SlideShare ist ein Scribd-Unternehmen logo

Cracking Chip & PIN

onthewight
onthewight

Chris Jarman, one of the original technical architects of the Chip & Pin scheme, explains its development and how various hacks have been attempted.

Technologie
1 von 8
Risk Management First lesson of Banking – no Risk, no Profit. Financial Security models are always a balance. No System is Secure but it can be judged Secure Enough. Bankers have been evaluating risk and profit since the days of barter. No Security model exists in isolation. Chip & PIN builds on a considerable existing security framework
Business Objectives Driven by simple commercial proposition Augmented by reputational elements Incorporate behavioural evolution Needs to account for and predict technology. Needs to be viable for all parties. Subject to review and planned to continuously evolve.
Crypto Basis of Trust RSA Public Key Scheme Static Data Authentication Dynamic Data Authentication Triple (Double Length) DES Online mutual Authentication PIN What you have: Token What you know: Crypto engine / Keys / PIN
Attack Scenarios Forced attack / threat e.g. Theft Card not present / non PIN verified e.g. Internet Mobile Commerce International e.g. Fallback
Attack Scenarios Hard Attack of Crypto – RSA or 3*DES Exploit Procedural Elements e.g. Relay Transaction flow logistics e.g. Terminal Minder Disintermediate parties e.g. Wedge Technology Element e.g. Differential Power Analysis
Investment / Reward 800 Million cards and growing. Fraud is a commercial business. Cost / Benefit model based. Requires significant resource dedication. Limited skill set availability. Requires greater resource to exploit. Active detection methods can rapidly terminate activity.
Chip & PIN Today Overall scheme security remains intact and strong Hard card attack scenarios provide poor business case Soft card attack scenarios exploit interfaces and provide little business case Largest exposure remains non-chip usage New channels building in support to leverage chip and PIN – e.g. HomePay reader at home Still fit for purpose !!
Chip & PIN @ Home HomePay ,[object Object]

Empfohlen

Point of Sale Insecurity: A Threat to Your Business
Point of Sale Insecurity: A Threat to Your BusinessPoint of Sale Insecurity: A Threat to Your Business
Point of Sale Insecurity: A Threat to Your BusinessSurfWatch Labs
 
Cyber Threat Management
Cyber Threat Management Cyber Threat Management
Cyber Threat Management Rishi Kant
 
Cybersecurity- What Retailers Need To Know
Cybersecurity- What Retailers Need To KnowCybersecurity- What Retailers Need To Know
Cybersecurity- What Retailers Need To KnowShantam Goel
 
E-Banking Web Security
E-Banking Web SecurityE-Banking Web Security
E-Banking Web SecurityDragos Lungu
 
Tech trends in Banking Industry
Tech trends in Banking IndustryTech trends in Banking Industry
Tech trends in Banking IndustrySoham Pablo
 
Login cat tekmonks - v5 (mini)
Login cat tekmonks - v5 (mini)Login cat tekmonks - v5 (mini)
Login cat tekmonks - v5 (mini)Rohit Kapoor
 
Ec2009 ch10 e commerce security
Ec2009 ch10 e commerce securityEc2009 ch10 e commerce security
Ec2009 ch10 e commerce securityNuth Otanasap
 
Pre-PostBreach_Are_Your_Ready
Pre-PostBreach_Are_Your_ReadyPre-PostBreach_Are_Your_Ready
Pre-PostBreach_Are_Your_ReadyPete Pouridis
 

Weitere ähnliche Inhalte

Andere mochten auch

IWC 2013 Budget Presentation
IWC 2013 Budget PresentationIWC 2013 Budget Presentation
IWC 2013 Budget Presentationonthewight
 
Didáctica de la historia en la educación infantil
Didáctica de la historia en la educación infantilDidáctica de la historia en la educación infantil
Didáctica de la historia en la educación infantilcitlallicabrera
 
