Comment Re:CC system is flawed (Score 5, Insightful) 111
Even chips are bullshit. Why aren't CCs issuing one time tokens per a transaction - this rendering subsequent transactions useless? (Or tying the token to a retailer for subscriptions / etc)
You'd have to do better than that. If the payment terminal is compromised, an attacker could just sit there and wait for a card to be available at one of the payment terminals, then process two transactions in a row very quickly, one of which is the real one, and the other of which is an arbitrary transaction. There's a fundamental law in computing—not sure if it has a name—that goes something like this: If you cannot fully trust both endpoints of a communication channel, you cannot trust the communication channel itself. Period.
The only way to really improve the situation is to have credit cards treat the payment terminal as an untrusted network connection. Put a screen on the card itself, and require the user to push a button on the card itself to approve the transaction. Then use some form of PK crypto in the device itself to sign the transaction and send the response back to the payment processor's servers, which can then send a confirmation code to the register as proof that the transaction was accepted.
And no, I don't mean cell phones here. Cell phone payment systems certainly have the potential to be an easier way of paying for things, but security-wise, they just replace one attack target with another, without any obvious security benefit. Why? Because they're general-purpose computers that are constantly in use for other purposes like web browsing, so if they contain any security holes, the risk of them getting compromised is non-negligible.
More to the point, the risk of compromise for a cell phone is orders of magnitude higher than the risk of somebody finding a bug in a specialized card in your billfold and attacking it using nothing but NFC (because an attack on a cell phone doesn't require you to be in the same country as the victim, much less within a few feet).
And assuming all things are equal, the odds of a cell phone being compromised should be higher than the odds of a payment terminal being compromised (ignoring the "physically swap it out" risk), because the payment terminals should be segregated onto their own private network, and shouldn't be communicating with unrelated Internet servers for unrelated purposes. This does not appear to be the case in practice (as far as we know), but then again, until enough payments happen on cell phones, they won't be a high-priority target, so such comparisons may or may not really be valid.
Now it is theoretically possible to make a cell-phone-based solution as secure as a card with a screen, but the minimum requirements would be:
- A separate CPU that handles the transaction processing and signing.
- A means for that CPU to take over the display and input system in such a way that guarantees that the data shown on the screen is from that crypto chip even if the software running on the phone's main CPU is completely compromised.
- A physical light on the front panel of the device to indicate that the data on the screen is coming from the payment chip.
Anything short of that improves security only to the extent that the odds of simultaneously compromising a payment terminal and the phone that's talking to it are less than the odds of compromising one or the other, and there's a small chance that the customer might notice if the screens don't match, so an attacker really ought to compromise both of them. With that said, when there's a mass compromise of the payment systems of a major national company, it doesn't take a very high percentage of compromised cell phones before you would start seeing situations where both devices are compromised, at which point the cell phone doesn't make things appreciably more secure than a chip-and-pin system, which is, in turn, not all that much more secure than a magstripe system, whereas a mostly dumb crypto card with a screen and a pushbutton does.