final draft_devanshi goyal
TRANSCRIPT
NORTHEASTERN UNIVERISTY
MITIGATION OF SECURITY RISKS IN EMV-CHIP CREDIT CARD TRANSACTIONS
A PAPER PRESENTED TO
DEREK BRODEUR
IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE COURSE
IA 5010 - FOUNDATION OF INFORMATION ASSURANCE
BY
DEVANSHI GOYAL
APRIL 17, 2016
CONTENTS
CHAPTER 1. INTRODUCTION....................................................................................................2
CHAPTER 2. TRANSITION TO EMV-CHIP ENABLED CARDS.............................................2
2.1 Why This Shift was Necessary?........................................................................................2
2.2 Technology adopted in EMV-chip enabled cards.............................................................4
2.3 Projections.........................................................................................................................6
2.4 Liability Shift and Its Impact............................................................................................7
CHAPTER 3 PAYMENTS USING NEAR FIELD COMUNICATION........................................7
3.1 What is NFC?.........................................................................................................................7
3.2 NFC-Based Payments……………………………………………………………….……...8
3.3 NFC Payment Processing Applications……………………………………………….……8
3.4 Security Techniques Implemented in NFC…………………………………………….…...9
CHAPTER 4 VULNERABILITIES IN EMV CHIP TECHNOLOGY AND SUGGESTED SOLUTIONS…………………………………………………………………………………….11
4.1 Chip and PIN are broken……………………………………………………………….11
4.2 EMV Relay Attack…………………………………………………..............................12
4.3 SDA Card Cloning and Modification.............................................................................12
4.4 Attacks in Hybrid Environment .....................................................................................13
4.5 CVM Downgrade Attack................................................................................................14
4.6 Pre-play Attack...............................................................................................................14
4.7 Some More Solutions to Enhance the Overall Security in EMV Chip Transactions………………………………………………………………………………...…15
CHAPTER 5 VULNERABILITIES IN NFC PAYMENT METHODS AND SUGGESTED SOLUTION...................................................................................................................................17
5.1 Eavesdropping......................................................................................................................17
5.2 Man-in-the-Middle Attack…………………………………………….…………………...17
5.3.Relay Attack.........................................................................................................................17
5.4.Spoofing................................................................................................................................18
5.5.Data Corruption ....................................................................................................................18
CHAPTER 6 CONCLUSION AND FUTURE GENERATION TECHNOLOGY......................18
REFERENCES..............................................................................................................................20
CHAPTER 1. INTRODUCTION
The security risks involved in credit card transactions is one of the biggest threats to most business organizations today. Compromised credit cards and data breaches are dominating the headlines from past couple of years. The credit card transaction fraud rate is growing exponentially around the world with U.S. accounting for 47 percent of total breaches worldwide despite the fact that it accounts for only 24 percent of total worldwide card volume. (Homes2015).
The major reason behind these breaches was a heavy reliance on traditionally used credit cards with a magnetic stripe which is far less secure than modern chip-and-PIN technology. The magnetic stripe cards are activated when swiped through Electronic Data Capture (EDC) magnetic stripe terminals. All the data stored on these cards is in an unencrypted format which makes it very easy for the attacker to tamper with the card and obtain all the transaction related information. Fraudsters are constantly finding new and innovative ways to create counterfeit cards with really simple techniques. This has increased the number of payment card breaches all over the world.
The security issues posed by magnetic stripe cards raised an urgent need for a better technology which led to the advent of EMV chip-enabled credit cards. EMV is an electronic chip based solution which was jointly proposed by the three major card associations – namely Europay International SA, MasterCard and Visa (EMVTM) in 1994. Over the time, EMV has replaced magnetic stripe in most parts of the world thereby, becoming the de facto standard in credit/debit payments, considering the important market share held by these three associations in the retail financial services. The basic technology involved in EMV is that the card is authenticated by a chip which is much difficult to forge as compared to the magnetic stripe and this chip has the ability to locally verify the identity of the card owner by the means of a signature (Chip-and-signature) or a PIN (Chip-and-PIN). (S. J. Murdoch 2010). Since the implementation of EMV chip-enabled cards and POS terminals, there has been a significant decline in fraud rates offering real benefits to retailers, acquirers, card issuers and card holders.
