So what now? Actually, the responsibility for a correct transaction is with the merchant, because only the merchant has at least a possibility to ensure a correct transaction: If a proper terminal is used and there is no strange cable coming out of the card (see the video on the linked page) the transaction is still good. However, the damage goes to the customer, not the merchant.
And, of course, there is a huge hole in the protocol.
There is only one way to do it properly:
- User enters PIN
- Terminal asks card to sign the transaction
- card signs the transaction if and only if it has received the correct PIN
And everything done with mutual authentication end, message confidentiality and message integrity.
Where is the problem with this? It requires chips that are a little more expensive than the most simple ones. It's called "dynamic data authentication"and "Transaction Cryptogram" in the EMV world, but unfortunately it is not used in this case.
Posts
Hi Ullrich,
ReplyDeleteI thought the paper stated that "moving from SDA to DDA will not have any effect, as theser are both methods for card authentication, which occurs before the cardholder verification stage". Am I missing something?