Smart Card & Identity News Mifare, Oyster and ITSO Cards ... January 2008.pdf · Mifare, Oyster and...

Mifare, Oyster and ITSO Cards Hacked

Card & Identity News • Smart Card & Identity News • Smart Card & Identity News • Smart Card & Identity News • Sm& Identity News • Smart Card & Identity News • Smart Card & Identity News • Smart Card & Identity News • Smart Card

y News • Smart Card & Identity News • Smart Card & Identity News • Smart Card & Identity News • Smart Card & Iden• Smart Card & Identity News • Smart Card & Identity News • Smart Card & Identity News • Smart Card & Identity NewCard & Identity News • Smart Card & Identity News • Smart Card & Identity News • Smart Card & Identity News • Sma

& Identity News • Smart Card & Identity News • Smart Card & Identity News • Smart Card & Identity News • Smart Card

January 2008 Volume 17 • Number 1

Smart Card & Identity News Smart Cards, SIM, Biometrics, NFC and RFID

www.smartcard.co.uk

©2008 Smart Card News Ltd., Worthing, England. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, optical, recording or otherwise, without the prior permission of the publishers.

Continued on page 4….

Mifare: Little Security, Despite Obscurity was the title of the paper given at the 24th Congress of the Chaos Communication Congress that took place in Berlin on the 28th December 2007. Given by Karsten Nohl (University of Virginia) and Henryk Plötz but also involving Starbug from the Chaos Computer Club the presentation gave a first hand account of reverse engineering the Crypto-1 algorithm employed in the Mifare RFID chips. These chips are widely used particularly in the mass transit area such as the London transport Oyster card and the ITSO cards deployed across Scotland. There have been various responses from the main adopters of the technology ranging from ‘it’s an alleged attack’ to it doesn’t really matter because we have other security techniques. Let there be no doubt this is not alleged, it really has happened and although the full details have not been published in the paper it seems clear that the authors know what they are doing. We understand from Karsten Nohl that they have agreed with NXP (nee Philips Semiconductors who bought the original technology from Mikron in 1998) not to publish any further details before March. As Karsten points out they are not in the business of creating a manual for free riding. The original source of their interest was OV Chipcard, the new public transport scheme due to be released in the Netherlands next year and which also uses the Mifare technology. As to the question of it doesn’t matter then you have to immediately ask why you are using a smart card in the first place, here is the latest ITSO press release, Alleged Mifare Crypto "hack"

ITSO is aware of the recently reported alleged hacking of the Mifare® classic security system used in many commercial transport smartcard systems around the world.

14 • Mifare (In)security Update January 2008

11 • Versatile Hardware Security With Cryptographic RF Smartcards

6 • Interview With Remy De Tonnac

5 • Payzone To Target The 'Unbanked' With Pre-paid Card

Smart Card & Identity News Is published monthly by Smart Card News Ltd

Head Office: Smart Card Group, Columbia House, Columbia Drive, Worthing, BN13 3HD, UK. Telephone: +44 (0) 1903 691779 Fax: +44 (0) 1903 692616 Website: www.smartcard.co.uk Email: [email protected] Managing Director – Patsy Everett Subscriptions & Administrator – Lesley Dann Editor –John Owen Contributors to this Issue – Tom Tainton, Remy De Tonnac, Carl-Otto Künnecke, David Everett, Eustace Asanghanwa, Legic Printers – Hastings Printing Company Limited, UK ISSN – 1755-1021 Smart Card News Ltd shall not be liable for inaccuracies in its published text. We would like to make it clear that views expressed in the articles are those of the individual authors and in no way reflect our views on a particular issue. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means – including photocopying – without prior written permission from Smart Card News Ltd.

© Smart Card News Ltd

results with a practical demonstration. I leave the more technical discussions to others which you will find reported in our lead story and also with an update on Mifare security from David Everett which we originally reported in 2004.

So what does all this mean to you and me? Should we stop using our Oyster card or write to the Major of London, Ken Livingstone, to warn him of the dangers? Well we don’t need to stop using our cards because the loser here is the service provider who has the risk of providing the service to hackers for free. This was also my differentiation between a hacker and a researcher, the former sets out to abuse the commercial service upon which the technology is unraveled by the researcher. Clumsy perhaps but one just seems much nicer than the other.

The problem for the user would be if the Mifare card is used as any form of identifier to an account such as an epurse or what have you, then you stand to lose by having the hacker empty your account. It’s a bit like payment cards today, the banks usually try to make you prove that you didn’t use the card rather than them prove you did. That’s not so good in a scenario full of copied or emulated cards.

However significant as this may be, my memory of 2007 is all about data loss. This culminated in the HMRC’s loss of CDs containing the records of 25 million people. It’s a classic example of the failure of government departments to manage people’s privacy a point made by many security experts in their concerns about the National ID register. Worse still concerns have also been raised about the NHS national records service and other large scale public data bases. Just before Xmas we also heard about the Post Office sending out account records to the wrong people.

Stolen laptops were also high on the list of data loss in 2007 and it just seems inconceivable to me that this data is not encrypted. There must be hundreds of commercial products available to protect this sort of data, why isn’t it being used? Encryption of data and smart cards for access control are fundamental security controls yet the organisations you would most expect to be using such techniques are seemingly falling down on the most basic principles.

The banks through Mastercard and Visa have been progressively enhancing the security of cardholder data most recently with the Payment Card Industry (PCI) Data Security Standard (DSS) that must be adopted by all organisations storing or processing card holder data. Is the government really that far behind? Let’s hope that in 2008 we see evidence of a more credible security approach. Patsy.

Our Comments

Dear Subscribers, Well the Xmas holiday season is well and truly over but not without a flurry of activity at the Chaos Communication Congress held in Berlin at the end of December. Researchers Karsten Nohl (University of Virginia), Starbug and Henryk Plötz from the Chaos Computer Club reported their reverse engineering attacks on the Mifare Crypto-1 security algorithm. It looks to be just a matter of time before they prove their

Editorial

Disclaimer

Smart Card & Identity News • January 2008

22

Patsy Everett

Regular Features

Lead Story - Mifare, Oyster and ITSO Cards Hacked …...……………..1

Events Diary …………………………………………………………3 World News In Brief .…………………………………...…………. 4,7

Industry Articles Interview with Remy De Tonnac – CEO of Inside Contactless ……… 6

Growing market for PIN applications ..………………………………. 9 Versatile Hardware Security With Cryptographic RF Smartcards …….. 11 Mifare (In)security Update January 2008….………………………….. 14 LEGIC embeds badge and purse into NFC mobile phones ...………... 17 Buying into Contactless Payment …………………………………….. 19

Contents

January 2008 16-18 Omnicard 2008 - Berlin, Germany 13-15 Intersec Middle East - Dubai, UAE 22-23 Global Payments Strategies - Brussels, Belgium 22-23 Nordic Card Markets - Stockholm, Sweden 29-30 Global RFID ROI 2008 - Munich, Germany 29-30 2nd Annual Card & Payment Developments in CEE - Vienna, Austria February 2008 5-6 Cards & Payments Innovation Summit 2008 - Barcelona, Spain 11-14 GMSA MobileWorld Congress 2008 - Barcelona, Spain