The aim of this paper is to emphasize the need for a transition from magnetic stripe cards to EMV chip-enabled cards and the effectiveness of EMV technology in mitigating the security issues posed by magnetic stripe cards. Since there is always a scope for improvement; this paper will also address the vulnerabilities in EMV and will discuss the upcoming technology of Near Field Communication (NFC). This paper will also recommend some viable solutions to mitigate the risk factor involved in forth discussed payment transaction methods in a cost effective manner.
CHAPTER 2. TRANSITION TO EMV-CHIP ENABLED CARDS
Before discussing the technical details of EMV chip cards, one needs to understand why EMV chip technology was introduced in first place. This chapter intends to highlight the flaws in
1
2
magnetic stripe technology and data breach attacks occurred due to its use which called for utter need of a better and more secure technology, thus, giving rise to EMV chip technology.
2.1 Why This Shift was Necessary?
2.1.1 Fraud Rates With over 421.82 million credit cards in the world in 2015, there is an ever
increasing need for security in payment transaction methods. According to Nilson Report, July 2015, total credit card and debit card fraud amounted to $16.31 billion during 2014. The USA was on top of the list of affected countries with over 41% of the total cardholders affected by card fraud incidents. The major reason behind these breaches was large scale prevalence of magnetic stripe cards in the USA and slow adoption of EMV chip cards. (John n.d.).
2.1.2 Exploiting the vulnerabilities in magnetic stripe cards The magnetic stripe is made up of tiny iron-based magnetic particles
which can be magnetized in either north pole or south pole in order to write credentials on the card. These credentials (PAN, cardholder’s name, expiry date, CVV) is present in unencrypted format and is vulnerable to theft and counterfeit attacks. There is no method to verify the identity of the card owner. This led to the exploitation of magnetic stripe cards thereby causing huge frauds worldwide. Some of the techniques used by fraudsters to create counterfeit cards are listed below:
Brute Force attack: The researchers at CAPEC analysed that data stored on the magnetic stripe of the credit card is unencrypted and careful analysis of two or more cards can determine where the changes are taking place and, therefore, can yield the card structure. The attackers, by using this structure can generate new cards with valid sequences, thereby, gaining unauthorized access. (CAPEC 2015).
Skimming: Three researchers at Tata Consultancy Services described the process of skimming as electronically copying the data of one credit card onto another simply by using a battery-operated electronic magnetic card reader. This device is used to get hold of customer’s card details which can be further used for card-not-present (CNP) transactions by fraudsters.(Bhatla 2003).
White plastic: A white plastic is a card-size piece of plastic which can be encoded with legitimate magnetic stripe data for illegal transactions. Fraudsters can use these duplicated cards are POS terminals where validation or verification is not required (for example, petrol pumps and ATM).
The magnetic strip transaction architecture is well depicted in the diagram below. We can clearly infer that the card is prone to attack at almost every step of transaction. On careful analysis of the complete transaction process, it is very easy to attack a magnetic stripe card. Such detailed explanation of its working is out of the scope of this paper.
3
Figure 1- “Magnetic stripe transaction Framework”Source: (Guy n.d.)
2.1.3 Case Study – Target Data Breach Attack On December 19th, 2013, Target Corporation was hit by a massive data breach
attack which exposed 130 million credit card and debit card accounts of its customers. About 1797 stores in USA and 124 in Canada and some stores in Russia and Brazil were attacked. The stolen information included customer name, credit card and debit card account numbers, expiration date, CVV (card verification rules), phone number, email addresses and mailing address. The main reason behind the attack was a lack of security on point-of-sale (POS) terminals used in Target stores and magnetic stripe cards.(Michael 2015).
Attack anatomy
Attackers gained access to Target’s network by stealing network login credentials from an HVAC company- Fazio mechanical Services that works for Target. They logged into the network and uploaded a malware program – Trojan.POSRAM on organization’s POS terminals. This malware had a “RAM-scraping” portion which stole the data from the POS terminal lacking internet connectivity when the card was swiped. Attackers took advantage of the unencrypted information present on the magnetic stripe cards thus making it vulnerable to attacks. (Michael 2015).
