Abstract image of a woman sitting on books and studying on a laptop

Cracking Chip & PIN

onthewight, profile picture
onthewight

The document discusses the fundamental concept of risk management in banking, emphasizing the relationship between risk and profit. It highlights the importance of a robust security framework in financial transactions, particularly with the adoption of chip and pin technology. Challenges such as fraud and evolving attack scenarios are noted, along with the necessity for continuous adaptation of security measures to maintain efficacy.

Technology
1 of 8
1
2
3
4
5
6
7
8
Risk ManagementFirst lesson of Banking – no Risk, no Profit.Financial Security models are always a balance.No System is Secure but it can be judged Secure Enough.Bankers have been evaluating risk and profit since the days of barter.No Security model exists in isolation.Chip & PIN builds on a considerable existing security framework
Business ObjectivesDriven by simple commercial propositionAugmented by reputational elementsIncorporate behavioural evolutionNeeds to account for and predict technology.Needs to be viable for all parties.Subject to review and planned to continuously evolve.
CryptoBasis of TrustRSA Public Key SchemeStatic Data AuthenticationDynamic Data AuthenticationTriple (Double Length) DESOnline mutual AuthenticationPINWhat you have: TokenWhat you know: Crypto engine / Keys / PIN
Attack ScenariosForced attack / threat e.g. TheftCard not present / non PIN verified e.g. InternetMobile CommerceInternational e.g. Fallback
Attack ScenariosHard Attack of Crypto – RSA or 3*DESExploit Procedural Elements e.g. RelayTransaction flow logistics e.g. Terminal MinderDisintermediate parties e.g. WedgeTechnology Element e.g. Differential Power Analysis
Investment / Reward800 Million cards and growing.Fraud is a commercial business.Cost / Benefit model based.Requires significant resource dedication.Limited skill set availability.Requires greater resource to exploit.Active detection methods can rapidly terminate activity.
Chip & PIN TodayOverall scheme security remains intact and strongHard card attack scenarios provide poor business caseSoft card attack scenarios exploit interfaces and provide little business caseLargest exposure remains non-chip usageNew channels building in support to leverage chip and PIN – e.g. HomePay reader at homeStill fit for purpose !!
Chip & PIN @ HomeHomePay Secure e-commerce payments with Chip & PIN

More Related Content

PPT
Point of Sale Insecurity: A Threat to Your Business
SurfWatch Labs
 
PPTX
Cyber Threat Management
Rishi Kant
 
PDF
Cybersecurity- What Retailers Need To Know
Shantam Goel
 
PPT
E-Banking Web Security
Dragos Lungu
 
PPT
Tech trends in Banking Industry
Soham Pablo
 
PPTX
Login cat tekmonks - v5 (mini)
Rohit Kapoor
 
PPT
Ec2009 ch10 e commerce security
Nuth Otanasap
 
PPTX
Pre-PostBreach_Are_Your_Ready
Pete Pouridis
 
Point of Sale Insecurity: A Threat to Your Business
SurfWatch Labs
 
Cyber Threat Management
Rishi Kant
 
Cybersecurity- What Retailers Need To Know
Shantam Goel
 
E-Banking Web Security
Dragos Lungu
 
Tech trends in Banking Industry
Soham Pablo
 
Login cat tekmonks - v5 (mini)
Rohit Kapoor
 
Ec2009 ch10 e commerce security
Nuth Otanasap
 
Pre-PostBreach_Are_Your_Ready
Pete Pouridis
 

Viewers also liked (20)