Events Diary


33

Although smart cards of the same type may be used in the ITSO environment, the risk of this kind of attack has been recognised throughout the development of the ITSO environment and ITSO uses an internationally recognised security system which sits over and above the proprietary security algorithm that has reportedly been cracked. Schemes using Customer Media of this type within the ITSO environment can be assured that, even if an individual card can be cracked (and it reportedly took the alleged hackers a week to do so), their transport products in the card still remain secure when the security seal is verified by the ITSO Secure Application Module (ISAM). ITSO, being a multi-platform Specification and environment, also offers its members the opportunity to use other, more secure, alternative Customer Media types, should they be required. Now maybe ITSO has come up with something revolutionary but it seems to us that if you have cracked the crypto algorithm then you are capable of copying, emulating or counterfeiting commercial Mifare cards and their contents without detection by the terminal. In other words you could produce a copy of a card containing perhaps an annual first class rail ticket. No matter what cryptography has been applied to that electronic ticket if it’s not an integral part of an authentic and verifiable smart card instrument then the terminal can’t tell one from another. Of course you may become aware of multiple copies of such a ticket but again it’s not obvious how you can effectively manage that process. Just for the avoidance of doubt neither can you protect against replays but please read an updated version of our original article on Mifare (In)security published in this month’s newsletter. David Everett, Technical Editor.

…. Continued from page 1

News In Brief


44

US Passport Card Criticized By Privacy Advocates Passport cards for Americans who travel to Canada, Mexico, Bermuda and the Caribbean will be equipped with technology that allows information on the card to be read from a distance. The technology was approved Monday by the State Department and privacy advocates were quick to criticize the department for not doing more to protect information on the card, which can be used by U.S. citizens instead of a passport when travelling to other countries in the western hemisphere. The technology would allow the cards to be read from up to 20 feet (6 meters) away. This process only takes one or two seconds, said Ann Barrett, deputy assistant secretary for passport services at the State Department. The card would not have to be physically swiped through a reader, as is the current process with passports. The technology is inherently insecure and poses threats to personal privacy, including identity theft. Ari Schwartz, of the Center for Democracy and Technology, said in a statement. Schwartz said this specific technology, called 'vicinity read', is better suited for tracking inventory, not people. The State Department said privacy protections would

be built into the card. The chip on the card will not contain biographical information, Barrett said. And the card vendor, which has yet to be decided will also provide sleeves for the cards that will prevent them from being read from afar, she said. A 2004 law to strengthen border security called for a passport card that frequent border crossers could use that would be smaller and more convenient than the traditional passport. Currently, officials must swipe travellers' passports through an electronic reader at entry points. The technology change for passport cards was initially proposed in October 2006, and public comments closed on Jan. 7, 2007. The State Department received more than 4,000 comments, and most were about the security of the technology. To relieve a backlog at U.S. passport offices, the Bush administration recently delayed a requirement that Americans present passports when crossing the U.S. border by land or sea. The administration wanted to begin requiring passports or passport cards in mid-2008, but Congress mandates that the rule not go into effect until mid-2009.


55

Payzone To Target The 'Unbanked' With Pre-paid Card A joint venture between the Luxembourg-based Bank Invik and Payzone plc, announced the launch of a new pre-paid debit card, "payzone worldwide money". The new card was being trailed in London and the South East in the run-up to Christmas and will be rolled-out nationwide in Q1 2008. The card is targeted at the estimated 3 million people in the UK that do not have a bank account and who are at increasing risk of being excluded from engaging in an increasingly card-based economy. As banks tighten up on sub-prime lending a record 3.27 million credit card applications were turned down in the UK between April and September last year, and the numbers of the 'unbanked' in the UK have been further swollen by the estimated 1.9 million immigrants now working in the UK, many of whom are from the new EU states such as Poland and Romania and who find it difficult to access traditional banking services. A Mastercard-branded product, the payzone worldwide money card can be loaded with up to £350 in cash per transaction, with no credit checks. The re-usable card will cost £6.99 with loading costs of £4 for up to £100 and £8 for up to the maximum of £350. Egyptian ID Cards Proposed The Egyptian Government has finally decided on issuing two Identity Cards for each of its nations 50 Million applicants. The first card is for Ministry of interior applications such as ID, Driving license, E-passport, etc, while the second Card will be for all the other government services such as Health cards, Family cards, Tax cards, etc. Dr.Ahmad Darwish the Egyptian minister of administrative development and the National ID committee chairman will give a key note speech at Cardex conference during the 25th – 27th May 2008 informing the industry about the details of this mega project which is expected to be the biggest project in the region for many years to come.

Gemalto To Provide Yemen's National Electronic ID System Gemalto, announced that it has been selected to deliver the electronic ID cards solution commissioned by the Ministry of Interior of Yemen for the next national elections. Under the contract, Gemalto will implement the whole solution including enrolment processes, creation of a secure biometric national registry, maintenance, local support, training and integration services, as well as provide the 10 million Smart ID cards that will see Yemen step in the digital security era. The first cards will be delivered to the Yemeni citizens during first half of 2008, and the program will reach completion by 2009 when the population is to vote for the new Parliament. Smart Card Communication To Be Based On HTTP Sagem Orga GmbH and the Software Quality Lab (s-lab) at the University of Paderborn have extended their research cooperation by a further two years following one year of successful project work. Next Generation Java Card is the new specification for Java on Smart Cards from Sun Microsystems GmbH. Among other things, this new standard envisages integration of a Web server and support of servlets. A servlet is an object that dynamically generates responses to queries. Servlets allow dynamic content to be added to a Java-based Web server. The cooperation with s-lab relates to the current issue of servlets on Smart Cards. It builds on the first successfully completed project "Secure and high-performance standard Java implementation on a Smart Card platform", in which the prototype of a Java Virtual Machine for the Next Generation Java Card was implemented. "The card of the future will be Web-enabled, i.e. communication with the card will preferentially be based on HTTP," says Carsten Rust, Project Manager at Sagem Orga. "Development of card applications will thus move closer to Web application development and so be possible for a larger number of developers. We aim to create the conditions for that as part of the project. Basic services on the card can be developed as servlets and so can be integrated simply by application developers in more extensive systems."