2.1.4 Why EMV technology is more secure An EMV chip card contains an electronic chip which create unique codes for each
transaction. As a result, the stolen chip information from a specific POS terminal or typical card duplication would be useless. A transaction-unique cryptogram secures payment transactions by authenticating during online transactions thereby safeguarding cardholders, card issuers, and merchants against frauds. Also, a transaction-unique digital signature authenticates the card during offline transactions, hence preventing creation and usage of fraudulent payment cards. A common certified standard for processing transactions ensures global interoperability. Hence. All these features lead to enhanced security in EMV chip technology. (Alliance, Smart Card 2012).
4
2.2 Technology Adopted in EMV-Chip Enabled Cards
EMV specifications follow ISO / IEC 7816 series of standards for contact cards. EMV chip specifications are the subset of the above series of standards. The ISO / IEC 7816-3 specify the interaction between the card and the terminal. (CardLogix Corporation 2010).The steps involved in an EMV transaction are discussed as follows:
2.2.1 Read Application Data The POS terminal requests all information from the card required to process the
transaction. There are three types of card interface – contact cards and readers, contactless card and readers and a dual interface supporting both these interfaces. (FiservInc. 2010).
2.2.2 Card Authentication This step confirms that the card is legitimate through online or offline
authentication processes. Online authentication is carried out by the issuer whereas offline is done at the POS terminal using RSA public key cryptography. In online authentication, issuer decides whether to validate the card on their own or allow the card brands to do it on their behalf. In offline authentication, one of the three techniques – Static Data Authentication (SDA), Dynamic Data Authentication (DDA), Combined DDA/Application Cryptogram Generation (CDA) is supported. The issuer must support public key infrastructure for carrying out offline authentication. SDA, DDA, and CDA as explained by researchers at Cryptomathic is as follows:
Static Data Authentication (SDA)The purpose of SDA is to confirm that the data placed onto the card
chip has not been altered. RSA signature is the most basic layer of crypto which authenticates the payment card itself when it is used at the ATM or POS terminal. In SDA, there is a static cryptogram (signed static application data) placed onto the chip during production. The private key of the issuer’s RSA key pair is used to sign the application data on the card. “When this card is inserted into the terminal, it sends this static cryptogram, the CA index, and the issuer certificate to the terminal. The terminal performs the public key authentication of the cryptogram.” Verification is performed by comparing the issuer’s certificate and the digital signature with the application data on the card. If this is successful, then it means that the card is unaltered. However, SDA implementation is vulnerable to skimming and various other attacks which are discussed later in this paper. (Cryptomathic 2013).
5
Figure 2 - SDA Process Source: (Guy n.d.).
Dynamic Data Authentication (DDA)A DDA implemented chip cards are capable of performing public key
cryptographic processing. Every smart card possesses a card-unique RSA key which signs dynamic data and is unique to a particular transaction for validation at the POS terminal. The terminal, on receiving the card data, performs a public key authentication of the dynamic cryptogram. It does so by verifying the issuer certificate, smart card certificate, and the signed dynamic application data. DDA is a better authentication technique than SDA as it is not feasible to obtain the private key on a chip card simply by reading the card and it also protects against skimming. (Cryptomathic2013).
Combined Dynamic Data Authentication/Application Cryptogram Generation (CDA)
CDA is a variation of DDA wherein it not only authenticates the validity of the card but also authorizes the transaction process. Similar to DDA, the card must be capable of performing RSA cryptographic processing. The initial process is same as DDA but in addition to that, during card action analysis, a second dynamic signature is generated by the card which is verified by the terminal using RSA cryptography. This authenticates the card as well as authorizes the transaction. CDA basically covers the weaknesses of SDA and DDA which may be exploited for criminal purposes. (Cotignac 2008).
6
Figure 3 - DDA/CDASource: (Cryptomathic 2013).