PPTX
IWC 2013 Budget Presentation
onthewight
 
PPTX
Didáctica de la historia en la educación infantil
citlallicabrera
 
PPTX
Propuesta metodológica sesion 2
citlallicabrera
 
PPTX
Transportation Plan
Todd Phillips
 
PPTX
Tx Gradebook Orientation
Jennifer Lopez
 
PPT
Slide presentation
ANelly01
 
PPTX
Custom personalized bedding
dezine01
 
PPT
ISA LA Instrumentation2009handout
Phil Sallaway
 
PDF
Technology cart distribution notes
Jennifer Lopez
 
PDF
LG Soluciones para Hotelería
LG Electronics Chile
 
PPT
2
pkmedia
 
PPTX
Sesion 3 actividad 1
citlallicabrera
 
PDF
12 komunikace a tvorba znalostí
KISKAcross
 
PDF
Campus navigator
Oluyomi Ojo
 
PPT
PracticeTEchnology
ANelly01
 
PPT
Gi Laboratory Nurse Bedside
jzinkel
 
DOCX
Creating groups in gradebook
Jennifer Lopez
 
DOCX
La escuela unitaria
Aylincristal
 
PDF
Jaro 2011 rozvoj kreativity - vyroba kocici busty
KISKAcross
 
PPTX
IWC 2013 Budget Presentation (revised)
onthewight
 
IWC 2013 Budget Presentation
onthewight
 
Didáctica de la historia en la educación infantil
citlallicabrera
 
Propuesta metodológica sesion 2
citlallicabrera
 
Transportation Plan
Todd Phillips
 
Tx Gradebook Orientation
Jennifer Lopez
 
Slide presentation
ANelly01
 
Custom personalized bedding
dezine01
 
ISA LA Instrumentation2009handout
Phil Sallaway
 
Technology cart distribution notes
Jennifer Lopez
 
LG Soluciones para Hotelería
LG Electronics Chile
 
2
pkmedia
 
Sesion 3 actividad 1
citlallicabrera
 
12 komunikace a tvorba znalostí
KISKAcross
 
Campus navigator
Oluyomi Ojo
 
PracticeTEchnology
ANelly01
 
Gi Laboratory Nurse Bedside
jzinkel
 
Creating groups in gradebook
Jennifer Lopez
 
La escuela unitaria
Aylincristal
 
Jaro 2011 rozvoj kreativity - vyroba kocici busty
KISKAcross
 
IWC 2013 Budget Presentation (revised)
onthewight
 
Ad

Similar to Cracking Chip & PIN (20)

PPTX
Sgsits cyber securityworkshop_4mar2017
Anil Jain
 
PPT
End-to-End Encryption for Credit Card Processing
Lennon808
 
PDF
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
Andris Soroka
 
PDF
Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...
TigerGraph
 
DOCX
Experiment
jbashask
 
PDF
Sect r35 b
SelectedPresentations
 
PDF
Replace The Current Antiquated Credit Card System
Warren Smith
 
PPT
Falcon 012009
Northwest Card Association
 
PPT
Life After Compliance march 2010 v2
SafeNet
 
PPTX
Credit Card Fraud Detection project.pptx
sanjivaniahire31
 
PPT
System Z Mainframe Security For An Enterprise
Jim Porell
 
PPTX
Hacking Point of Sale
Tripwire
 
PPT
Hw09 Large Scale Transaction Analysis
Cloudera, Inc.
 
PPTX
FinTech Belgium – Fintech Belgium MeetUp on Cybersecurity – F.Lecocq – Digitr...
FinTech Belgium
 
TXT
Smart card emv for dummies
BACKSEATRIDER
 
PPTX
E banking security
Iman Rahmanian
 
PPTX
E-commerce security using asymmetric key algorithm
gauravv7536
 
PDF
Managing & Securing the Online and Mobile banking - Chew Chee Seng
Knowledge Group
 
PPTX
PCI Compliance (for developers)
Maksim Djackov
 
PPTX
From Bad to Worse: How to Stay Protected from a Mega Data Breach
Paymetric, Inc.
 
Sgsits cyber securityworkshop_4mar2017
Anil Jain
 
End-to-End Encryption for Credit Card Processing
Lennon808
 
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
Andris Soroka
 
Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...
TigerGraph
 
Experiment
jbashask
 
Sect r35 b
SelectedPresentations
 
Replace The Current Antiquated Credit Card System
Warren Smith
 
Falcon 012009
Northwest Card Association
 
Life After Compliance march 2010 v2
SafeNet
 
Credit Card Fraud Detection project.pptx
sanjivaniahire31
 
System Z Mainframe Security For An Enterprise
Jim Porell
 
Hacking Point of Sale
Tripwire
 
Hw09 Large Scale Transaction Analysis
Cloudera, Inc.
 
FinTech Belgium – Fintech Belgium MeetUp on Cybersecurity – F.Lecocq – Digitr...
FinTech Belgium
 
Smart card emv for dummies
BACKSEATRIDER
 
E banking security
Iman Rahmanian
 
E-commerce security using asymmetric key algorithm
gauravv7536
 
Managing & Securing the Online and Mobile banking - Chew Chee Seng
Knowledge Group
 
PCI Compliance (for developers)
Maksim Djackov
 
From Bad to Worse: How to Stay Protected from a Mega Data Breach
Paymetric, Inc.
 
