About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion



  • Add to
Technorati Favorites


  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« Will industry rescue the identity card? | Main | Cloning e-passports »

Shell game

By davebirch posted Jul 31 2006 at 9:43 PM

[Dave Birch] On his excellent blog, Jerry Fishenden (Microsoft's National Technology Officer UK) mentions chip and PIN security and talks about the recent press over Shell service stations not accepting chip and PIN cards (I bought petrol at a Shell garage in Woking today and had to sign for it) after fraudsters installed devices underneath the keypads that cached details of card numbers and PINs.  Jerry correctly points out that this was about financial fraud, not identity fraud.  But there are clearly ramifications for identity cards and if we're going to be responsible we need to tackle the public's concerns.

Technorati Tags: , , , ,

If companies or governments issue ID cards that can be authenticated with PINs, then this kind of fraud will be repeated, except that the bad guys will be stealing ID card PINs instead of bank card PINs.  But what does that matter in a world of two-factor authentication, where the bad guys needs the cards and the PIN in order to execute an attack? After all, identity cards won't have a magnetic stripe "fallback" option, so it's hard to see how to get away with anything. So, rationally, the Shell fraud doesn't really mean much for ID fraud.  Yet it is a very undermining kind of fraud.  It tells members of the public that they cannot trust the terminals -- of whatever kind -- that they are putting their cards into.  It's really hard to know what to do about this, because unless terminals are in a wholly secure environment, they will always be subject to attack.  And if the terminals are made wholly tamper-resistant, then they will simply be replaced by subverted terminals. What is critical is that obtaining the card details and PIN does not enable an attacker to create counterfeit cards.  In practical terms, this means that ID cards must have similar cryptography to EMV DDA cards (ie, public key cryptography) which naturally means a slightly higher price.  But it's a price worth paying. (Incidentally, a podcast from Jerry will up here this week).


The comments to this entry are closed.