66

Tom Tainton SCN

Congratulations on Motorola’s investment, does this signal the progress that Inside Contactless has made in recent years? Thank you very much. I would say absolutely, yes. The interest from global brands is a reflection of our progress, and how far Inside Contactless has come from a small start up to where we are today. We have been in the woods so to speak for many years, and now we are venturing out of the woods. How will the investment benefit your company, and in particular how will this affect the consumer market? The investment is crucial to us in that we have strong assurance that someone is helping us to push NFC. It is a strong indication of our potential, Motorola have backed us and believe in our aims and the technology to we have worked so hard to deliver. Our credibility has been enhanced, a factor that we feel is as important as any financial gain. Of course, it is a strategic investment from their perspective. Motorola will expect a return for the investment, and we are confident we can deliver that. Over the next 2-3 years we aim to have the NFC application within 50% of commercial phones. Is there an expected date that we will see NFC being introduced on a large scale, and in which country do you envisage this being trialled? Everyone in the industry agrees players such as Nokia, Motorola and of course competitors like NXP that 2010 will be the year of mass deployment. In 2009 we are already likely to see over 100 million devices on the market with NFC capabilities. Currently we have successful trials here in France, Orange is utilizing NFC in Bordeaux and of course London has had successful trials with the Oyster card. We believe mass deployment will focus initially on Asia and we are very confident that it is a case of ‘when’ and not ‘if’. Does the US Market interest you as a potential pathway for NFC introduction? Absolutely, but whereas the UK adopts a dual interspace technology with regards to Visa, MasterCard and the London Underground, the US payment system emulates magnetic stripe applications. It is a misconception that Inside Contactless are two separate business units with one kind of chip specific to finance and credit cards, and another specific to applications used by the likes of Nokia and Motorola. We do in fact utilise the same IP block and low power consumption in all our products. We are currently paving the way to deploying the appropriate infrastructure within the US to accept our technology. How will you strive to eradicate any concerns with the NFC technology? I believe that we have passed this point. A few years ago issues were raised but today we have a reliable platform and tested technology to support NFC which has been proven to be just as reliable as contactless cards. There are certainly no additional concerns. Today’s is a different business model which crucially is more flexible than previously. For example, it is unlikely that credit card or personal information will be stored in the SIM card. Instead, it will be stored in a separate secure unit.

Interview with Remy De Tonnac – CEO of Inside Contactless

By Tom Tainton, Smart Card News

On the 7th of January 2008 Motorola announced a strategic investment in Inside Contactless, bringing the potential of NFC technologies and contactless payments closer to the consumer than ever before. This capped off a successful year for Inside Contactless which included recognition at the Sesames and Remy De Tonnac, the CEO of Inside Contactless earning the ID trail blazer award for his efforts. I spoke to De Tonnac to gauge just how important the deal was for the smartcard market and the future of NFC.

across the CityTrain network went into meltdown for nine hours. Besieged contractor Cubic Transportation Systems was supposed to be installing new software on a few machines overnight but instead crashed the whole system. Some machines even began spitting out Japanese to frustrated patrons. The lack of purchase points forced Queensland Rail into an embarrassing backdown of a new fare-evasion campaign as commuters travelled free or

Australian Go Card Transport Systems Crash Queensland news have reported the new Go Card smartcard system has suffered another devastating credibility blow - only a day after the Bligh Government boasted the long-overdue project was "going well" and nearing completion. Thousands of morning peak-hour train commuters struggled to buy a ticket on the 15th January when all 179 high-tech TransLink smartcard machines


77

What are the changes or differences you see in market demand today as opposed to five years ago? I don’t know if you are aware but five years ago I was working as a venture capitalist and looking at the emerging markets, so I feel very qualified to answer this particular question. 2002 was the year after the technology ‘bubble’ had burst, and the market had begun to slow down. There are no major differences in demand to note, although it was around the time that Bluetooth was adopted with a very similar appetite to the enthusiasm that surrounds NFC today. Do you think your impressive financial pedigree as well as international recognition (De Tonnac was awarded the ID trail blazer award) attracted Motorola and other major players to invest? Excuse my lack of modesty, but definitely, yes. Inside Contactless were rewarded with an innovation award at the Sesames 2007. In the same way that an employer looks at a resume, investors look at how successful our company is. We have an annual turnover of 200 million US dollars and employ over 500 people worldwide. In my experience, an investor considers three factors. First, an interest in the NFC market which Motorola certainly has. Secondly, satisfaction with the technology and intellectual property which I believe we provide and finally, the right people and appropriate management for the task. So what are the critical factors in Inside Contactless’ success? Consistency. We have had the same people working for us for 12 years and we all share the same goals. Our technicians are experts in their fields who live, breathe, eat, sleep and drink contactless cards. We are engaging a crusade to introduce NFC to the world! We have 60 patents and a healthy bottom-line profit; the company really has come a long way. We hold 70% of the market share because of our assets such as our microprocessor. In an innovative market we have continued to make breakthroughs, and we are a forerunner in the industry because of this. Finally in light of the Motorola investment, what are your long and short term goals? In the short term, over the next 12 months we want to gain a strong position within the US and develop some revenue streams. We will tap into new markets such as the UK, and Canada which is moving towards dual interface technology. We also aim to capitalise on Motorola’s investment by speeding up the NFC adoption process. In the long term, we will massively invest in software and increase our chip sales. We must be willing to go public and primarily make some money! De Tonnac predicts a bright future for NFC, and is confident that he and his staff can lead the explosion of contactless applications. With continued high performance, and financial injection from major players, Inside Contactless seems to have all the ingredients for success. De Tonnac’s latest coup in signing Motorola to the cause will only serve to enhance his company’s already lofty reputations in the industry.

News In Brief


88

eco-system", says Rémy de Tonnac, CEO of INSIDE Contactless. "Three years ago a similar strategic investment was made with Visa which brought the company to a leading position in the field of Contactless payment. We hope that this new development for INSIDE will lead to a similar success in the NFC market." website: www.insidecontactless.com Near Field Communication Forecasts Revised Downward The worldwide market for contactless technology in transportation ticketing and contactless payments grew more than 15 percent in 2007. The market now stands at a value of more than $200 million but will reach more than $820 million by 2013, according to the latest market analysis from ABI Research. Positive growth in contactless card rollouts took place during the last half of 2007, while the uptake of contactless capabilities in mobile handsets - dubbed NFC (Near Field Communication) - continued to be stymied by difficulties in bringing the technology to the consumer market. Accordingly, NFC handsets did not ship in any volume toward the end of 2007 and the market will remain limited for the first half of 2008. ABI Research now believes there will be longer than anticipated delays to NFC deployments and has again adjusted its latest quarter and next annual figures accordingly: the previous forecasts for total NFC device shipments stood at 1.1 million for 2007, and 9.81 million for 2008. The revised forecast stands at 0.65 million and 6.52 million respectively. However, says Collins, "Given the strength and interest among carriers around the world for NFC, our long-term forecasts remain unchanged." The bulk of the growth of contactless demand over the next five years will stem from the uptake of contactless payments from cards and mobile handsets. Europe took its first real steps toward contactless payment adoption in 2007. The initial UK contactless rollout in London that began in the second half of the year will prove a bellwether for the technology in Europe, especially given the scale of the initial rollout and the integration of contactless with the established EMV smartcard payment system. website: www.abiresearch.com