2.2.3 Card Verification The POS terminal verifies that the person presenting the card is a legitimate card
holder. There are four methods supported by EMV to verify the identity of the cardholder:
a) Offline PINb) Online PINc) Signature d) No Cardholder Verification Method (CVM)
2.2.4 Transaction Authorization The POS terminal confirms that the cardholder’s account has enough fund to
process the transaction. EMV transactions can be authorized either online or offline depending on merchant’s preference and situation. Mostly, online authorization is preferred. When an EMV chip card is programmed, it can be configured to permit both offline and online methods described as follows: (Host Merchant Services 2014).
a) Online Authorization: The transaction data and unique cryptogram are sent to the card issuer and the issuer then verifies the transaction and chooses to accept or decline it.
b) Offline Authorization: This method is used when POS terminal lacks internet connectivity. It is generally not preferred but is a faster method of authorization because it does not involve sending transaction data to a third party. Authorization is done by terminal and card itself based on certain risk parameters and a decision is taken whether to accept or decline the transaction.
2.3 Projections
EMV has helped to significantly reduce the payment card fraud rates in all the countries who have adopted this technology. According to Gemalto’s latest findings of Breach Level Index, by 2012, 45% of the world’s payment cards and 76% of POS terminals were equipped with EMV chip-and-PIN technology. Over 75 countries are transitioning from magnetic stripe
7
cards to EMV chip smart cards. Here are some key takeaways of the EMV chip migration and its impact in various countries around the world:
1. In the United Kingdom, there is a 56% reduction in counterfeit fraud rate since the country rolled out EMV chip cards in 2005.
2. Australia saw 38% reduction in credit card fraud rate since its adoption of EMV in 2008.
3. Canada too adopted EMV in 2008 and there was 49% reduction in counterfeit fraud. Also, the losses from skimming were brought down from C$142 million ($129 million) in 2009 to C$38.5 million in 2012.
4. USA is one of the last developed countries migrating to EMV chip card technology. This is the reason that card fraud rates are on the rise in the United States. Around 31.8 million U.S. credit card holders were affected by fraud attacks in 2013. However, a total of more than 570 million new chip-enabled cards are in circulation in the United States. Migration of 1.2 billion cards and 8 million POS terminals is in progress, to meet the EMV specifications and standards. (Homes 2015).
2.4 Liability Shift and Its Impact
Beginning October 2015, EMV fraud “liability shifts” are implemented on some U.S. payment networks which states that in case of any fraudulent transactions from lost, stolen or counterfeit cards created from the magnetic stripe on chip cards, if the merchant or acquirer has not implemented EMV enabled chip devices and if they do not use EMV applications to process the payment transactions then the sole responsibility of the fraud will be borne by these merchants/acquirers. This rule is valid only on Card Present Transactions and not CNP transactions. Also, the cost of deploying the EMV enabled POS terminals has to be borne by merchants and acquirers. The implementation of EMV in U.S. was initially slow due to lack of clarity among merchants, card issuers, acquirers and processors about the policies of the liability shift framework. However, the implementation process is speeding up now as it is expected that by October 2017, the United States will be completely equipped with EMV chip-enabled cards and devices. ( EMV Migration Forum 2015).
CHAPTER 3 PAYMENTS USING NEAR FIELD COMUNICATION
3.1 What is NFC?Near Field Communication (NFC) is a set of short-range wireless communication
standards which has evolved from the Radio Frequency Identification (RFID) technology. It involves two NFC-enabled devices such as two smartphones or a smartphone and an NFC-enabled terminal (ex. ViVOPay 4500) which can read the data on the NFC chip in the smartphone. The range of communication is as short as 4 inches (in practicality, it is only 4cm). However, this short range provides security benefits in payment processes via NFC. Two NFC-enabled communicating devices can exchange information with each other via a simple tap or wave. The NFC chip works on very low power as compared to Bluetooth device and also provides two-way communication, unlike RFID’s one-way reading technology.
