back of the card came from, the so-called CVV2 / CVC2. Information has reached us that this code was used rather as a checksum, necessary so that the cardholder did not make a mistake and correctly entered all the information when paying. Sounds like the truth when you consider how short this code is.
Now the physical card may not participate at all in the payment. This is called a card not present and is most often used when paying online. If the card number is entered when paying in a payment terminal, which is typical for hotels, businesses doing business by telephone, as well as for most terminals in the United States, this subtype of payments is called PAN Key Entry.
Many people still believe that the Cardholder name field on the front of the card must be entered correctly and that it is checked. This is not the case - no bank checks this field.
MAGNETIC STRIPE
Magnetic stripe operations are one of the simplest methods. People associate it with certain types of fraud. Skimming at ATMs, double withdrawals at restaurants - all this is possible due to the disadvantages of the magnetic strip. The magnetic stripe is easy to copy - all you need is a dedicated magnetic stripe reader / encoder. Further, the cloned magnetic stripe is enough to pay in most supermarkets in the world. To verify the cardholder, it was supposed to use the signature on the check, which the cashier must verify with the signature on the back of the card.
In the picture above, you can see an example of the information recorded on the card. Black bars are ones, white bars are zeros. There are open source solutions for decoding this data - for example, magstripe.
In fact, you can see from the image that the card has not one, but two magnetic stripes of different densities (Track1 and Track2). What data does the magnetic stripe contain?
CHIP / EMV
The magnetic stripe was replaced in the nineties by smart cards, which were popularized by the EMV consortium (Europay, MasterCard, Visa). The consortium's idea was simple: using smart card features, symmetric cryptography and public key cryptography, solve all the problems associated with magnetic stripe. Smart card transactions provide three levels of protection:
Card authentication
The card is authenticated using RSA public key cryptography. The current minimum key length requirement is 1024 bits. A limited number of CAs issue keys for banks, and banks already bind them to the cards themselves. The private key is stored on the smart card itself in a non-readable area. Root certificates are installed on the terminal when it is configured. During the transaction, the card provides the public keys to the payment terminal along with information encrypted with the private key in digital signature mode. If the public key is trusted and the information transmitted by the card is successfully decrypted with this key, then the terminal considers the card to be authentic, issued by the bank that signed the private key,
There are three modes of card authentication in total:
The next method relied on dynamic data coming from the terminal. The terminal generates a field UN - Unique Number, which is signed with the private key of the card. The entropy of this field is 2 32, which is enough to defend against the first attack.
However, in 2009, researchers at the University of Cambridge presented a paper describing the so-called PIN OK attack (PDF). A special device located between the card and the terminal made a man-in-the-middle attack and changed one of the fields that the card was sending. This substitution could not be detected on the terminal using the methods described above. To protect against such attacks, the EMV consortium provided a new defense mechanism, the CDA scheme, even before the discovery of the researchers. During it, the terminal can check the integrity of most of the fields that the card transmits and that participate in a phase called "risk management".
Offline authentication was created primarily to protect offline payments when the terminal is not constantly connected to the Internet. That is why, if the result of the DDA or CDA modes does not end with success, in modern terminals connected to the Internet, this will not lead to a failure of the transaction in 99% of cases, since the issuing bank authorizes it using a cryptogram, as described below. However, some payment systems recommend paying attention to persistent unsuccessful authentications, especially if they occur in different terminals.
Payer verification
There are two main ways to verify the payer: PIN-code and signature. In fact, there are a little more of them - the PIN-code can be checked offline (on the card itself) and online. It can be encrypted (using a 3DES symmetric key) or transmitted in cleartext.
Another possible way to verify NoCVM - that is, no verification. A good example of such operations is those that do not exceed the limits of 3000 rubles and do not require a PIN-code. They are sometimes called Tap & Go.
Another method, which depending on the payment system is called CDCVM or On-Device CVM, makes it possible to verify the cardholder on the mobile phone. As you might have guessed, it is used by Google Pay and Apple Pay.