battled queues at old machines and station windows. Liberal transport spokesman Tim Nicholls said the card was now facing credibility issues. Trial commuters had already told him they were not receiving discounts while encountering problems topping up the card. "We hope it is fine, but none of this bodes well for the future of smartcard," Mr Nicholls said. L-1 to Provide Fingerprinting For South Carolina Law Enforcement L-1 Identity Solutions, a supplier of identity management solutions and services, received a contract from the State of South Carolina, South Carolina Law Enforcement Division, to provide digital fingerprinting services for civil applicants statewide through the South Carolina EasyPath network. The three-year indefinite delivery/indefinite quantity contract has four possible one-year renewals and a potential value of $30 million if all options are exercised. Integrated Biometrics Technology, will provide the fingerprinting services and initially open five enrollment centers in Columbia, Greenville, Charleston, Myrtle Beach and Rock Hill, with plans to increase service to more than 30 locations throughout the State. State-of-the-art L-1 Enhanced Definition TouchPrint live scan systems will be used to collect fingerprints. It is expected that approximately 500,000 applicants will be processed through the new system, which is expected to be fully operational by early 2008. website: www.l1id.com INSIDE Contactless Receives $38m Funding For NFC INSIDE Contactless, a provider of contactless payment chips and NFC technologies, announced a new round of investment led by Nokia Growth Partners, the global private equity and venture capital management arm of Nokia. This new investment round of €25m ($38m), will allow the company to accelerate its international presence and broaden its product portfolio. "This is more than a financial investment, this is about a strategic partnership with key players who are committed to building and driving the NFC

Growing market for PIN applications

By Carl-Otto Künnecke Managing Director, OK systems


99

In general, the PIN consists mostly of four characters (like they are used to access ATMs). However, some applications require PINs with more characters. The PIN is generated via an encryption procedure using different algorithms such as DES (symmetric Data Encryption Standard), RSA (asymmetric encryption system) or ISO 9564-1. The entire PIN handling is situated in rooms with highest security levels. If PINs and cards are personalized in the same building, the processes must be physically disconnected from each other. Due to this risk, PIN personalization is mostly completely separated from card personalization. The outsourcing trend visible in the card personalization sector does not have the same momentum for the PIN personalization process. Even though PINs have become indispensable in bank applications, there is no Visa/ Mastercard certification for PINs. This affects the products itself as well as PIN generation and transportation to the end customer. More than ever, transportation is an extremely insecure element when PINs are forwarded to the end customer or bank agency. In countries where bank cards are sent directly to the customers the PIN is dispatched delayed by a few days or sent prior to the card mailing. The common understanding is that PIN and card should never meet in the same post box on the same day. In cases of indirect distribution where the card holders have to fetch their card and PIN at the local branch office packages of cards and PINs are often sent by separate courier to the branch. In just a few cases cards and PINs go together with the same carrier and in the same envelope. What seems to be a high risk can be discounted when PIN and card are not activated yet. In case of stolen or opened envelopes the cards and PINs are of no use at all. Either by activating the package at the bank office or by special telephone verification the issuer activates PIN and card and the customer can use it. The reason for financial institutes to use this approach is reducing dispatch costs because postage is the biggest portion of the whole product in most cases. By sending only one product the banks save production costs as well as costs for dispatch and courier services. And the costumer will get one product instead of two. Besides this classic process where a printed PIN is used with paper, there are some cases where electronic transmission is employed like in China. Or – like in Korea – the PIN is generated through the application form when a card holder applies for a new card. However, due to high security risks these are only exceptions. Traditionally, PIN letters have been generated on 3-layered carbon copy paper, and have been labelled with address and PIN on needle printers. Due to visual aspects and security risks this process is not contemporary any more for many banks. Card carriers and enclosures convey the marketing ideas of the financial institute and the PIN stills looks like in the beginning of the computerized era. So the change in demands for a new product which fits the overall corporate design of a financial institute is mostly based on new marketing needs, but also on the fact that in many countries banks issue several PINs for each customer: one for ATM, one for electronic banking and sometimes even a third one for ATMs abroad. The old-fashioned “dot.matrix” makes this impossible and thus application and layout have to be changed. Therefore, some new processes have been established on the market. All these processes use laser printers to print the information on the PIN letter. The advantage is that significantly more information can be forwarded to the end customer. As another benefit the issuers can also use their own color logos and thus make the PIN letter a means of advertising. The foundation for all processes currently available on the market is the issuers’ need for corporate design, secure products and production processes as well as costs for the consumables.

Personal Identification Numbers (PINs) are very versatile and can be used for manifold applications. They are not only utilized in the banking sector (mostly for debit and with an increasing number also for credit cards), but also become more and more important for health insurance funds, where secure data are protected with a password on the chip of a health card. PINs are also employed for ID cards as for example the new German ID card. In this case PIN and chip form a digital signature which can be applied in the field of e-government, signing of contracts or secure entry into public facilities. Carl-Otto Künnecke


1100

In Germany, almost all banks and bank organisations have converted to modern PIN production methods. Here the following techniques are used: A key point in using such systems is the security of the process. All described systems were supplied by Otto Künnecke – specialists for card mailing and high security systems. The machines use special black covers and a special security lock which does not enable the operator to open any cover. In case of machine problems the covers can only be opened by an operator and a supervisor. The machines can be integrated in existing HSM surroundings or could be equipped with special encryption and decryption hard and software. When designing a PIN mailer one key point is that the file sent to the printer encrypts, the PIN at the latest stage and that these PINs are not visible in any software, audit files or at any device in this process. OK offers modularly extendable systems in different security levels. Due to high demand and the excellent cost-benefit-ratio these applications are marketed worldwide. Several banks from all parts of the world want to follow the German example and use more modern, secure and economic PIN letters. The OK systems are available with and without security software like HSM.

1. Thermo Sealing® - The single form is printed on special paper, folded and thermo sealed and therewith becomes a casing ready for dispatch, but which can also be put in envelopes. This method means up to 60% less paper, no elaborate handling, and no outdated technology, significantly less time, effort and waste. Data security is provided through a perfect thermo lock which cannot be opened without visible damage.

2. Single label – The back side of the printed paper has a special matrix making the PIN invisible. One or more security labels can be attached to the letter. These labels can have special security features like void effects or holograms and can either be peel-off labels or special scratch labels where the customer uses his fingernail or a coin to visualize his PIN. All these labels are designed to show attempts of manipulation. The final product could be either in the same size of the old fashioned “Dot.Matrix” solution or an A4 letter size which is folded.

3. Double label – The letter is printed and the first label is applied. Then the PIN is printed on the label. Immediately after printing the PIN the second label is applied so that the PIN becomes invisible. This sandwich technology has the highest security level of all processes used today.

4. Combination of Thermo Sealing® and label – In this case the PIN is hidden by a security label and then the product is sealed. This solution offers double protection of the PIN and is the most widespread form of PIN protection in Germany.

Scratch label with void effect Peel-off label Double label with

hologram

Developers and service providers can now apply the desired amount of security to their applications without the complexity and unit costs associated with high-end smartcards. Additionally, there is no tradeoff in security for low-end smartcards. Example applications include:

Subscription management including cable and satellite TV.

Electronic purses used in Laundromats, energy meters, internet café resources and transportation.

Information cards including ID cards and driver licenses.