8
NFC is slowly becoming the latest mode of payment transactions with POS terminals having the capability to read NFC chips in devices. Google, Apple, BlackBerry, and HTC have equipped their smart phones and watches (Apple watch) to support NFC and various applications have been launched to process the transactions. A great example to depict the ease of paying using NFC was seen at Intel Developer Forum (IDF) in San Francisco wherein when a smartphone was tapped onto the laptop; it logged into a site and paid for an online purchase thereby avoiding any filling up of forms.
3.2 NFC-Based Payments1. Using Credit Cards or Debit Cards: Contactless payments can be processed via
waving or tapping an EMV chip credit card up to an NFC-enabled POS terminal.(Smart Card Alliance n.d.). An NFC-enable terminal will have a logo on it as shown it the figure below:
Figure 4 NFC logo printed on an NFC-enables POS terminalSource: (world 2013)
2. Using Smartphones : An NFC-enabled smartphone acts almost like a standard contactless smart card and can be easily used for making transactions. There are various Android and iOS applications which enables the user to user their smartphone as a payment device. The users simply need to tap or wave their smartphone on the POS terminal and enter the PIN or present biometric feature for authentication. Applications such as Google Wallet, Apple Pay, Android Pay, and Samsung Pay have provided an alternative for credit cards. They are discussed in detail in the following section:
Technological Overview: NFC works using magnetic field induction to enable communication between two electronic devices. An NFC-enabled smartphone has a built-in NFC chip with a coil in it. The POS terminal which is also capable of reading NFC chips creates a magnetic field. When the distance between these two talking devices is up to 4 cm, then the radio waves carrying signals are communicated between them which allows a two-way communication. Transaction is authorized by entering a PIN or by biometric verification. (Kumar 2011).
3.3 NFC Payment Processing Applications 1. Google Wallet : Author Megan Geuss at Ars Technica nicely explains Google
Wallet as an open platform application plus an android application which facilitates NFC-based payment between a smartphone and NFC-enabled POS terminal. Through Google wallet app, you can store and use your credit cards, debit cards as virtual cards on your smartphone. You just need to tap your phone up to a card reader and it will authenticate your card information via a 4-digit PIN and process the payment. Google Wallet also provides prepaid cards which you
9
can use exactly like your credit cards. Google Wallet is secured as it relies on Host Card Emulation (HCE) technology. (Megan 2014).
2. Apple Pay: With Apple Pay, customers can securely and easily pay using their iPhones, iPads or Apple watches. Apple Pay is a contactless payment technology which uses NFC to process transactions. When you upload your card image on your Apple device, it is sent to Apple servers in encrypted form. Apple decrypts it, determines the card’s payment network and re-encrypt and send it to your bank. Bank will authorize the card and generate a device specific Device Account Number, encrypt and send it along with other information to Apple. Apple will then store all this information on your Apple device’s Secure Element (a chip which is isolated from the rest of iOS). In this way, no information is stored on Apple’s servers or your device. Apple Pay authenticates payment using Touch ID.(Apple Inc. 2016).
3. Android Pay : Google Wallet introduced Android Pay as an upgraded version of the Wallet comprising better comprehensive features. Technology reporter Elyse Betters explains that it works with NFC-enabled Android devices supporting version 4.4 (KitKat) or higher. It creates virtual cards by storing user’s credit card or debit card details. These virtual cards can be used in for payment transactions thereby eliminating the need for physical cards. Android pay is secured application as it uses HCE in conjunction with tokenization (both of these concepts are discussed later in this paper) for payment processing. (Elyse 2016).
4. Samsung Pay : Samsung Pay is yet another NFC-based payment processing Android application built by Samsung. It currently works with Samsung S6, S6 Edge, Edge+ and Note 5 phones. This app can be used at traditional card readers as well which only supports magnetic stripe cards. This is possible due to Magnetic Secure Technology (MST) built into this app which emits magnetic signals similar to magnetic stripe cards. Samsung pay authenticates transaction via biometric verification (fingerprint scan). Similar to Apple pay, this app also uses Secure Element to store static card credentials. It also uses tokenization and has support for HCE. Samsung Pay provided ARMTrustZne to further protect user’s transactions. (Bohn 2015).