Propuesta metodológica sesion 2
Propuesta metodológica sesion 2Propuesta metodológica sesion 2
Propuesta metodológica sesion 2citlallicabrera
 
Tx Gradebook Orientation
Tx Gradebook OrientationTx Gradebook Orientation
Tx Gradebook OrientationJennifer Lopez
 
Slide presentation
Slide presentationSlide presentation
Slide presentationANelly01
 
Custom personalized bedding
Custom personalized beddingCustom personalized bedding
Custom personalized beddingdezine01
 
ISA LA Instrumentation2009handout
ISA LA Instrumentation2009handoutISA LA Instrumentation2009handout
ISA LA Instrumentation2009handoutPhil Sallaway
 
Technology cart distribution notes
Technology cart distribution notesTechnology cart distribution notes
Technology cart distribution notesJennifer Lopez
 
12 komunikace a tvorba znalostí
12 komunikace a tvorba znalostí12 komunikace a tvorba znalostí
12 komunikace a tvorba znalostíKISKAcross
 
Campus navigator
Campus navigatorCampus navigator
Campus navigatorOluyomi Ojo
 
PracticeTEchnology
PracticeTEchnologyPracticeTEchnology
PracticeTEchnologyANelly01
 
Gi Laboratory Nurse Bedside
Gi Laboratory Nurse BedsideGi Laboratory Nurse Bedside
Gi Laboratory Nurse Bedsidejzinkel
 
Creating groups in gradebook
Creating groups in gradebookCreating groups in gradebook
Creating groups in gradebookJennifer Lopez
 
La escuela unitaria
La escuela unitariaLa escuela unitaria
La escuela unitariaAylincristal
 
Jaro 2011 rozvoj kreativity - vyroba kocici busty
Jaro 2011 rozvoj kreativity - vyroba kocici bustyJaro 2011 rozvoj kreativity - vyroba kocici busty
Jaro 2011 rozvoj kreativity - vyroba kocici bustyKISKAcross
 
IWC 2013 Budget Presentation (revised)
IWC 2013 Budget Presentation (revised)IWC 2013 Budget Presentation (revised)
IWC 2013 Budget Presentation (revised)onthewight
 

Andere mochten auch (20)

IWC 2013 Budget Presentation
IWC 2013 Budget PresentationIWC 2013 Budget Presentation
IWC 2013 Budget Presentation
 
Didáctica de la historia en la educación infantil
Didáctica de la historia en la educación infantilDidáctica de la historia en la educación infantil
Didáctica de la historia en la educación infantil
 
Propuesta metodológica sesion 2
Propuesta metodológica sesion 2Propuesta metodológica sesion 2
Propuesta metodológica sesion 2
 
Transportation Plan
Transportation PlanTransportation Plan
Transportation Plan
 
Tx Gradebook Orientation
Tx Gradebook OrientationTx Gradebook Orientation
Tx Gradebook Orientation
 
Slide presentation
Slide presentationSlide presentation
Slide presentation
 
Custom personalized bedding
Custom personalized beddingCustom personalized bedding
Custom personalized bedding
 
ISA LA Instrumentation2009handout
ISA LA Instrumentation2009handoutISA LA Instrumentation2009handout
ISA LA Instrumentation2009handout
 
Technology cart distribution notes
Technology cart distribution notesTechnology cart distribution notes
Technology cart distribution notes
 
LG Soluciones para Hotelería
LG Soluciones para HoteleríaLG Soluciones para Hotelería
LG Soluciones para Hotelería
 
2
22
2
 
Sesion 3 actividad 1
Sesion 3 actividad 1Sesion 3 actividad 1
Sesion 3 actividad 1
 
12 komunikace a tvorba znalostí
12 komunikace a tvorba znalostí12 komunikace a tvorba znalostí
12 komunikace a tvorba znalostí
 
