Optimised to Fail: Card Readers for Online Banking

The Chip Authentication Programme (CAP) has been introduced by banks in Europe to deal with the soaring losses due to online banking fraud. A handheld reader is used together with the customer's debit card to generate one-time codes for both login and transaction authentication. The CAP protocol is not public, and was rolled out without any public scrutiny. We reverse engineered the UK variant of card readers and smart cards and here provide the first public description of the protocol. We found numerous weaknesses that are due to design errors such as reusing authentication tokens, overloading data semantics, and failing to ensure freshness of responses. The overall strategic error was excessive optimisation. There are also policy implications. The move from signature to PIN for authorising point-of-sale transactions shifted liability from banks to customers; CAP introduces the same problem for online banking. It may also expose customers to physical harm.

[1]  Steven J. Murdoch,et al.  Thinking Inside the Box: System-Level Failures of Tamper Proofing , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[2]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[3]  Yiannis Tsiounis,et al.  Anonymity Control in E-Cash Systems , 1997, Financial Cryptography.

[4]  Ross J. Anderson,et al.  Robustness Principles for Public Key Protocols , 1995, CRYPTO.

[5]  Thomas A. Berson,et al.  Polonius: An Identity Authentication System , 1985, 1985 IEEE Symposium on Security and Privacy.

[6]  Steven J. Murdoch,et al.  Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks , 2007, USENIX Security Symposium.

[7]  Nicholas Bohm,et al.  Electronic Commerce: Who Carries the Risk of Fraud? , 2000, J. Inf. Law Technol..