Transaction authorization
To authorize a transaction, smart cards create a payment cryptogram. The card sends a list of fields to the terminal - their set depends on the cryptogram version and card settings. As a rule, these are the transaction amount, currency, date and other terminal settings important for the stage of risk management. Further, the card supplements these fields with its own internal fields: the counter of operations, the version of the cryptogram.
The resulting string is encrypted using the 3DES secret key recorded on the card in the digital signature mode and transmitted to the bank along with all the signed information. The issuing bank uses a hardware security module (HSM) that contains a copy of the card's symmetric key in a read-protected memory area.
HSM also digitally signs data from the payment terminal. If he receives the same cryptogram, then the transaction will be considered authorized. This means that no one changed these operations during their transfer from the card to the issuing bank. At the same stage, the PIN-code of the card is deciphered and verified, if the online PIN-verification is used.
Note that all three of these functions only work well together. For verification to work correctly, it must be controlled using authentication. If there is no authorization, the whole transaction becomes high-risk, and so on.
CONTACTLESS PAYMENTS
Contactless payments have been gaining popularity since the mid-2010s. Banks and payment systems are promoting them as a fast and convenient way to pay. This is understandable - the more people pay with cards, the more you can earn on commissions! With the development of technology, security must also be developed, but this is far from always the case. And contactless payments are just an example of unsuccessful ones.
When contactless payments were created, chip cards were not yet particularly widespread in the United States, so Visa and MasterCard envisioned an intermediate step when new contactless cards could be used to pay with old, outdated payment terminals that do not support modern cryptography. This step is called Legacy modes, which are much less secure than EMV payments and modern forms of contactless payments.
Legacy modes are more like operations with a magnetic stripe in terms of the degree of protection, only they are carried out via NFC. Despite the fact that these regimes were supposed to be used only in a few countries, and after a while they would be canceled altogether, in 2020 we meet them everywhere - including in Russia, where even the magnetic stripe is prohibited.
A separate problem is how payment systems approached the implementation of contactless payments. Instead of coming up with something new, Visa and MasterCard decided to use EMV here as well, but each did it differently, so de jure they ceased to be part of the EMV standard.
INFO
What follows from this:
At the same time, MasterCard took a diametrically opposite decision - they recognized that offline authentication is also important for those cards that support the most secure CDA authentication scheme, and made it mandatory. In the EMV specification, if the CDA communication does not succeed, the terminal can still send a cryptogram for online authorization. Whereas for contactless MasterCard payments, a failed CDA authentication always leads to a canceled payment. The difference in transaction times is not significant, but this remains a decisive factor for Visa.
CONCLUSIONS
Now that you know how electronic and contactless payments work, you are ready to talk about the vulnerabilities in these schemes. We will discuss this in the following articles, and at the same time we will analyze the most high-profile cases of fraud.
(c) https://xakep.ru/2021/01/28/credit-cards-history/
- Card number
- Magnetic stripe
- Chip / EMV
- Card authentication
- Payer verification
- Transaction authorization
- Contactless payments
- Conclusions
CARD NUMBER
Historically, payment by card number is the oldest. Previously, there was nothing on the cards except this number. The number was "embossed" - squeezed out on the map. When paying, the card was "rolled" on a special device, which allowed the seller to quickly enter the number into the ancient replacement of the database, that is, to print it on a sheet of paper.
At the end of the working day or week, this data was collected and transmitted to the acquiring bank. Then the bank sent requests to write off this money from cardholders through issuing banks. It was so long ago that few people know where the three-digit payment verification code written on the back of the card came from, the so-called CVV2 / CVC2. Information has reached us that this code was used rather as a checksum, necessary so that the cardholder did not make a mistake and correctly entered all the information when paying. Sounds like the truth when you consider how short this code is.
Now the physical card may not participate at all in the payment. This is called a card not present and is most often used when paying online. If the card number is entered when paying in a payment terminal, which is typical for hotels, businesses doing business by telephone, as well as for most terminals in the United States, this subtype of payments is called PAN Key Entry.
