; Payment systems
Learning Center
Plans & pricing Sign in
Sign Out
Your Federal Quarterly Tax Payments are due April 15th Get Help Now >>

Payment systems


  • pg 1
									      Payment systems
               Tuomas Aura
T-110.4206 Information security technology
1. Money transfer
2. Card payments
3. Anonymous payments


      Common payment systems
 Cash
 Electronic credit transfer
 Direct debit
 Check
 Credit card
 Cash transfer
 Mobile payment
 Anonymous payment
Which are regulated?

                         Electronic credit transfer
    Also called bank transfer, wire transfer
    Payment process (e.g. UK CHAPS):
           – Clearing: if the payment is between two banks, the sending bank sends the
             information to a central processor, which keeps track of payments
           – Settlement: transfer of funds between the central-bank reserve accounts of
             the two banks at the end of the day for the balance of all transactions that day
             ( risk to central bank or receiving bank if a sending bank fails)
    Float: money between being debited from the sender’s bank account and
     credited to the receiver’s account  banks gain interest on float
      payments take days even when technically unnecessary
    Finality varies for sender, banks and receiver
           – Most electronic transfers immediately final to sender and bank, not receiver
           – Direct debit in Finland final for sender; SEPA direct debit will be reversible

                              Sending          Central                 Receiving
                Sender                                                               Receiver
                               bank           processor                  bank

             Sender makes               Clearing       Settlement                  Funds available
             payment                                   between banks               to receiver       5

    Check payment:
           1.   Payer
                the check
           2.   Clearing: payee deposits the check, bank collects payment,
                paying bank inspect the check for authenticity and sufficient
           3.   Settlement: transfer of funds between banks
    Float: in some countries, funds are available soon after
     deposit, before clearing and settlement
      payee effective gets an interest-free loan

                  Payer    Payee      Funds               Clearing   Settlement
                  writes   deposits   available                      between
                  check    check      to payee                       banks

                                       Credit card
    Credit card issuer takes a ~2-5% transaction
     fee from seller
           – Buyer protection: issuer takes some of the risk
           – Initial 30-60 days interest-free credit for buyer
           – Kickbacks to some buyers
    Transaction final after 90 days
      more certainly than in bank transfer

                Credit     Funds             Buyer may     Transaction
                card       available         pay balance   final
                purchase   to seller

                    Cash transfers
 Western Union, MoneyGram: money transfer for people
  without bank accounts
   – Sender pays cash at one branch office; receiver gets the cash at
     another branch office
   – Used mostly by migrants to send money to 3rd world countries
   – Receiver must have id card or answer test question
 Example:
 Hawala: informal network of agents system based on
  Islamic law or honor system
   – Problems with money laundering legistlation

                           Issues with float
    Victim receives check or credit card details; ships goods
     before payment clears
           Scammer Victim         Funds           Victim ships             Check found
           writes      deposits   available       goods                    to be false or
           false check check      to victim                                no funds

    Victim receives a check; funds available before the check
     clears; victim makes an irreversible payment (e.g. refunds all
     or part of the money)
           Scammer Victim         Funds                                    Check found
           writes      deposits   available                                to be false or
           false check check      to victim                                no funds
                                        Victim returns       Funds available
                                        (part of)            to scammer
                                        the money
                           Issues with float
    Victim receives a reversible payment; victim makes an
     irreversible payment

           Criminal          Funds                                Mule
           (e.g phisher)     available                            asked to
           makes a           to mule                              repay

                                   Mule makes   Funds available
                                   payment      to scammer

                  Mobile payment
 Replacing banks in countries where branch network
  sparse and carrying cash unsafe
 M-PESA in Kenya
 MTN Mobile Money in South Africa
   –   Implemented with SMS and SIM-Toolkit
   –   PIN and some kind of symmetric crypto
   –   Deposit and withdrawal at agent offices
   –   Money transfer and bill payment with phone
   –   SMS money transfer to unregistered users
   –   Anyone can just start using the service; some limits relaxed
       if strong authentication with id card
 Nokia Money in India
   – App on phone, not bound to SIM

 Depends on credit cards and banks accounts
  for deposit and withdrawal
 Payer and payee can remain pseudonymous
 Stronger traceability of verified accounts
  – Links user to a bank account


               Mag-stripe bank cards
 Magnetic stripe contains primary account number (PAN), name,
  expiration date, service code, PVKI, PVV, CVV1
 Signature and (sometimes) id card required at point of sale (POS)
 PIN required by automated teller machines (ATM) and some POS
    – PIN is a function of data on mag stripe and key in terminal
       offline PIN verification at POS or ATM
 Possible to copy data on the mag stripe
 CVV1 is a cryptographic MAC of the PAN, name, expiration and
  service code (based on 3DES)
 Offiline terminal has a security module to store the card and PIN
  verification keys
 CVV2 to make online fraud harder
    –   3-4 digits printed on card but not on mag stripe
    –   Required for online (card not present) transactions
    –   Not stored by merchant after online verification
    –   Vulnerable to online phishing

