It’s time for SDA and Plaintext Offline PIN to bow out gracefully

Posted on: February 6th, 2012 by level_admin 5 Comments

There’s no doubt that EMV is a great standard that has succeeded in providing a greater level of security for Cardholders, Merchants and Issuers alike. However, like anything that evolves there is always an element of junk DNA in the design. EMV has its fair share of junk DNA, the recent bad press (also read here) about Static Data Authentication (SDA) being broken is one such example. It didn’t take a rocket scientist to figure out that it was weak and susceptible to replay attacks but back then anything was better than a magnetic stripe.  It came from a time of the early days of EMV, when more powerful cards that could support Dynamic Data Authentication (DDA) were significantly more expensive. This expense, coupled with the fact that most EMV capable terminals weren’t fast enough to perform DDA in an acceptable amount of time, meant that DDA wasn’t adopted as widely as it should have been.

Perhaps the most glaringly obvious security flaw in EMV is the CVM called “Offline Plaintext PIN”. The PIN is transmitted to the card for verification in the clear which places the burden of security (and cost) on the terminal Vendor and therefore the Merchant.

A large part of PCI PED for example deals with the PIN entry security environment. An attacker merely has to “sniff” the card IO pin to pull all manner of cardholder information from the transaction including the PIN. Some would argue that the compensating control for this is the fact that PIN pads are tamper responsive and evident but why take the risk when you have a much better CVM in “Offline Enciphered PIN”? The PIN is securely encrypted in the PIN pad using the card RSA Public Key and transmitted to the card for verification which is infinitely more secure.

Of course the next step would be to encrypt all the information that passes between the terminal and card using a similar mechanism but that’s a discussion for another day.

In summary, it’s clear that the weaknesses of SDA have been exploited and damaged the reputation of the EMV standard so surely it’s time we acknowledge the obvious – both SDA and Offline Plaintext PIN have had their day, it’s time they were put out to pasture.

Tags: , , , ,

5 Responses

  1. Anonymous says:

    I completely agree with your point about retiring SDA, but I’m much less convinced than you about the apparent evils of Plaintext Offline PIN. Knowledge of the PIN should only be of value if you also have the genuine card (in 2-factor authentication its having BOTH factors which are important) unless the card can be cloned. Retiring magnetic stripe and SDA prevent cloning and makes the need to retire Offline Plaintext PIN irrelevant, which is good as its still actually quite useful.

    Enciphered offline PIN does not remove the need for PCI PED as the PIN is still entered in the clear before being enciphered.

    Your final suggestion about encrypting ALL the information between card and terminal is, frankly, insane. In the context of a globally interoperable system it leads to an astronomical key management nightmare . Much smaller closed loop systems like transit attempt to do this, with very well publicised failures.

  2. L_Thomas_Horton says:

    SDA and Plaintext Offline PIN are separate issues.

    Once again we have a situation where “an expert” is making claims based on non-factual information.

    1. Ask the real live person in either MasterCard of Visa who actually knows to the single digit how many their MasterCard or Visa transactions have reported fraud as the result of SDA.

    2. Ask the real live person in either MasterCard of Visa who actually knows to the single digit how many of their MasterCard or Visa transactions have reported fraud as the result of Plaintext Offline PIN.

    The number of instances of reported fraud for the two scenarios above is essentially none existant.

    Finally, while it is not a subject of the Post above, the other fallacy that has taken on a life of its own is the “issue of magnetic stripe cards not being accepted because they are not chip cards”.

    Yes, there are instances where a US-issued magnetic stripe card can not complete a transaction, and it is an extremely rare exception.

    I will happily take a wager of $100 from the 1st 10 persons that:

    For every merchant you can show me that can not process a transaction with a US-issued magnetic stripe card but can process the transaction with an European-issued EMV card, I can show you two merchants who cannot process a transaction with an European-issued EMV card but can process the transaction with a US-issued magnetic stripe card.



    • Jeremy Gumbley says:

      Thanks for your comments, it’s great to see some debate on the subject! Whereas it is difficult to pinpoint cases of fraud as you suggest it is equally difficult to eliminate the possibility that any cases have ever occurred. Perhaps Stuart would like to comment further on your points about magnetic stripe.

    • David says:

      It’s not a question of whether or not a particular merchant terminal is capable of accepting magstripe transactions, it’s a question of getting the cafe owner in the dusty backwaters of desirable holiday locations to accept that magstripe cards (i.e. no visible chip) are still valid forms of payment.

  3. WanderingScott says:

    Why does Offline Enciphered PIN remove the need for PCI PED?
    If you want to enter your PIN into an unsecured PIN Pad be my guest, personally I’ll stick to secure devices.
    Yes Enciphered PIN makes the task more difficult for an attacker, moving the sniffer from the card reader to the keypad, but removing PCI PED would greatly simplify the work for the crims. PCI PED might be expensive but it does serve a purpose.