Stories
Slash Boxes
Comments

SoylentNews is people

Mastercard Armours its Contactless Cards Against Relay Attacks

posted by cmn32480 on Friday August 05 2016, @03:06PM   Printer-friendly
from the they-gave-it-a-tinfoil-hat dept.

Arthur T Knackerbracket has found the following story:

Elements of the payment card industry have introduced a new contactless payment card security feature, designed to defend against relay attacks.

Relay attacks were first demonstrated nine years ago by a team of computer scientists Saar Drimer and Steven Murdoch.

The pair also suggested how the security flaw can be mitigated using a technique called distance bounding). Mastercard has taken up this defence, meaning its cards (at least) are protected.

“Finally the banks are now implementing this defence, though only for contactless cards (as they are more vulnerable than the contact Chip and PIN cards that were available in 2007), and so far only for MasterCard cards,” Murdoch told El Reg.

Murdoch says that although the relay attack is real it’s unclear whether or not fraud based on the security weakness has actually taken place.

“I’m not aware of any confirmed cases, other than academic experiments. However, unless this were a widespread fraud, I don’t think I would have heard about it even if it had happened,” Murdoch explained.

“There have been bank customers who have come to me or colleagues to say that they have been refused a refund for a Chip and PIN transaction that they said did not take place. In some of these cases it might have been a relay attack, but in almost every case it is never established what happened.”

“The banks have taken the position that a relay attack is unlikely and since the decision of whether a bank refunds the customer is based on the most likely explanation, the bank always presents another scenario as being the most likely (normally customer negligence),” he added.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Mastercard Armours its Contactless Cards Against Relay Attacks | Log In/Create an Account | Top | 9 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by jmorris on Friday August 05 2016, @09:20PM

    by jmorris (4844) on Friday August 05 2016, @09:20PM (#384632)

    You forgot:

    6) They don't know how to calculate the sales tax. You probably don't either. No it isn't a fixed percentage.
    7) Most cashiers can't manually make change. A phone's calculator can at least solve this one if you get one with at least animal intelligence.

    But your 5) is just narrow minded bigotry. No shopkeeper is going to stop you if you are a cash wielding customer and he is in a position to actually take your money. Remember that the guy behind the counter is of one of two types. The first 'just works here' and doesn't give a crap, he is outta there long before the marauding hordes start roaming, probably carrying off the choicest loot himself. The second owns the joint and he is going to be the one you encounter with a shotgun defending what is his from the orcs. All you have to do is convince him you aren't a threat and that isn't generally difficult.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2