Ad

More from onthewight (20)

PDF
Dr Robin Wilson - Monitoring the environment from space
onthewight
 
PPTX
Dr Stephen Prior - Drones and other Unmanned Air Vehicles - Cafe Sci Isle of ...
onthewight
 
PDF
David Prendergast - Innovative Physics - From AI to Fukushima - Isle of Wight...
onthewight
 
PPTX
Prof Paul White - The behaviour of marine mammals - Cafe Scientifique - Mar 2018
onthewight
 
PPT
Dr Michelle Hale - Importance Of Marine Phytoplankton In Controlling Climate ...
onthewight
 
PPTX
Dr Catherine Mercer and Dr Frank Ratcliff - The 100,000 Genome Project - Jan ...
onthewight
 
PPTX
Dr. Jon Whitehurst - Bats, Maths and Maps - Isle of Wight Cafe Sci - Nov 2016
onthewight
 
PPTX
NAHT explain Progress 8
onthewight
 
PPTX
Dr Richard Crowder - Termites, Bees and Robots - 14 Mar 2016 - Isle of Wight ...
onthewight
 
PPTX
News Rewired Presentation - OnTheWight's experience with Automated Articles -...
onthewight
 
PDF
Dr Jen Gupta - Understanding nature’s death ray guns - 13 Oct 2015
onthewight
 
ODP
Professor John Coleman, Phonetics Department, Oxford University, talk "Voices...
onthewight
 
PPTX
Innovation at OnTheWight - Presented at What's next for Community Journalism ...
onthewight
 
PPT
Prof Arnold Taylor: The significant experiments of Robert Hooke - 8 June 2015
onthewight
 
PDF
Prof Steve F King 'The standard models in particle physics'
onthewight
 
PPTX
Intriguing Neutrinos: The Deep Secrets of Nature’s Ghosts by Dr Elisabeth Falk
onthewight
 
PDF
Nanodevices for the detection of disease by Maurits de Planque
onthewight
 
PDF
East Cowes - Proposed development - Solent Gateways - Dec 2014
onthewight
 
PPT
Prof Graham Mills - The Fate of Pharmaceutical Residues in the Aquatic Enviro...
onthewight
 
PDF
Dr Luke Myers - Tidal Power Isle of Wight - Cafe Scientifique - Sept 2014
onthewight
 
Dr Robin Wilson - Monitoring the environment from space
onthewight
 
Dr Stephen Prior - Drones and other Unmanned Air Vehicles - Cafe Sci Isle of ...
onthewight
 
David Prendergast - Innovative Physics - From AI to Fukushima - Isle of Wight...
onthewight
 
Prof Paul White - The behaviour of marine mammals - Cafe Scientifique - Mar 2018
onthewight
 
Dr Michelle Hale - Importance Of Marine Phytoplankton In Controlling Climate ...
onthewight
 
Dr Catherine Mercer and Dr Frank Ratcliff - The 100,000 Genome Project - Jan ...
onthewight
 
Dr. Jon Whitehurst - Bats, Maths and Maps - Isle of Wight Cafe Sci - Nov 2016
onthewight
 
NAHT explain Progress 8
onthewight
 
Dr Richard Crowder - Termites, Bees and Robots - 14 Mar 2016 - Isle of Wight ...
onthewight
 
News Rewired Presentation - OnTheWight's experience with Automated Articles -...
onthewight
 
Dr Jen Gupta - Understanding nature’s death ray guns - 13 Oct 2015
onthewight
 
Professor John Coleman, Phonetics Department, Oxford University, talk "Voices...
onthewight
 
Innovation at OnTheWight - Presented at What's next for Community Journalism ...
onthewight
 
Prof Arnold Taylor: The significant experiments of Robert Hooke - 8 June 2015
onthewight
 
Prof Steve F King 'The standard models in particle physics'
onthewight
 
Intriguing Neutrinos: The Deep Secrets of Nature’s Ghosts by Dr Elisabeth Falk
onthewight
 
Nanodevices for the detection of disease by Maurits de Planque
onthewight
 
East Cowes - Proposed development - Solent Gateways - Dec 2014
onthewight
 
Prof Graham Mills - The Fate of Pharmaceutical Residues in the Aquatic Enviro...
onthewight
 
Dr Luke Myers - Tidal Power Isle of Wight - Cafe Scientifique - Sept 2014
onthewight
 

Recently uploaded (20)

DOCX
search engine optimization ppt fir known well about this
StandardCodeLearning
 
PPTX
Modernising the Digital Integration Hub
Daniel Toomey
 
PPTX
Custom Battery Pack Design Considerations for Performance and Safety
Epec Engineered Technologies
 