Campus navigator
Campus navigatorCampus navigator
Campus navigator
 
PracticeTEchnology
PracticeTEchnologyPracticeTEchnology
PracticeTEchnology
 
Gi Laboratory Nurse Bedside
Gi Laboratory Nurse BedsideGi Laboratory Nurse Bedside
Gi Laboratory Nurse Bedside
 
Creating groups in gradebook
Creating groups in gradebookCreating groups in gradebook
Creating groups in gradebook
 
La escuela unitaria
La escuela unitariaLa escuela unitaria
La escuela unitaria
 
Jaro 2011 rozvoj kreativity - vyroba kocici busty
Jaro 2011 rozvoj kreativity - vyroba kocici bustyJaro 2011 rozvoj kreativity - vyroba kocici busty
Jaro 2011 rozvoj kreativity - vyroba kocici busty
 
IWC 2013 Budget Presentation (revised)
IWC 2013 Budget Presentation (revised)IWC 2013 Budget Presentation (revised)
IWC 2013 Budget Presentation (revised)
 

Ähnlich wie Cracking Chip & PIN

Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017Anil Jain
 
End-to-End Encryption for Credit Card Processing
End-to-End Encryption for Credit Card ProcessingEnd-to-End Encryption for Credit Card Processing
End-to-End Encryption for Credit Card ProcessingLennon808
 
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011Andris Soroka
 
Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...
Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...
Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...TigerGraph
 
Experiment
ExperimentExperiment
Experimentjbashask
 
Replace The Current Antiquated Credit Card System
Replace The Current Antiquated Credit Card SystemReplace The Current Antiquated Credit Card System
Replace The Current Antiquated Credit Card SystemWarren Smith
 
Life After Compliance march 2010 v2
Life After Compliance march 2010 v2Life After Compliance march 2010 v2
Life After Compliance march 2010 v2SafeNet
 
System Z Mainframe Security For An Enterprise
System Z Mainframe Security For An EnterpriseSystem Z Mainframe Security For An Enterprise
System Z Mainframe Security For An EnterpriseJim Porell
 
Hacking Point of Sale
Hacking Point of SaleHacking Point of Sale
Hacking Point of SaleTripwire
 
Hw09 Large Scale Transaction Analysis
Hw09 Large Scale Transaction AnalysisHw09 Large Scale Transaction Analysis
Hw09 Large Scale Transaction AnalysisCloudera, Inc.
 
FinTech Belgium – Fintech Belgium MeetUp on Cybersecurity – F.Lecocq – Digitr...
FinTech Belgium – Fintech Belgium MeetUp on Cybersecurity – F.Lecocq – Digitr...FinTech Belgium – Fintech Belgium MeetUp on Cybersecurity – F.Lecocq – Digitr...
FinTech Belgium – Fintech Belgium MeetUp on Cybersecurity – F.Lecocq – Digitr...FinTech Belgium
 
Smart card emv for dummies
Smart card emv for dummiesSmart card emv for dummies
Smart card emv for dummiesBACKSEATRIDER
 
E-commerce security using asymmetric key algorithm
E-commerce security using asymmetric key algorithmE-commerce security using asymmetric key algorithm
E-commerce security using asymmetric key algorithmgauravv7536
 
Managing & Securing the Online and Mobile banking - Chew Chee Seng
Managing & Securing the Online and Mobile banking - Chew Chee SengManaging & Securing the Online and Mobile banking - Chew Chee Seng
Managing & Securing the Online and Mobile banking - Chew Chee SengKnowledge Group
 
PCI Compliance (for developers)
PCI Compliance (for developers)PCI Compliance (for developers)
PCI Compliance (for developers)Maksim Djackov
 
From Bad to Worse: How to Stay Protected from a Mega Data Breach
From Bad to Worse: How to Stay Protected from a Mega Data BreachFrom Bad to Worse: How to Stay Protected from a Mega Data Breach
From Bad to Worse: How to Stay Protected from a Mega Data BreachPaymetric, Inc.
 