Multi-application cards, for example, a single card that combines multiple functions like hotel access, mini-bar purchases, movie purchases, and secure access to [high-value] in-room hotel safes.

Smartcards are available today for a wide range of applications and are classifiable under two broad categories: Microprocessor-based and memory-based smartcards. Microprocessor-based smartcards embed a microprocessor, volatile and non-volatile memories, and communication circuitry such as Analog Front-End (AFE) in an integrated circuit that eventually embeds inside the standard smartcard. They contain cryptographic routines either in firmware or hardware accelerators to service high-end security applications like banking and passports. They require special software or operating system developed by security experts for effective security. Their complex nature allows them to command premium prices in the market. In addition, these smartcards require external power to support the energy requirements of the microprocessor, the memories and the cryptographic routines. For this reason, their connectivity to the outside world is usually contacted in nature, at least for power sourcing. Contacted connectivity demands periodical card replacement due to worn out contacts. In the rare cases where connectivity is not contacted, as in RFID cards, power limitations translate into long transaction times making them less practical for mainstream security applications.

Figure 1: A high level block diagram of a microprocessor smartcard

Versatile Hardware Security With Cryptographic RF Smartcards

By Eustace Asanghanwa, Atmel


1111

Affordable True Hardware Security for Mutual Authentication and Data Security

Cryptographic RF smartcards offer true hardware-based security for applications that need authentication, value storage, identification, and secure access control. It bridges the complexity and affordability gap between high-end secure microcontroller-based smartcards used in banking, and low-end cards used for loyalty tracking and access control, without giving up security. Eustace Asanghanwa


1122

On the other hand, memory-based smartcards are just non-volatile memories, typically EEPROM, with external connectivity in a smartcard form factor. Some provide simple password protection for specific data contained within the smartcard, while others allow free access to all the data. Their simplicity makes them affordable and their modest power requirement makes them easy to use not only in contacted form but also in non-contacted form as RFID cards.

Figure 2: A high-level block diagram of a memory smartcard The Right Card for Each Application Product developers and service provides never want to overpay for security. They want adequate security to protect the value at stake, but not too much because it may erode profit margins. High-end applications like banking have immense value at stake and so require the highest level of security. These high-end applications are well suited for microcontroller-based smartcards. Applications with lower-end security demands, like plain loyalty cards, are well suited for memory smartcards. However, there are many applications that require more security than memory smartcards offer, but do not command enough profit margins to cover the costs associated with microprocessor-based smartcards. These applications need an alternative type of smartcard – the cryptographic RF smartcard. Cryptographic RF Smartcards Cryptographic RF smartcards innovatively capture the security offering of microprocessor smartcards and implement that security in pure hardware logic. This eliminates the need to develop complex operating systems. The innovative logic-only implementation lowers power requirements for the smartcard enabling full-performance as non-contacted RF smartcards, which eliminates the need for periodic replacement.

Figure 3: A high Level Diagram of a cryptographic RF smartcard

True Hardware-based Security Cryptographic RF smartcards offer true hardware-based security for authentication, encryption, and secure data storage. They contain a 64-bit hardware-based cryptographic engine embedded in the silicon, with up to four sets of non-readable 64-bit authentication keys, four sets of non-readable 64-bit session encryption keys, and 2K bits of configuration memory. The configuration memory provides application developers with true flexibility for customizing security and data protection options and then blowing fuses to permanently lock in the configuration and custom security keys in the hardware. Secure Dynamic Mutual Authentication Capability Up to now, when there was a need to prove authenticity, as in trying to gain access (TV subscription program access or secure building access) or to claim value (cash registers, laundry machines, pay-per-use copier machines), only high-end microprocessor based smartcards were able to provide true authentication. Cryptographic RF smartcards can establish authenticity securely through a cryptographic dynamic mutual authentication process using the non-readable keys. They use the authentication keys, session encryption keys and a random number to generate a unique identity, or “cryptogram”, for each transaction. Both the RF smartcard reader and the RF smartcard must be able to duplicate each other’s cryptograms before any data can be accessed or written. The keys are completely inaccessible, even to the owner of the device or original silicon manufacturer. A unique cryptogram is generated for each transaction, so a cryptogram, intercepted during a transaction, cannot be used to effect a second transaction. In the extremely unlikely event that the non-readable key(s) from one smartcard becomes known, they cannot be used with any other smartcard because each cryptographic RF smartcard has its own unique set of authentication keys. Fuse bits are blown to permanently lock the security information in the smartcard such that even the card silicon manufacturer cannot access it. Dual Authentication Supports Cash-equivalent Cards Uniquely, cryptographic RF smartcards allow two completely independent users to access the same section of the memory, using completely separate authentication keys with different access levels for adding and deducting cash. As an example, energy meter applications that happen to be very popular in developing countries using pre-pay models, the energy company will use a higher privilege access key to add energy credits to the card from its offices. The energy meter at the purchaser’s home is then equipped with a less privileged key that can only allow for reduction of energy credits and never vice-versa. Multiple Sectors with Configurable Access Cryptographic RF smartcards are available as a complete family in densities from 1 Kbit to 64 Kbits of completely usable memory to accommodate a wide range of information storage and cost requirements. The user memory itself may be divided into as many as 16 separate sections, each of which can independently customized to allow different levels of read and write access. For example, a smartcard that contains health records might keep the patient’s ID and billing address in a portion that is accessible by the billing department and insurance company, while diagnostic information is stored in another area that is accessible only by the doctor, and prescription information is stored in yet another section that can be written to by the doctor and only read by the insurance company and the pharmacist. Multitude of Data Protection Options Be it cash credits or private health records, cryptographic RF smartcards provide many protection options customizable by the application developer at deployment time. These include one-time-program (OTP) modes, read-only modes and program-only modes. In addition to protection by pre-authentication requirements, cryptographic RF smartcards can fully encrypt data during transmission to protect confidentiality and dynamically generate Message Authentication Codes (MAC) to verify message source and integrity. To top off, cryptographic RF smartcards are implemented in hardened silicon using secure product strategies that include content scrambling, tamper monitors for environmental factors, and detection capabilities for physical and systematic security attacks. Cryptographic RF smartcards are innovative in their approach to true hardware security and bridge the complexity and affordability gaps between microprocessor and memory based smartcards. Laden with usable memory and security options, cryptographic RF smartcards offer an unrivaled level of flexibility for application developers, allowing full customization to enable adaptability to virtually any application in the smartcard space.