Many people still believe that the Cardholder name field on the front of the card must be entered correctly and that it is checked. This is not the case - no bank checks this field.
MAGNETIC STRIPE
Magnetic stripe operations are one of the simplest methods. People associate it with certain types of fraud. Skimming at ATMs, double withdrawals at restaurants - all this is possible due to the disadvantages of the magnetic strip. The magnetic stripe is easy to copy - all you need is a dedicated magnetic stripe reader / encoder. Further, the cloned magnetic stripe is enough to pay in most supermarkets in the world. To verify the cardholder, it was supposed to use the signature on the check, which the cashier must verify with the signature on the back of the card.
In the picture above, you can see an example of the information recorded on the card. Black bars are ones, white bars are zeros. There are open source solutions for decoding this data - for example, magstripe.
In fact, you can see from the image that the card has not one, but two magnetic stripes of different densities (Track1 and Track2). What data does the magnetic stripe contain?
- Card number, expiration date, cardholder's name - whatever is physically printed on the face of the card.
- Service code - three digits that help the device interacting with the card (terminal or ATM) to understand what functions the card has and what does not. Can this card be used at an ATM, is the card equipped with a chip.
- Verification code (CVV, CVC, CID - terminology depends on the payment system) - a code similar to the one written on the back of the card. It is calculated using the cryptographic check-sum algorithm (MDK MAC) using a 128-bit key from the information recorded on the magnetic stripe. Using a calculated CVV instead of a random one helps against attacks when, for example, an attacker replaces the service code and tries to convince the payment terminal that the card is not equipped with a chip. The issuing bank will receive the magnetic stripe data, verify it, and the checksum will not converge with the transmitted value in the CVV field. Verifications take place in a secure key store - the so-called HSM (hardware secure module).
CHIP / EMV
The magnetic stripe was replaced in the nineties by smart cards, which were popularized by the EMV consortium (Europay, MasterCard, Visa). The consortium's idea was simple: using smart card features, symmetric cryptography and public key cryptography, solve all the problems associated with magnetic stripe. Smart card transactions provide three levels of protection:
- Card authentication. Verification by the payment terminal that the card is genuine and really was issued by bank N, and was not created by hackers at home.
- Payer verification. Verification that this card belongs to the customer standing in front of the payment terminal.
- Transaction authorization. There is a long way from the card to the issuing bank. The bank must make sure that these transactions have not been tampered with anywhere. That the amount has remained unchanged, that the date of the transaction is correct, that this transaction is unique, and has not already been completed in the last month.
Card authentication
The card is authenticated using RSA public key cryptography. The current minimum key length requirement is 1024 bits. A limited number of CAs issue keys for banks, and banks already bind them to the cards themselves. The private key is stored on the smart card itself in a non-readable area. Root certificates are installed on the terminal when it is configured. During the transaction, the card provides the public keys to the payment terminal along with information encrypted with the private key in digital signature mode. If the public key is trusted and the information transmitted by the card is successfully decrypted with this key, then the terminal considers the card to be authentic, issued by the bank that signed the private key,
There are three modes of card authentication in total:
- SDA - static data authentication;
- DDA - dynamic data authentication;
- CDA - combined dynamic data authentication.
The next method relied on dynamic data coming from the terminal. The terminal generates a field UN - Unique Number, which is signed with the private key of the card. The entropy of this field is 2 32, which is enough to defend against the first attack.
However, in 2009, researchers at the University of Cambridge presented a paper describing the so-called PIN OK attack (PDF). A special device located between the card and the terminal made a man-in-the-middle attack and changed one of the fields that the card was sending. This substitution could not be detected on the terminal using the methods described above. To protect against such attacks, the EMV consortium provided a new defense mechanism, the CDA scheme, even before the discovery of the researchers. During it, the terminal can check the integrity of most of the fields that the card transmits and that participate in a phase called "risk management".