Ähnlich wie Cracking Chip & PIN (20)

Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017
 
End-to-End Encryption for Credit Card Processing
End-to-End Encryption for Credit Card ProcessingEnd-to-End Encryption for Credit Card Processing
End-to-End Encryption for Credit Card Processing
 
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
 
Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...
Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...
Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...
 
Experiment
ExperimentExperiment
Experiment
 
Sect r35 b
Sect r35 bSect r35 b
Sect r35 b
 
Replace The Current Antiquated Credit Card System
Replace The Current Antiquated Credit Card SystemReplace The Current Antiquated Credit Card System
Replace The Current Antiquated Credit Card System
 
Falcon 012009
Falcon 012009Falcon 012009
Falcon 012009
 
Life After Compliance march 2010 v2
Life After Compliance march 2010 v2Life After Compliance march 2010 v2
Life After Compliance march 2010 v2
 
System Z Mainframe Security For An Enterprise
System Z Mainframe Security For An EnterpriseSystem Z Mainframe Security For An Enterprise
System Z Mainframe Security For An Enterprise
 
Hacking Point of Sale
Hacking Point of SaleHacking Point of Sale
Hacking Point of Sale
 
Hw09 Large Scale Transaction Analysis
Hw09 Large Scale Transaction AnalysisHw09 Large Scale Transaction Analysis
Hw09 Large Scale Transaction Analysis
 
FinTech Belgium – Fintech Belgium MeetUp on Cybersecurity – F.Lecocq – Digitr...
FinTech Belgium – Fintech Belgium MeetUp on Cybersecurity – F.Lecocq – Digitr...FinTech Belgium – Fintech Belgium MeetUp on Cybersecurity – F.Lecocq – Digitr...
FinTech Belgium – Fintech Belgium MeetUp on Cybersecurity – F.Lecocq – Digitr...
 
Smart card emv for dummies
Smart card emv for dummiesSmart card emv for dummies
Smart card emv for dummies
 
E banking security
E banking securityE banking security
E banking security
 
E-commerce security using asymmetric key algorithm
E-commerce security using asymmetric key algorithmE-commerce security using asymmetric key algorithm
E-commerce security using asymmetric key algorithm
 
Managing & Securing the Online and Mobile banking - Chew Chee Seng
Managing & Securing the Online and Mobile banking - Chew Chee SengManaging & Securing the Online and Mobile banking - Chew Chee Seng
Managing & Securing the Online and Mobile banking - Chew Chee Seng
 
PCI Compliance (for developers)
PCI Compliance (for developers)PCI Compliance (for developers)
PCI Compliance (for developers)
 
From Bad to Worse: How to Stay Protected from a Mega Data Breach
From Bad to Worse: How to Stay Protected from a Mega Data BreachFrom Bad to Worse: How to Stay Protected from a Mega Data Breach
From Bad to Worse: How to Stay Protected from a Mega Data Breach
 
B Hkorba
B HkorbaB Hkorba
B Hkorba
 

Mehr von onthewight

Dr Robin Wilson - Monitoring the environment from space
Dr Robin Wilson - Monitoring the environment from spaceDr Robin Wilson - Monitoring the environment from space
Dr Robin Wilson - Monitoring the environment from spaceonthewight
 
Dr Stephen Prior - Drones and other Unmanned Air Vehicles - Cafe Sci Isle of ...
Dr Stephen Prior - Drones and other Unmanned Air Vehicles - Cafe Sci Isle of ...Dr Stephen Prior - Drones and other Unmanned Air Vehicles - Cafe Sci Isle of ...
Dr Stephen Prior - Drones and other Unmanned Air Vehicles - Cafe Sci Isle of ...onthewight
 
David Prendergast - Innovative Physics - From AI to Fukushima - Isle of Wight...
David Prendergast - Innovative Physics - From AI to Fukushima - Isle of Wight...David Prendergast - Innovative Physics - From AI to Fukushima - Isle of Wight...
David Prendergast - Innovative Physics - From AI to Fukushima - Isle of Wight...onthewight
 