1133


1144

There have been lots of discussions over the security of the Mifare card particularly because of the extended business applications such as an ePurse being proposed for this platform. Expressions such as low security are thrown around in a way that could confuse or even misrepresent the platform. In any scheme it is the overall security that matters not the individual components. It is also fundamental to ensure that the components are used in the right way, in most high visibility failures it has been a protocol or procedure failure that has resulted in the end disaster. However memory cards such as Mifare do have restricted security functionality and when the cryptographic security relies on keeping the algorithm secret that is an additional risk that has now exploded. It should be noted that the researchers have not published their findings in detail (and may never do so) but they have publicly demonstrated not only that it is possible with limited equipment to reverse engineer the random number generator and the algorithm but also to point out many weaknesses in the actual Crypto-1 implementation. The Mifare chip technology is based on a simple contactless memory device with discrete logic to provide some security functionality across the air gap with the reader (i.e. at the radio frequency level). This technology is proprietary to Philips Semiconductors and requires their IPR to be available in both the Smart Card chip and the Mifare reader. In practice this means that both the smart card and the reader need to have a Philips (or a Mifare licensed chip, e.g. Infineon) chip embedded within them. The original Mifare 1K memory was introduced in 1994 and there are now 6 chips in the Mifare range from NXP (previously Philips Semiconductors);

• Mifare Classic (1 Kbytes of EEPROM non-volatile memory), • Mifare 4K (4 Kbytes of EEPROM), • Mifare DESFire (4 Kbytes of EEPROM), • Mifare Ultralite (64 bytes of EEPROM), • Mifare ProX (1 Kbytes or 4 Kbytes Mifare emulation in a micro controller chip. Total chip

EEPROM including Mifare emulation memory is 16 Kbytes) • Smart MX (a more advanced Mifare ProX replacement series with up to 72 Kbytes of

EEPROM). The Mifare ProX and the Smart MX are micro controller based chips and provide the Mifare functionality as an emulation in the chip. These chips are used for example by the IBM JCOP30 and JCOP40 Java Cards respectively. The discussion that follows relates to the Classic 1k Mifare but the arguments would hold for most other memory cards. Mifare Card Operation: The Mifare 1K card has its 1 Kbyte memory arranged as 16 sectors, each with 4 blocks of 16 bytes. The last block in each sector stores two keys, A and B, which are used to access (depending on the access conditions also set in this block) the other data blocks. The Mifare reader interacts with the card as follows; 1) Select card (ISO 14443 allows multiple cards in its field), 2) Log-in to a sector (by providing key A or key B) and 3) Read, Write, Increment, or Decrement a block (must conform to the access conditions). The Increment and Decrement operations allow the block to be treated as an electronic purse.

Mifare (In)security Update January 2008 By Dr David Everett, CEO, Smart Card Group

Mifare: Little Security, Despite Obscurity was the title of the paper given at the 24th Congress of the Chaos Communication Congress that took place in Berlin on the 28th December 2007. Given by Karsten Nohl (University of Virginia) and Henryk Plötz but also involving Starbug from the Chaos Computer Club the presentation gave a first hand account of reverse engineering the Crypto-1 algorithm employed in the Mifare RFID chips. These chips are widely used particularly in the mass transit area such as the London transport Oyster card and the ITSO cards deployed across Scotland and as also proposed for the new Dutch National public transport smart card scheme (OV chipcard). David Everett


1155

It is important to note that the cryptographic interchange takes place between the reader and the card and more precisely between the Mifare chip in the reader and the Mifare chip in the card. The terminal has to present the appropriate key to the reader and normally this key would be derived from a Master key stored in a Secure Access Module (SAM) at the terminal. The card ID and parameters, which are unique to each card, can act as the derivation factor. This means that each card is using a different key set to protect a particular sector. Breaking an individual card will not reveal the Master keys. The Login process referred to above implements a mutual authentication process (a challenge/response mechanism) which then sets up an encrypted channel between the card and the reader using Philips proprietary Crypto-1 algorithm. These security services operate at the RF (Radio Frequency) level and cannot provide any cryptographic audit trail. In essence this means that you must trust the terminal but more particularly you have no evidence if it misbehaves. Mifare Vulnerabilities: The threats to the Mifare scheme are in three areas;

1) Attacker breaks the cryptographic algorithm, 2) Attacker implements a key exhaustion attack 3) Attacker obtains the cryptographic keys.

The scheme opens up an additional vulnerability in that Mifare cannot provide secure messaging. In other words because the Mifare chip doesn't have a CPU it can't cryptographically protect transactions for confidentiality, data integrity, or authentication on any form of end to end basis. This also means that message replays and deletions cannot be detected which is fundamental to most security schemes. Strength of the Cryptographic Algorithm: The Mifare Crypto-1 algorithm is proprietary and has not been published. However the work undertaken by Karsten Nohl (University of Virginia), Starbug and Henryk Plötz in so far as they have released their results is very informative giving the block diagram below reproduced from their presentation,


1166

In addition to this drawing they have also released further information about the RNG which is a 16 bit LFSR with characteristic polynomial,

X16 + X14 + X13 + X11 + 1 The RNG is seeded by the time delay between power on and the reception of message data from the contactless card reader. As they point out this is rather easy to control but they also noticed by intercepting messages between the card and reader that there were already repeats of the random number used as part of the authentication protocol and which is also input to the main 48 bit LFSR. This main LFSR has 16 feedback taps defined by its characteristic polynomial and apparently 20 taps are used for the key stream output function. <We can also comment that the LFSR is most likely designed for a maximum length sequence (e.g. High order X48, has an even number of taps, etc) which reduces the possibilities.> In subsequent discussion the authors have also commented that the exclusive OR input with the secret key and tag ID is not quite as simple as shown in the slide. When a cryptographic algorithm is widely available one suspects it is only a matter of time before it gets into the public domain either due to a malevolent employee or by a reverse engineering attack on the chip. This has happened in many other cases such as in the GSM world and the DVD protection algorithm. Public attacks on the Internet swiftly followed. It is believed that counterfeit Mifare chips are already available from China, the companies concerned would need to have reverse engineered the chip in order to produce such copies. Key Exhaustion Attack: The design of cryptographic algorithms is normally based on the assumption that knowledge of the algorithm is assumed. In other words the algorithm itself is adequately strong and that the security depends on obtaining the secret cryptographic keys. Assuming there is no flaw in the algorithm or its implementation then the security of the scheme falls down to key exhaustion. Key exhaustion would require an emulation of the algorithm where all the keys in the key space are tested one by one using matching plain text and cipher text. Alternatively the keys in the key space can be tested one by one against a valid implementation of the algorithm (e.g. an authentic card). The first condition requires the algorithm to be known as per the above comments and for the key space to be practically realisable. The Mifare algorithm uses a 48 bit key, this gives a total key space of 2^48 or approximately 3 with fourteen noughts. With today's processing power this would not be deemed adequate by experts in the field. The single DES algorithm with its 56 bit key has long since been dismissed (it has been practically exhausted in 10 hours) in favour of triple DES with an effective key length of 112 bits (in practice it can be attacked with slightly less effort but still insurmountable). Today anything much less than a 96 bit key would not be deemed secure against such an exhaustion attack. An alternative approach would be to take a valid card and literally try each key in turn from the key space. This would require a card select followed by a login process. Just assuming this could be done in say 10 mS then an attack would take, 2^48 X 10 mS = 89194 years. This attack is clearly not viable. Key Vulnerability: The vulnerability of the keys arise from these considerations; 1) An exposure in key management (including the terminal and reader) and 2) An exposure to an attack on the card. As mentioned previously because the keys have to be transmitted to the reader there is an assumption that the terminal can be trusted. This may be reasonable in some closed schemes such as a mass transit application but in the more general case this would not be an acceptable assumption. Apart from the obvious invasive attacks on the chip, we have in recent years, seen very successful attacks on Smart Cards by intercepting the power consumed by the chip whilst undertaking cryptographic operations. Called Differential Power Analysis (DPA) by their inventor Paul Kocher these techniques were originally applied against the RSA secret keys but later used against symmetric algorithms such as DES. Such forms of attacks may well be applicable to the Philips Mifare algorithm. Secure Messaging: In a transaction-based scheme it is standard practice to protect the messages with some Cryptographic Check Value (CCV) or digital signature. This ensures the authenticity of the source of the message and that the message has been unchanged in transit from source to destination. This requires that the Smart Card is able to both create and check such CCVs or digital signatures. Without such security services being applied it is not easy to resolve disputes and the scheme is vulnerable to a wide range of


