Computer Laboratory

Security Group

Banking security

EMV PIN verification “wedge” vulnerability

The EMV protocol is used worldwide for credit and debit card payments and is commonly known as “Chip and PIN” in the UK. Our analysis of EMV has discovered flaws which allow criminals to use stolen cards without knowing the correct PIN. Where these flaws are exploited – in the “wedge” attack – the receipt and bank records would show that the PIN was correctly verified, so the victim of this fraud may have their request for a refund denied. We have confirmed that this attack works in the UK, including for online transactions (where the terminal contacts the bank for authorization before completing the purchase). It does not apply to UK ATM transactions, which use a different method for PIN verification. more...

Chip Authentication Programme (CAP) vulnerabilities

The Chip Authentication Programme (CAP) has been introduced by banks to deal with the soaring losses due to online banking fraud. Our analysis shows that while CAP readers are an improvement over static passwords, due to excessive optimisation they open new ways of attack. The move from signature to PIN for authorising point-of-sale transactions shifted liability from banks to customers, where the Banking Code is ineffective; CAP introduces the same problem for online banking, where there is no statutory protection for cardholders. This is a security engineering and regulatory failure that allows banks to deploy cheap devices and reduce customer protection. more...

PIN Entry Device (PED) vulnerabilities

In Chip & PIN card transactions, customers insert their card and enter their PIN into a PIN Entry Device (PED). We have demonstrated that two popular PEDs, the Ingenico i3300 and Dione Xtreme, fail to adequately protect card details and PINs. Fraudsters, with basic technical skills, can record this information and create fake cards which may be used to withdraw cash from ATMs abroad, and even some in the UK. These failures are despite the terminals being certified secure under the Visa approval scheme, and in the case of the Ingenico, the Common Criteria system. Our results expose significant failings in the entire evaluation and certification process. more...

Chip & PIN (EMV) relay attacks

This article discusses the relay attack on Chip & PIN which could be exploited by criminals to perform fraudulent transactions, using a card with a fake chip. We describe the situations in which this fraud could be perpetrated and suggest ways to mitigate the risk. Chip & PIN currently does not defend against this attack, despite assertions from the banking community that customers must be liable for frauds in which the PIN was used. We thus propose measure to detect, and prevent such attacks in the future. more...

Tamper resistance of Chip & PIN (EMV) terminals

We demonstrate how fraudsters could collect card details and PINs, despite the victims taking all due care to protect their information. This means that customers should not automatically be considered liable for fraud, simply because the PIN was used. Even though a customer's PIN might have been compromised, this is not conclusive evidence that he or she has been negligent. more...

Chip & PIN (EMV) Interceptor

This page briefly explains the principle of the interceptor, and what it achieves. Our interceptor is a prototype device which sits between a Point-of-Sale (POS) terminal in a shop and the Chip and PIN card carried by a customer. It listens passively to the electrical signals – “the conversation” – between the chip card and the terminal, and from this can retrieve and store the customer's account number. In the case of the cheaper “Static Data Authentication” (SDA) Chip and PIN cards, which are used by most UK banks, it can also store the customer's entered PIN, when it is sent from the terminal to the card, just after the customer types it in. more...

Past projects

ATM phantom withdrawals
Chip and SPIN