Prof Paul White - The behaviour of marine mammals - Cafe Scientifique - Mar 2018
Prof Paul White - The behaviour of marine mammals - Cafe Scientifique - Mar 2018Prof Paul White - The behaviour of marine mammals - Cafe Scientifique - Mar 2018
Prof Paul White - The behaviour of marine mammals - Cafe Scientifique - Mar 2018onthewight
 
Dr Michelle Hale - Importance Of Marine Phytoplankton In Controlling Climate ...
Dr Michelle Hale - Importance Of Marine Phytoplankton In Controlling Climate ...Dr Michelle Hale - Importance Of Marine Phytoplankton In Controlling Climate ...
Dr Michelle Hale - Importance Of Marine Phytoplankton In Controlling Climate ...onthewight
 
Dr Catherine Mercer and Dr Frank Ratcliff - The 100,000 Genome Project - Jan ...
Dr Catherine Mercer and Dr Frank Ratcliff - The 100,000 Genome Project - Jan ...Dr Catherine Mercer and Dr Frank Ratcliff - The 100,000 Genome Project - Jan ...
Dr Catherine Mercer and Dr Frank Ratcliff - The 100,000 Genome Project - Jan ...onthewight
 
Dr. Jon Whitehurst - Bats, Maths and Maps - Isle of Wight Cafe Sci - Nov 2016
Dr. Jon Whitehurst - Bats, Maths and Maps - Isle of Wight Cafe Sci - Nov 2016Dr. Jon Whitehurst - Bats, Maths and Maps - Isle of Wight Cafe Sci - Nov 2016
Dr. Jon Whitehurst - Bats, Maths and Maps - Isle of Wight Cafe Sci - Nov 2016onthewight
 
NAHT explain Progress 8
NAHT explain Progress 8NAHT explain Progress 8
NAHT explain Progress 8onthewight
 
Dr Richard Crowder - Termites, Bees and Robots - 14 Mar 2016 - Isle of Wight ...
Dr Richard Crowder - Termites, Bees and Robots - 14 Mar 2016 - Isle of Wight ...Dr Richard Crowder - Termites, Bees and Robots - 14 Mar 2016 - Isle of Wight ...
Dr Richard Crowder - Termites, Bees and Robots - 14 Mar 2016 - Isle of Wight ...onthewight
 
News Rewired Presentation - OnTheWight's experience with Automated Articles -...
News Rewired Presentation - OnTheWight's experience with Automated Articles -...News Rewired Presentation - OnTheWight's experience with Automated Articles -...
News Rewired Presentation - OnTheWight's experience with Automated Articles -...onthewight
 
Dr Jen Gupta - Understanding nature’s death ray guns - 13 Oct 2015
Dr Jen Gupta - Understanding nature’s death ray guns - 13 Oct 2015Dr Jen Gupta - Understanding nature’s death ray guns - 13 Oct 2015
Dr Jen Gupta - Understanding nature’s death ray guns - 13 Oct 2015onthewight
 
Professor John Coleman, Phonetics Department, Oxford University, talk "Voices...
Professor John Coleman, Phonetics Department, Oxford University, talk "Voices...Professor John Coleman, Phonetics Department, Oxford University, talk "Voices...
Professor John Coleman, Phonetics Department, Oxford University, talk "Voices...onthewight
 
Innovation at OnTheWight - Presented at What's next for Community Journalism ...
Innovation at OnTheWight - Presented at What's next for Community Journalism ...Innovation at OnTheWight - Presented at What's next for Community Journalism ...
Innovation at OnTheWight - Presented at What's next for Community Journalism ...onthewight
 
Prof Arnold Taylor: The significant experiments of Robert Hooke - 8 June 2015
Prof Arnold Taylor: The significant experiments of Robert Hooke - 8 June 2015Prof Arnold Taylor: The significant experiments of Robert Hooke - 8 June 2015
Prof Arnold Taylor: The significant experiments of Robert Hooke - 8 June 2015onthewight
 
Prof Steve F King 'The standard models in particle physics'
Prof Steve F King 'The standard models in particle physics'Prof Steve F King 'The standard models in particle physics'
Prof Steve F King 'The standard models in particle physics'onthewight
 
Intriguing Neutrinos: The Deep Secrets of Nature’s Ghosts by Dr Elisabeth Falk
Intriguing Neutrinos: The Deep Secrets of Nature’s Ghosts by Dr Elisabeth FalkIntriguing Neutrinos: The Deep Secrets of Nature’s Ghosts by Dr Elisabeth Falk
Intriguing Neutrinos: The Deep Secrets of Nature’s Ghosts by Dr Elisabeth Falkonthewight
 
Nanodevices for the detection of disease by Maurits de Planque
Nanodevices for the detection of disease by Maurits de PlanqueNanodevices for the detection of disease by Maurits de Planque
Nanodevices for the detection of disease by Maurits de Planqueonthewight
 
East Cowes - Proposed development - Solent Gateways - Dec 2014
East Cowes - Proposed development - Solent Gateways - Dec 2014East Cowes - Proposed development - Solent Gateways - Dec 2014
East Cowes - Proposed development - Solent Gateways - Dec 2014onthewight
 
Prof Graham Mills - The Fate of Pharmaceutical Residues in the Aquatic Enviro...
Prof Graham Mills - The Fate of Pharmaceutical Residues in the Aquatic Enviro...Prof Graham Mills - The Fate of Pharmaceutical Residues in the Aquatic Enviro...
Prof Graham Mills - The Fate of Pharmaceutical Residues in the Aquatic Enviro...onthewight
 
Dr Luke Myers - Tidal Power Isle of Wight - Cafe Scientifique - Sept 2014
Dr Luke Myers - Tidal Power Isle of Wight - Cafe Scientifique - Sept 2014Dr Luke Myers - Tidal Power Isle of Wight - Cafe Scientifique - Sept 2014
Dr Luke Myers - Tidal Power Isle of Wight - Cafe Scientifique - Sept 2014onthewight
 

Mehr von onthewight (20)

Dr Robin Wilson - Monitoring the environment from space
Dr Robin Wilson - Monitoring the environment from spaceDr Robin Wilson - Monitoring the environment from space
Dr Robin Wilson - Monitoring the environment from space
 
Dr Stephen Prior - Drones and other Unmanned Air Vehicles - Cafe Sci Isle of ...
Dr Stephen Prior - Drones and other Unmanned Air Vehicles - Cafe Sci Isle of ...Dr Stephen Prior - Drones and other Unmanned Air Vehicles - Cafe Sci Isle of ...
Dr Stephen Prior - Drones and other Unmanned Air Vehicles - Cafe Sci Isle of ...
 
David Prendergast - Innovative Physics - From AI to Fukushima - Isle of Wight...
David Prendergast - Innovative Physics - From AI to Fukushima - Isle of Wight...David Prendergast - Innovative Physics - From AI to Fukushima - Isle of Wight...
David Prendergast - Innovative Physics - From AI to Fukushima - Isle of Wight...
 
Prof Paul White - The behaviour of marine mammals - Cafe Scientifique - Mar 2018
Prof Paul White - The behaviour of marine mammals - Cafe Scientifique - Mar 2018Prof Paul White - The behaviour of marine mammals - Cafe Scientifique - Mar 2018
Prof Paul White - The behaviour of marine mammals - Cafe Scientifique - Mar 2018
 
Dr Michelle Hale - Importance Of Marine Phytoplankton In Controlling Climate ...
Dr Michelle Hale - Importance Of Marine Phytoplankton In Controlling Climate ...Dr Michelle Hale - Importance Of Marine Phytoplankton In Controlling Climate ...
Dr Michelle Hale - Importance Of Marine Phytoplankton In Controlling Climate ...
 