Offline authentication was created primarily to protect offline payments when the terminal is not constantly connected to the Internet. That is why, if the result of the DDA or CDA modes does not end with success, in modern terminals connected to the Internet, this will not lead to a failure of the transaction in 99% of cases, since the issuing bank authorizes it using a cryptogram, as described below. However, some payment systems recommend paying attention to persistent unsuccessful authentications, especially if they occur in different terminals.
Payer verification
There are two main ways to verify the payer: PIN-code and signature. In fact, there are a little more of them - the PIN-code can be checked offline (on the card itself) and online. It can be encrypted (using a 3DES symmetric key) or transmitted in cleartext.
Another possible way to verify NoCVM - that is, no verification. A good example of such operations is those that do not exceed the limits of 3000 rubles and do not require a PIN-code. They are sometimes called Tap & Go.
Another method, which depending on the payment system is called CDCVM or On-Device CVM, makes it possible to verify the cardholder on the mobile phone. As you might have guessed, it is used by Google Pay and Apple Pay.
Transaction authorization
To authorize a transaction, smart cards create a payment cryptogram. The card sends a list of fields to the terminal - their set depends on the cryptogram version and card settings. As a rule, these are the transaction amount, currency, date and other terminal settings important for the stage of risk management. Further, the card supplements these fields with its own internal fields: the counter of operations, the version of the cryptogram.
The resulting string is encrypted using the 3DES secret key recorded on the card in the digital signature mode and transmitted to the bank along with all the signed information. The issuing bank uses a hardware security module (HSM) that contains a copy of the card's symmetric key in a read-protected memory area.
HSM also digitally signs data from the payment terminal. If he receives the same cryptogram, then the transaction will be considered authorized. This means that no one changed these operations during their transfer from the card to the issuing bank. At the same stage, the PIN-code of the card is deciphered and verified, if the online PIN-verification is used.
Note that all three of these functions only work well together. For verification to work correctly, it must be controlled using authentication. If there is no authorization, the whole transaction becomes high-risk, and so on.
CONTACTLESS PAYMENTS
Contactless payments have been gaining popularity since the mid-2010s. Banks and payment systems are promoting them as a fast and convenient way to pay. This is understandable - the more people pay with cards, the more you can earn on commissions! With the development of technology, security must also be developed, but this is far from always the case. And contactless payments are just an example of unsuccessful ones.
When contactless payments were created, chip cards were not yet particularly widespread in the United States, so Visa and MasterCard envisioned an intermediate step when new contactless cards could be used to pay with old, outdated payment terminals that do not support modern cryptography. This step is called Legacy modes, which are much less secure than EMV payments and modern forms of contactless payments.
Legacy modes are more like operations with a magnetic stripe in terms of the degree of protection, only they are carried out via NFC. Despite the fact that these regimes were supposed to be used only in a few countries, and after a while they would be canceled altogether, in 2020 we meet them everywhere - including in Russia, where even the magnetic stripe is prohibited.
A separate problem is how payment systems approached the implementation of contactless payments. Instead of coming up with something new, Visa and MasterCard decided to use EMV here as well, but each did it differently, so de jure they ceased to be part of the EMV standard.
INFO
What follows from this:
- First, the protection mechanisms and their problems described in the early 2000s have survived. In most cards, even the cryptographic keys used for EMV and NFC cryptograms are the same.
- Secondly, the EMV association could no longer influence how the payment process would be structured.
At the same time, MasterCard took a diametrically opposite decision - they recognized that offline authentication is also important for those cards that support the most secure CDA authentication scheme, and made it mandatory. In the EMV specification, if the CDA communication does not succeed, the terminal can still send a cryptogram for online authorization. Whereas for contactless MasterCard payments, a failed CDA authentication always leads to a canceled payment. The difference in transaction times is not significant, but this remains a decisive factor for Visa.
CONCLUSIONS
Now that you know how electronic and contactless payments work, you are ready to talk about the vulnerabilities in these schemes. We will discuss this in the following articles, and at the same time we will analyze the most high-profile cases of fraud.
(c) https://xakep.ru/2021/01/28/credit-cards-history/
Last edited by a moderator:
