We must be able to trust payment systems: Payment terminals have conquered nearly every retail outlet and payment cards are as pervasive as cash.
Major parts of this critical payment infrastructure, however, rely on proprietary protocols from the 90’s with large security deficiencies. Payment terminals and the payment processors they connect to are once again the culprit.
Stealing customer credentials.
Fraudsters can gain access to large numbers of card details and matching PIN numbers over computer networks.
The main communication protocol between payment terminals and cash registers, ZVT in Germany, allows a fraudster to simply read payment cards – including credit and debit/EC cards – from the local network.
Worse yet, the protocol provides a mechanism for reading PIN numbers remotely. This mechanism is protected by a cryptographic signature (MAC). The symmetric signature key, however, is sometimes stored in Hardware Security Modules (HSMs), of which some are vulnerable to a simple timing attack, which discloses valid signatures. A signature extracted from one such HSM can be used to attack other, more secure models since the signature key is the same across many terminals, violating a base principle of security design.
Merchant account compromise.
Fraudsters can also transfer money from merchant accounts, anonymously over the Internet.
Defense need.
In the short term, abusable functionality such as refunds and SIM top-ups should be deactivated wherever possible. To introduce widely acknowledged security principles into our critical payment infrastructure, more drastic system updates are necessary:The two main payment protocols in Germany, ZVT and Poseidon, are both insecure for the same reason: They share secret keys among a large number of devices. Deploying an individual key to each terminal is paramount to make payment systems more fraud-resistant.
Details of this research were presented at 32C3.