Dr Catherine Mercer and Dr Frank Ratcliff - The 100,000 Genome Project - Jan ...
Dr Catherine Mercer and Dr Frank Ratcliff - The 100,000 Genome Project - Jan ...Dr Catherine Mercer and Dr Frank Ratcliff - The 100,000 Genome Project - Jan ...
Dr Catherine Mercer and Dr Frank Ratcliff - The 100,000 Genome Project - Jan ...
 
Dr. Jon Whitehurst - Bats, Maths and Maps - Isle of Wight Cafe Sci - Nov 2016
Dr. Jon Whitehurst - Bats, Maths and Maps - Isle of Wight Cafe Sci - Nov 2016Dr. Jon Whitehurst - Bats, Maths and Maps - Isle of Wight Cafe Sci - Nov 2016
Dr. Jon Whitehurst - Bats, Maths and Maps - Isle of Wight Cafe Sci - Nov 2016
 
NAHT explain Progress 8
NAHT explain Progress 8NAHT explain Progress 8
NAHT explain Progress 8
 
Dr Richard Crowder - Termites, Bees and Robots - 14 Mar 2016 - Isle of Wight ...
Dr Richard Crowder - Termites, Bees and Robots - 14 Mar 2016 - Isle of Wight ...Dr Richard Crowder - Termites, Bees and Robots - 14 Mar 2016 - Isle of Wight ...
Dr Richard Crowder - Termites, Bees and Robots - 14 Mar 2016 - Isle of Wight ...
 
News Rewired Presentation - OnTheWight's experience with Automated Articles -...
News Rewired Presentation - OnTheWight's experience with Automated Articles -...News Rewired Presentation - OnTheWight's experience with Automated Articles -...
News Rewired Presentation - OnTheWight's experience with Automated Articles -...
 
Dr Jen Gupta - Understanding nature’s death ray guns - 13 Oct 2015
Dr Jen Gupta - Understanding nature’s death ray guns - 13 Oct 2015Dr Jen Gupta - Understanding nature’s death ray guns - 13 Oct 2015
Dr Jen Gupta - Understanding nature’s death ray guns - 13 Oct 2015
 
Professor John Coleman, Phonetics Department, Oxford University, talk "Voices...
Professor John Coleman, Phonetics Department, Oxford University, talk "Voices...Professor John Coleman, Phonetics Department, Oxford University, talk "Voices...
Professor John Coleman, Phonetics Department, Oxford University, talk "Voices...
 
Innovation at OnTheWight - Presented at What's next for Community Journalism ...
Innovation at OnTheWight - Presented at What's next for Community Journalism ...Innovation at OnTheWight - Presented at What's next for Community Journalism ...
Innovation at OnTheWight - Presented at What's next for Community Journalism ...
 
Prof Arnold Taylor: The significant experiments of Robert Hooke - 8 June 2015
Prof Arnold Taylor: The significant experiments of Robert Hooke - 8 June 2015Prof Arnold Taylor: The significant experiments of Robert Hooke - 8 June 2015
Prof Arnold Taylor: The significant experiments of Robert Hooke - 8 June 2015
 
Prof Steve F King 'The standard models in particle physics'
Prof Steve F King 'The standard models in particle physics'Prof Steve F King 'The standard models in particle physics'
Prof Steve F King 'The standard models in particle physics'
 
Intriguing Neutrinos: The Deep Secrets of Nature’s Ghosts by Dr Elisabeth Falk
Intriguing Neutrinos: The Deep Secrets of Nature’s Ghosts by Dr Elisabeth FalkIntriguing Neutrinos: The Deep Secrets of Nature’s Ghosts by Dr Elisabeth Falk
Intriguing Neutrinos: The Deep Secrets of Nature’s Ghosts by Dr Elisabeth Falk
 