Offering Technology Used in U.S. Contactless Payment9
Dual-interface chip card EMV chip card with both contact and contactless interfaces
Apple Pay™ NFC, secure element, tokenization
Android Pay NFC, Host Card Emulation, tokenization
Samsung Pay™ NFC, Host Card Emulation, Magnetic Secure Transmission, tokenization
Table 1 - Examples of U.S. Contactless Payment Offerings (Current and Announced) Using NFCSource: (A SMART CARD ALLIANCE MOBILE AND NFC COUNCIL 2015).
3.4 Security techniques Implemented in NFC
10
NFC based payments are made secure by implementing technologies as discussed below:
1. Authentication: All NFC payment applications use some form of authentication before processing the transaction. Common authentication methods are PIN number, pattern or biometrics. Apple Pay requires Touch ID whereas Apple Watch requires you to enter a PIN to authorize Apple Pay. In addition, the watch must be in constant skin contact to authorize payment. Similarly, Google Wallet, Android Pay, and Samsung pay too requires authentication methods as already discussed above.
2. Secure Element: Secure Element (SE) is a tamper-resistant hardware module which resides in highly secure crypto chips embedded in phone’s hardware or SIM/UICC card or SD card. Access to its interface is restricted and protected via strong encryption. It has limited memory for all the applications it stores and various other functions such as encryption, decryption etc. NFC itself is not involved in the payment transaction. It is the software program in the form of payment application or applet stored in SE which emulates the contactless card. Applications like Apple Pay and Samsung pay makes use of SE to store the credit card data. The process how SE is used by Apple pay has been discussed above. Host-based Card Emulation (HCE) is an alternative to Secure Element. However, the same device can possess both the technologies. This conjunction is discussed in the following topic. (Ganeshji, Mobile Payments: What is a Secure Element?2014)
3. Host-based card Emulation (HCE): HCE is another card emulation technology which overcomes the limited memory and slow processing power limitation of Secure Element. Unlike SE, HCE directly interacts with the host CPU. If HCE is deployed in transaction processing, then the NFC controller routes all the data to the host CPU instead of SE. Since host CPU is highly insecure to store card credential information, it moves all the data to a hosted cloud environment thereby allowing a secure storage and processing environment. This cloud database is maintained with high-security standards. The limitation of using HCE is all time need for data connection and security. HCE is usually used in combination with tokenization which adds an extra layer of security. The strength of HCE lies in temporary keys, tokens, device authentication via biometric verification or PIN and transaction risk analysis. (Ganeshji, Mobile Payments:What is HCE? 2014).
Co-existence of HCE with Secure Element: Both Secure Element and HCE can reside in the same device. This is based on the principle of “AID routing”. NFC controller maintains a routing table consisting of some routing rules. Each rule has an AID (application ID) and destination. The destination can either be host CPU or Secure Element. Depending upon the AID selected (either x or y), the data packet (called APDU) is routed to the destination associated with the selected AID. Routing tables are automatically configured by Android.(Android n.d.)
11
Figure 5- Both HCE and SE are incorporated in the same deviceSource: (Android n.d.)
4. Tokenization: “EMVCo.Payment Tokenization Specification” describes technical specifications for creating tokens. According to this report, a token is a random sequence of numbers which substitute credit card’s original 16-digit PAN- Primary Account Number. Tokens are also called as Pseudo-PAN. Use of tokens eliminates the exposure of credit card credentials to the retailer thereby reducing the risk of creating a counterfeit card. Original PAN is passed through Token Service Provided (TSP) to generate tokens which are then delivered to the mobile app and used with HCE. To process the transaction, TSP is used to revert token into original PAN. A token can only be reverse engineered to reveal original PAN by the issuer possessing correct decryption key Different tokens are created for different users and they can single use or multi-use tokens. The last four digits of original PAN are not tokenized so that the issuer can identify the customer in case of return or loyalty program. The security provided by tokenization lies in the fact that a compromised token has no value. Usually, tokenization is used along with HCE or Secure Element. (Pannifer Steve 2014).
