Thursday, April 16, 2009

Credit Card PINs No Longer Secure

As technology advances make it easier for customers to access their accounts and perform money movement transactions with credit and debit cards, the bad guys are using technology to steal the Personal Identification Numbers (PINs) that are issued to customers to help protect their accounts.

Feeling less secure yet?

It doesn't even matter anymore if the PINs are encrypted. Conventional wisdom held that once a customer keyed their PIN into an ATM or at a point-of-sale terminal, the transaction was secure as it went through the processing cycle, due to the encryption algorithms. The transaction would be received by your financial institution, decrypted, and processed. Viola!

PCI standards supported by the banks and credit card industry (which are ineffective as I've written about here and here) were supposed to prevent this kind of attack. Forcing encryption of the transactions and PINs was seen as a panacea. But as Bruce Schneier posited in his book Beyond Fear, when you think about implementing security controls into a system, you also need to contemplate what new weaknesses or gaps are created at the same time.

In this case of these encrypted transactions, the gap introduced is pretty clear - the hardware security module (HSM), a security appliance that resides on bank networks and switches to help encrypt and decrypt traffic as it passes through transaction processing.

Problem is, there are multiple HSMs among the various banking networks that the transaction passes through on the way from its origin to the customer's bank. Each of the HSMs might be different, and are managed by different firms or even contractors in some cases. The traffic needs to be decrypted as it passes through the HSM, then re-encrypted as it's sent on to the next HSM.

It's at these switching points that the crooks often trick the HSM into revealing the encryption details, PIN blocks, or keys, either because of configuration problems, vulnerabilities, or weaknesses in the HSM or its operating software. Once a PIN block is compromised, it's off to the races.

The HSM is but one attack vector - other methods of compromising transactions are old-school but equally effective, and there's always phishing attacks and compromising servers that contain the information, like the Hannaford breach. But the utter collapse of PIN numbers as an effective control is causing the industry to scramble as losses soar into the hundreds of millions of dollars.

It's time to look at integrated security solutions and secure networks for transaction processing, and a deep assessment is needed of all controls associated with financial dealings. With the large volumes of data gushing through the system, even a small leak can have catastrophic results.

PIN Crackers Nab Holy Grail of Bank Card Security

No comments:

Post a Comment

Please tell me what you think.