PDF
The influence of sentiment analysis in enhancing early warning system model f...
IAESIJAI
 
PPTX
AI IN MARKETING- PRESENTED BY ANWAR KABIR 1st June 2025.pptx
HiraJay1
 
PDF
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
PPTX
The various Industrial Revolutions .pptx
bandileshozi3
 
PPTX
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
PPT
What is a Computer? Input Devices /output devices
GulJan8
 
PDF
Produktkatalog für HOBO Datenlogger, Wetterstationen, Sensoren, Software und ...
Metrics GmbH
 
PDF
Five Habits of High-Impact Board Members
OnBoard
 
PDF
sbt 2.0: go big (Scala Days 2025 edition)
Eugene Yokota
 
PDF
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
PDF
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
PDF
How IoT Sensor Integration in 2025 is Transforming Industries Worldwide
Rejig Digital
 
PDF
CloudStack 4.21: First Look Webinar slides
ShapeBlue
 
PDF
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
PDF
“A New Era of 3D Sensing: Transforming Industries and Creating Opportunities,...
Edge AI and Vision Alliance
 
PDF
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
PDF
Convolutional neural network based encoder-decoder for efficient real-time ob...
IAESIJAI
 
search engine optimization ppt fir known well about this
StandardCodeLearning
 
Modernising the Digital Integration Hub
Daniel Toomey
 
Custom Battery Pack Design Considerations for Performance and Safety
Epec Engineered Technologies
 
The influence of sentiment analysis in enhancing early warning system model f...
IAESIJAI
 
AI IN MARKETING- PRESENTED BY ANWAR KABIR 1st June 2025.pptx
HiraJay1
 
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
The various Industrial Revolutions .pptx
bandileshozi3
 
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
What is a Computer? Input Devices /output devices
GulJan8
 
Produktkatalog für HOBO Datenlogger, Wetterstationen, Sensoren, Software und ...
Metrics GmbH
 
Five Habits of High-Impact Board Members
OnBoard
 
sbt 2.0: go big (Scala Days 2025 edition)
Eugene Yokota
 
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
How IoT Sensor Integration in 2025 is Transforming Industries Worldwide
Rejig Digital
 
CloudStack 4.21: First Look Webinar slides
ShapeBlue
 
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
“A New Era of 3D Sensing: Transforming Industries and Creating Opportunities,...
Edge AI and Vision Alliance
 
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
Convolutional neural network based encoder-decoder for efficient real-time ob...
IAESIJAI
 

Cracking Chip & PIN

  • 1. Risk ManagementFirst lesson of Banking – no Risk, no Profit.Financial Security models are always a balance.No System is Secure but it can be judged Secure Enough.Bankers have been evaluating risk and profit since the days of barter.No Security model exists in isolation.Chip & PIN builds on a considerable existing security framework
  • 2. Business ObjectivesDriven by simple commercial propositionAugmented by reputational elementsIncorporate behavioural evolutionNeeds to account for and predict technology.Needs to be viable for all parties.Subject to review and planned to continuously evolve.
  • 3. CryptoBasis of TrustRSA Public Key SchemeStatic Data AuthenticationDynamic Data AuthenticationTriple (Double Length) DESOnline mutual AuthenticationPINWhat you have: TokenWhat you know: Crypto engine / Keys / PIN
  • 4. Attack ScenariosForced attack / threat e.g. TheftCard not present / non PIN verified e.g. InternetMobile CommerceInternational e.g. Fallback
  • 5. Attack ScenariosHard Attack of Crypto – RSA or 3*DESExploit Procedural Elements e.g. RelayTransaction flow logistics e.g. Terminal MinderDisintermediate parties e.g. WedgeTechnology Element e.g. Differential Power Analysis
  • 6. Investment / Reward800 Million cards and growing.Fraud is a commercial business.Cost / Benefit model based.Requires significant resource dedication.Limited skill set availability.Requires greater resource to exploit.Active detection methods can rapidly terminate activity.
  • 7. Chip & PIN TodayOverall scheme security remains intact and strongHard card attack scenarios provide poor business caseSoft card attack scenarios exploit interfaces and provide little business caseLargest exposure remains non-chip usageNew channels building in support to leverage chip and PIN – e.g. HomePay reader at homeStill fit for purpose !!
  • 8. Chip & PIN @ HomeHomePay Secure e-commerce payments with Chip & PIN
  • 9. Remote authentication to remote services such as home banking
  • 10. P2P, B2B, and G2P payment processing