                 Visa PIN verification
 Input from magnetic stripe:
    – Primary account number (PAN) i.e. 15-digit card number
    – PIN verification key indicator (PVKI, one digit 1..6)
    – PIN verification value (PVV, 4 decimal characters)
 Verifier must have
    – PIN verification key (PVK, 128-bit 3DES key)
    – PVKI is an index for PVK to enable PVK changes
 Create security parameter (TSP):
    1.   Concatenate 11 rightmost digits of PAN, PVKI and PIN
    2.   The 16-digit concatenation is one hexadecimal DES block
 PVV generation:
    1.   3DES encryption of TSP with the key PVK
    2.   Decimalization of the encryption result to 4-digit PVV
 Decimalization happens by taking the 4 leftmost digits 0..9 from the
  hexadecimal encrypted block
    – If less than 4 such digits, take 4 first digits A..F and map A=0,B=1,C=3...
    [For details see IBM]
         Chip-and-PIN bank cards
 EMV standard (Europay, Mastercard, Visa)
 Smartcard chip (ICC) on the bank card
   – Tamperproof ICC stodes a cryptographic signature key
   – Card also contains a certificate
 Three levels of secure tranactions:
1. Static data authentication (SDA):
   – Certificate verification (not used in ATMs)
2. Dynamic data authentication (DDA):
   – Card signs a random challenge sent by terminal
3. Combined DDA and application cryptogram (CDA):
   – Card signs transaction details incl. random challenge
 Card holder authenticated with PIN or signature

             EMV security issues
 Not possible to copy the chip
 Mag stripe can still be copied
   Possible to create a copy with “broken” chip or use at
    offline POS in the US
   – Stripe data is also readable from the chip
 PIN used frequently  easier to capture


            Anonymous digital cash
 David Chaum 1982, later DigiCash product — never really used but
  an influential idea
 Participants: bank, buyer Alice, merchant Bob

                 1. Bank                            3. Bob
                 issues            Bank             deposits
                 coin                               coin

              Alice                                     Bob
              buyer         2. Alice spends coin      merchant

 Anonymous:
    – Bank cannot link issued and deposited coins, not even with Bob’s help
 Not transferable: must be deposited to bank after one use
 Uses blind signatures: bank signs coins without seeing their
  contents  cannot link events of coin issuing and use
          Anonymous digital cash
 Blind signature:
   Bank has an RSA signature key pair key (e,d,n) for signing 1€ coins
     (and different keys for 10€, 100€,...)
   1. Alice creates a coin from random “serial number” SN and
       redundant padding required for RSA signature;
       Alice generates a random number R, computes coin ⋅ Re mod
       n, and sends this to the bank
   2. Bank computes (coin ⋅ Re)d mod n = coind ⋅ R mod n and sends
       this to Alice
   3. Alice divides with R to get the signed coin coind mod n
    Bank has signed the coin without seeing it and cannot link the
     coin to Alice
 Alice can pay 1€ to Bob by giving to coin to him
   – Bob deposits coin to bank; bank checks signature and only
     accepts the same coin once
 Problem: Cheaters are anonymous; if someone pays the
  same coin to two merchants, how to know who it was?
               Anonymous digital cash
 Double-spending detection:
    – Alice must set SN = h( h(N) | h(N xor “Alice”) ) where N random
    – After Alice has given the coin to Bob, Bob asks Alice to reveal one of
      h(N),N xor “Alice” or N,h(N xor “Alice”)
     If Alice spends the coin twice, she reveals her name with 50%
 Make each 1€ coin of k separately signed sub-coins  detection
  probability p = 1-2-k
    – Coins will be quite large: k=128 with 2048-bit RSA signatures is
 Q: But how to force Alice to create SN this way? How can bank
  check the contents of the message when she signs blindly?
 Cut and choose:
    – Alice creates k pairs of sub-coins for signing
    – Bank asks Alice to reveal N for one sub-coin in each pair and signs the
      other one  cheating detection probability p = 1-2-k
 Alice can make anonymous payments but will be caught with
  probability p = 1-2-k if she tries to create an invalid coin or spend
  the same coin twice
 What are the main threats in
    a)   online card transactions?
    b)   POS transactions?
    c)   ATM cash withdrawals?
  What differences are there in the way credit cards and bank debit cards
  address these threats?
 Could you (technically) use bank cards
    a)   as door keys?
    b)   for strong identification of persons on the Internet?
 How could a malicious merchant perform a man-in-the-middle attack
  against chip-and-PIN transactions?
 When a fraudulent bank transaction occurs, who will suffer the losses?
  Find out about the regulation and contractual rules on such liability.
 Bank security is largely based on anomaly detection and risk mitigation. In
  what ways could a bank reduce the risk of fraud in mag-stipe or chip-and-
  PIN payments?
 Even though DigiCash coins are unlinkable, what other ways are there in
  which the merchant, bank or both together can find out what Alice buys?

             Related reading
 Ross Anderson: Security Engineering, 2nd ed.,
  chapter 10
 Interesting reading online:
  – http://thescambaiter.com/
  – http://www.cl.cam.ac.uk/research/security/banki


To top