Ekr on Schneier on Spafford on Credit Card Fraud

Posted on by

[Eric Rescorla][ekr] wrote a [great synopsis][ekr-auth] of the problems facing merchants, banks and consumers around improving the authentication of client problem as it relates to credit-card transactions. In ekr’s summary, he mentions that there are three broad authentication classes (I won’t repeat them here, but it’s work looking at ekr’s original post).

One thing that he mentions is that :

…The way that all of these systems work is that the server has some verifier V that it stores with my record. I have some secret information S that corresponds to V. When I authenticate, I provide an authenticator A (based on S) which the server checks against V…

S,A, and V are all different.

This is how public key authentication works. You store the private key (S). The server stores the public key (V)) The server provides some challenge which you sign to create A. The server can verify that you know S but can’t use that information to impersonate you to anyone else. (Note for crypto-nerds: the non-password equivalent zero-knowledge password protocols fit roughly into this category as well.)

From a security perspective, public-key type systems are vastly superior. However, their deployment has been spotty at best. The major reason is that it requires changing both the client and the server. In particular, computing A from S is nontrivial and requires software on the client side, which is an obvious deployment hassle. [...] , it’s easy to see how it could be a problem with credit card systems, since the terminals used to authenticate credit cards are extremely primitive and the protocols are difficult to change.

I don’t know about in the States, but here in Canada, most of the major banks (and we don’t have that many, thanks to the Chartered Bank Act), are moving to a smart-card style system that will require a PIN to unlock a client-side private key (on the SIM card-cum-credit-card). The protocol follows exactly the model above — nobody at the bank will ever know S and S is unlocked not by possession of the card, but with some PIN, known only to the client.

This is basically two-factor authentication, something I have (S) and something I know (PIN to unlock S), combined with public-key cryptography to perform a zero-knowledge proof authentication.

Hurrah, it isn’t perfect, but it is a huge step forward. It’s worth noting that this system has been deployed and operating in France for a number of years (it was widely deployed in 2001 and if I recall correctly, 1999).

People will argue that you’ll need to handle the old style cards; true, but you can raise the level of scrutiny on the old (non-SIM) cards as they are phased out. The sooner this transition is put into play, the sooner (and higher) you can raise that bar.

[ekr]: http://www.educatedguesswork.org/ “Eric Rescorla”
[ekr-auth]: http://www.educatedguesswork.org/movabletype/archives/2005/06/password_equiva.html “Password equivalence and identity theft (I)”

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>