Nanodevices for the detection of disease by Maurits de Planque
Nanodevices for the detection of disease by Maurits de PlanqueNanodevices for the detection of disease by Maurits de Planque
Nanodevices for the detection of disease by Maurits de Planque
 
East Cowes - Proposed development - Solent Gateways - Dec 2014
East Cowes - Proposed development - Solent Gateways - Dec 2014East Cowes - Proposed development - Solent Gateways - Dec 2014
East Cowes - Proposed development - Solent Gateways - Dec 2014
 
Prof Graham Mills - The Fate of Pharmaceutical Residues in the Aquatic Enviro...
Prof Graham Mills - The Fate of Pharmaceutical Residues in the Aquatic Enviro...Prof Graham Mills - The Fate of Pharmaceutical Residues in the Aquatic Enviro...
Prof Graham Mills - The Fate of Pharmaceutical Residues in the Aquatic Enviro...
 
Dr Luke Myers - Tidal Power Isle of Wight - Cafe Scientifique - Sept 2014
Dr Luke Myers - Tidal Power Isle of Wight - Cafe Scientifique - Sept 2014Dr Luke Myers - Tidal Power Isle of Wight - Cafe Scientifique - Sept 2014
Dr Luke Myers - Tidal Power Isle of Wight - Cafe Scientifique - Sept 2014
 

Kürzlich hochgeladen

Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...Karmanjay Verma
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
WomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneWomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneUiPathCommunity
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
QMMS Lesson 2 - Using MS Excel Formula.pdf
QMMS Lesson 2 - Using MS Excel Formula.pdfQMMS Lesson 2 - Using MS Excel Formula.pdf
QMMS Lesson 2 - Using MS Excel Formula.pdfROWELL MARQUINA
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Nikki Chapple
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 

Kürzlich hochgeladen (20)

Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
WomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneWomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyone
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
QMMS Lesson 2 - Using MS Excel Formula.pdf
QMMS Lesson 2 - Using MS Excel Formula.pdfQMMS Lesson 2 - Using MS Excel Formula.pdf
QMMS Lesson 2 - Using MS Excel Formula.pdf
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 

Cracking Chip & PIN

  • 1. Risk Management First lesson of Banking – no Risk, no Profit. Financial Security models are always a balance. No System is Secure but it can be judged Secure Enough. Bankers have been evaluating risk and profit since the days of barter. No Security model exists in isolation. Chip & PIN builds on a considerable existing security framework
  • 2. Business Objectives Driven by simple commercial proposition Augmented by reputational elements Incorporate behavioural evolution Needs to account for and predict technology. Needs to be viable for all parties. Subject to review and planned to continuously evolve.
  • 3. Crypto Basis of Trust RSA Public Key Scheme Static Data Authentication Dynamic Data Authentication Triple (Double Length) DES Online mutual Authentication PIN What you have: Token What you know: Crypto engine / Keys / PIN
  • 4. Attack Scenarios Forced attack / threat e.g. Theft Card not present / non PIN verified e.g. Internet Mobile Commerce International e.g. Fallback
  • 5. Attack Scenarios Hard Attack of Crypto – RSA or 3*DES Exploit Procedural Elements e.g. Relay Transaction flow logistics e.g. Terminal Minder Disintermediate parties e.g. Wedge Technology Element e.g. Differential Power Analysis
  • 6. Investment / Reward 800 Million cards and growing. Fraud is a commercial business. Cost / Benefit model based. Requires significant resource dedication. Limited skill set availability. Requires greater resource to exploit. Active detection methods can rapidly terminate activity.
  • 7. Chip & PIN Today Overall scheme security remains intact and strong Hard card attack scenarios provide poor business case Soft card attack scenarios exploit interfaces and provide little business case Largest exposure remains non-chip usage New channels building in support to leverage chip and PIN – e.g. HomePay reader at home Still fit for purpose !!
  • 8.
  • 9. Remote authentication to remote services such as home banking
  • 10. P2P, B2B, and G2P payment processing