1177

attacks. The Mifare card because it hasn't got a CPU is not capable of creating or checking such cryptographic messages. Consider the operation of a CPU Card as shown.

Both the card and SAM can encipher messages or create and check cryptographic checksums as necessary and appropriate In this case the transactions operate between the SAM (Secure Access Module) and the card. Cryptographic protection operates between these end points. Consider for example the case where you want to increment the value of a purse stored on the card. The card is set up so that the command to increment the purse has a CCV attached, the chip checks this CCV before it effects the value load process. This cryptographic CCV is created by the Secure Access Module (SAM) attached to the terminal. Nowhere in this scenario are the cryptographic keys available in plain text. Even if the terminal is attacked with some Trojan software, the transaction records can be subsequently checked for authenticity. It is not possible for the Trojan operation to fool this process. In addition sequencing controls can be incorporated in the messages which are checked by the CPU to stop replays. User Authentication: The Mifare card has no facility for checking user PINs or passwords. This means that you cannot adequately bind a user to the card which is necessary in any form of Identity management scenario. Summary: Memory cards with discrete security logic such as Mifare can offer adequate security for some closed business scenarios. In the more open transaction model the increased security functionality offered by a CPU chip with cryptographic capability is highly desirable. In the light of the latest public attack on the Crypto-1 algorithm system integrators would be advised to upgrade to a more resilient algorithm. The NXP DESFire memory RFID product for example uses Triple DES but we see little advantage in a memory only device given the small overhead of a CPU micro-controller.

LEGIC embeds badge and purse into NFC mobile phones

Mobile telephony is already something we can’t imagine being without. New NFC (Near Field Communication) technology will revolutionise our daily transactions further still and make many deeds even easier. Buying a bus ticket, paying at a machine or kiosk, opening a door or accessing information services: in the future, the mobile telephone will be able to do all. NFC pilot project with and at Swisscom LEGIC, Swisscom and Selecta are pursuing new paths with this NFC pilot project. In the Swisscom’s modern buildings in Bern, Switzerland, Swisscom staff use their mobile phones to get chilled drinks and snacks from Selecta vending machines. The ability to connect a mobile phone to contactless applications, such as to make cashless payments using electronic purses, is opening up endless possibilities thanks to LEGIC’s new card-in-card solutions. For a long time these two worlds, with their different technologies, were not compatible. Buying drinks using an electronic purse was only possible with the contactless staff badge, while the mobile phone was used for standard communication purposes.


1188

NFC technology enables mobile phones to behave as conventional contactless cards and to connect to the network via mobile technology. Contactless applications can also work when the phone battery is empty or no network is available. The new solutions therefore combine the advantages of both technologies, providing more security, ease-of-use and availability. The partners of this pilot project intend to convert the project into a real business model. Additional applications, such as the integration of Adasoft secure entry applications used in all Swisscom buildings, will also be discussed. Swisscom provides greater comfort for end users thanks to NFC For Swisscom, NFC is not only a trend-setting technology, but the key to greater comfort for end users, who will be able to access everyday cashless services with their mobile phone. This includes buying everyday items such as snacks and drinks, booking tickets, and more. Thanks to contactless NFC technology, end users will simply have to present their mobile phone and they will be able to buy easily, without cash. Swisscom is supporting the further development of SIM cards as hosts for the new NFC applications. It is actively engaged in the development of new services and working closely with leading mobile phone manufacturers to bring a wide variety of NFC phones quickly to the market. Customers will only be able to benefit from these new services if relevant appliances are available and if all network operators cooperate. Swisscom believes that an agreement between mobile phone companies is vital in order to avoid individual solutions. Thomas Kummernuss, Product Manager and responsible for NFC development at Swisscom, is delighted with the success of the pilot project: “Swisscom believes in the potential of NFC technology in Switzerland: cashless payments, public transport ticketing, access control, etc. will be more secure, comfortable and customer-friendly with a mobile phone. We are also discussing the possibility of a single service offer and a B2B business model. The success of this project is helping us to convince our partners and customers of the advantages and possibilities of the new contactless technology in mobile phones.” Vending machines by market leader, Selecta Selecta is an international trendsetter for easy, safe and fast purchases from vending machines, in private or public areas. The Swiss market leader endeavours to offer its customers up-to-date and trend-setting products and solutions. Contactless technologies like NFC set new priorities in the development of such solutions. Cashless payments at vending machines are a good starting point. Selecta is giving NFC solutions the chance to be accepted on the market, in particular in public and semi-public areas. Pilot projects like the one with Swisscom underpin and strengthen acceptance by consumers. They contribute, through communication, to the creation of further applications and card acceptors, such as in the public transport field or with wholesalers. A union of different worlds thanks to LEGIC’s card-in-card solutions LEGIC’s contactless smart card technology has been world leader for several years. LEGIC is pursuing new directions with its card-in-card solutions. In the form of a virtual card, LEGIC functionality will be applied to dual interface cards or third party NFC mobile phones via the new software solution for smart card platforms. This enables the connection of public transport applications, PC access via PKI or credit cards with LEGIC applications such as access control or cashless payments. Thanks to further extensions of the LEGIC technology – there are already over 50,000 facilities with more than one million LEGIC readers in service – and to a worldwide licence partner network, the possibilities for building on existing and developing new, even more comfortable solutions, are endless. “We’re expecting a lot from the NFC technology in connection with our LEGIC card-in-card solutions. We are world leader in contactless smart card technology for personal identification applications. The fact that the LEGIC all-in-one area can be integrated into third party cards and NFC mobile phones widens the scope of our technology and also makes way for new solutions for our partners, as well as providing advantages and comfort to the end user. In the future, it will be possible to go to work just with a mobile phone and to do without all the different cards”, explained Urs A. Lampe, Vice President Product Marketing & New Business of LEGIC Identsystems Ltd.


1199

Contactless in unattended card payment environments is similarly emerging as a fast growing global development in a variety of scenarios — including ticketing, car parking, self-service kiosks and vending machines — and engendering a monumental change in consumer attitudes and behaviours.

Indeed, the days of consumers viewing ‘cash as king’ may well be numbered. A recent report from APACS, the UK’s association for payment clearing services, The Way We Pay 2007: UK Plastic Cards, showed that in 2005 card payments in retail exceeded cash for the first time, and that this gap further increased in 2006. This trend looks set to accelerate further, hastening the demise of hard cash especially for low value payment transactions. The contactless transaction Contactless technology is ideal for speeding up small-value payments that are typically below US$25 where, until now, cash has been the predominant form of payment. Since cash still accounts for a significant proportion of total consumer payments, even in the most developed card markets, this market represents a significant opportunity for contactless payment technologies. Indeed, figures from Datamonitor's Consumer Payments Model show that in 2003 cash still accounted for around 20.4 per cent of the total value of consumer payments in France, Germany, Italy, Spain, UK and the US. Market research firm Tower Group estimates contactless payment can reduce individual transaction times by between 10 to 15 seconds; an assertion that is borne out by the findings of the Smart Card Alliance’s recent investigation of contactless payments in the US. As well as confirming contactless payment technologies enabled faster transactions than EMV, its investigation also reported merchants experienced increased cardholder transaction volumes and average transaction size. Similarly, unattended payment terminals generate enhanced self-service options for consumers and offer an additional convenience that’s helping to propel contactless payment into low value cash-based transactions.

Contactless payment certainly effectively delivers against consumer expectations in relation to expediency and rapidity. Rather than inserting a payment card into an EFTPoS device, or swiping it through a magnetic stripe reader, a cardholder simply waves a card — or other contactless token, such as a key fob — within 10cm of a contactless reader. Underpinned by the same advanced technology that secures chip and PIN transactions, consumers have been quick to accept contactless payment as a safe, convenient and fast way to complete low value purchases. For retailers, contactless payments similarly generate significant advantages in terms of reduced cash handling, improved operational efficiencies and in busy retail environments, like quick service restaurants, faster service throughput and reduced queuing. Charting the progress Contactless payment first made the transition from niche technology to a mainstream payment option when, in August 2004, McDonald’s announced an agreement to accept MasterCard PayPass at selected McDonald’s restaurants. By early 2006, industry analyst Datamonitor reported there were over 10 million contactless devices in circulation in the US, with 160,000 acceptance terminals in 30,000 merchant locations. Contactless payment was launched, and today the US represents the world’s largest contactless payment market.

In the US, usage of unattended payment terminals is growing between 17 per cent and 20 per cent each year and millions of consumers are now accustomed to contactless payment technologies through electronic toll collection systems — such as EZPass and FasTrack — or through using ExxonMobil’s SpeedPass to make gas and convenience store purchases. This meteoric growth is being replicated elsewhere around the world. In just five years, the contactless Octopus

Buying into Contactless Payment

By Debbie Mitchell, Head of Regional Marketing, VeriFone EMEA Contactless payment solutions represent one of the most important card payment

innovations of the last decade, and are currently transforming payment at the point of service. Today’s ever more sophisticated consumers expect speed, convenience and simplicity when paying for goods. What’s more, they’re embracing contactless payment and demonstrating that self-service pays dividends in terms of expediency, ease of use and the freedom to chose the time and place best suited to them to make a purchasing decision.

Debbie Mitchell

card in Hong Kong has gained over 11 million cardholders, is used in nearly nine million transactions a day and, in addition to transport and parking, is accepted in payment for groceries. In the UK, Transport for London has already issued over 10 million Oyster cards and currently reports that just three per cent of payments on London Underground and buses are made in cash. Changing user behaviours The use of contactless cards in mass transit environments has become almost ubiquitous; transit system contactless smart cards are now in use in major cities worldwide — including Hong Kong, Tokyo, Seoul, Washington DC and Shanghai — and the majority of planned new transit fare payment systems are electing to use contactless smart cards as the primary ticket media. From a user perspective, the simplicity and familiarity of the ‘tap-and-go’ transit payment systems are proving to be key to wider scale acceptance and adoption in other payment or usage scenarios. As a result contactless smart cards are now making the transition into retail environments as transit agencies and card associations work together to extend the use of contactless payment devices. Transport for London (TfL), in partnership with Barclaycard, recently launched its co-branded multiple application card for both transit and retail payment, OnePulse. The 3-in-1 card combines Oyster, credit and cashless facilities and aims to effortlessly extend Oyster’s functionality to existing customers. Retailers already signed up to the new technology include Books Etc, Chop’d, Coffee Republic, EAT, Krispy Kreme, Threshers and Yo! Sushi. In the UK, an initial 2,000-strong retailer roll-out of contactless payment in London in autumn 2007 will dovetail into a series of full scale national implementation programmes throughout 2008. London commuters, who are already familiar with contactless technology through TfL’s Oyster card, will be able to take advantage of improved customer experience in new retail payment environments, while the planned point-of-sale deployments across the rest of the UK are expected to widely establish contactless payment. By the end of 2008, the UK payments association APACS estimates that over five million contactless cards will have been issued and will be accepted in at least 100,000 merchants across the country. Making the leap The UK contactless payment initiatives aim to capitalise on the benefits of simplicity, convenience and speed, combined with existing consumer familiarity with a proven and well-established EMV structure. In terms of deployment, a key advantage of implementing contactless solutions is that the technology can be readily adapted to current payment systems. Existing EFTPoS terminals can be easily modified with an interface to a contactless RF (radio frequency) reader, enabling retailers to leverage their existing payment structure and providing a future proofed solution to support full-scale contactless rollouts. The contactless interface can also be deployed with EMV chip-based cards, or in magnetic stripe card environments. In EMV scenarios, PIN data entry can be used to verify contactless transactions, while in non-EMV transactions, data derived from Track 2 magnetic stripe-related information and secret data is transmitted by the contactless chip in response to a signal from an EFTPoS device; in some instances this data undergoes authorisation in a manner similar to a magnetic stripe transaction. Securing the transaction In the self-service applications that today’s consumers now demand, ensuring the highest security at the point of payment is a critical challenge. Contactless payments use the international ISO/IEC14443 standard for contactless reader-card communication, and leverage the existing payments infrastructure, which has supported card payments for the past 40 years. Although the use of a contactless interface does not routinely require the consumer to enter a PIN, the card’s chip tracks activity, and after a consecutive number of transactions may prompt the user to enter a PIN. This security feature provides options that re-affirm card possession and deter potential fraudulent use, should the card be lost or stolen. Additional security features include a unique in-build 128-bit encrypted key on each contactless card for verification. At a system level, payment networks can automatically detect and reject any attempt to use the same transaction information more than once. Contactless payments are fast approach the tipping point of adoption within retail environments. In the UK, the collaboration between TfL and Barclaycard signals the first mass deployment of a bank-controlled contactless payment application with an operational transit application, and may well prove transformational for contactless payment adoption in many countries.


2200

Smart Card & Identity News Mifare, Oyster and ITSO Cards ... January 2008.pdf · Mifare, Oyster and...

Documents

Transcript of Smart Card & Identity News Mifare, Oyster and ITSO Cards ... January 2008.pdf · Mifare, Oyster and...