CHAPTER 4 VULNERABILITIES IN EMV CHIP TECHNOLOGY AND SUGGESTED SOLUTIONS
4.1 Chip and PIN are broken: Computer researchers Steven Murdoch, Saar Drimer, Mike Bond and Ross Anderson at
Cambridge University, UK demonstrate a man-in-the-middle attack which can allow an attacker to use a stolen Chip and PIN card without knowing the PIN.Chip and PIN protocol have cardholder verification step wherein a negotiation is performed between the card and terminal to establish which authentication sub-protocol to use – PIN verification, signature verification or no verification at all. However, according to Cambridge University researchers, “PIN verification step is never explicitly authenticated”. By using a simple man-in-the –middle device, you can intercept and modify the communications between the card and terminal thereby making it think
12
that it is performing PIN verification whereas the card will think it is performing Signature verification. As a result, any PIN (ex. 0000) entered into the terminal will successfully process the transaction and the receipt so printed will say “Verified by PIN”. The PIN is never sent to the card, so the PIN retry counter remains as it is. In all this process, card thinks that terminal does not support PIN verification and has used signature verification. Attacks work well with both offline and online terminals. This attack cannot be performed at ATM’s or with canceled cards.
Suggested Solution : One possible solution as suggested by Murdoch and his fellow researchers is for the terminal to parse the IAD (Issuer application data) containing PIN verification result. This method is effective for online transactions and offline ones if CDA implemented cards are used. A man-in-the-middle device can tamper with the IAD because it is returned by the card. IAD is meant for the issuer and can be implemented in several formats. So, banks and terminal vendors need to come together to act on this issue. (Steven J. Murdoch 2010).
4.2 EMV Relay Attack An attacker can perform fraudulent transactions using a card with a fake chip. In this
attack, a genuine card can be “relayed” on a faulty POS terminal to perform a legitimate transaction on another POS terminal present at a different location, thereby making it accept a counterfeit card. The Chip and PIN relay attack was demonstrated by Cambridge University computer researchers Saar Drimer and Steven J. Murdoch in 2007. They demonstrated that when a genuine EMV chip card is inserted into a fake terminal (attacker’s terminal), the information on the card (PIN) is relayed to the attacker’s accomplice possessing a counterfeit card and present at another location in any part of the world. This accomplice inserts her card into the merchant’s genuine POS terminal and enters the relayed PIN. The transaction is approved. Hence, the attack is successful. To the bank, the transaction appears to be legitimate as correct PIN was entered. Thus, relay attacks are super hard to detect. This attack works well not only with SDA cards where information between card and terminal in unencrypted but also with DDA cards because encryption only prevents reading and modification to data, whereas the attackers just need to relay data to his accomplice without altering it. The main reason why this attack works is customer’s trust on the integrity of merchant’s POS terminal and merchant’s ignorance to verify customer’s card. (Murdoch 2007).Suggested Solution : EMV relay attack can be prevented in several ways as discussed below:
1. Identification of fake cards by merchants : Check hologram and embossing on the card and insert the card into the reader
themselves. Usually, a relay card is a wired card but if the merchant is handling the card insertion process then the attacker will be required to create a wireless prototype of relay card.
Cross-check the PAN on receipt and card if they match or not.2. Calculating the communication time between card and terminal by the bank : If the
communication time between the card reader and the payment card is longer than the usual then, banks can suspect a relay attack.
3. Inventing new devices to avoid entering PIN into merchant’s terminal: If customers can enter their PIN into a device they control rather than the merchant then relay attacks can be avoided to a greater extent. Such a device would also display the transaction value before the payment is processed.
13
4.3 SDA Card Cloning and ModificationStatic Data Authentication (SDA) implementation of Card Authorization Methods
(CAMs) is vulnerable to cloning as an SDA implementation does not contain cryptograms and the information on the card is same for all transactions. It is, therefore, possible to clone SDA cards but there is one more requirement to be fulfilled. The POS terminal should be “offline”. An offline terminal validates the card solely by the information on the card whereas in “online” terminal, the card is validated by sending the information to the issuer bank. Since the PIN verification is also performed by the card; counterfeit card can be programmed to accept any PIN thereby making it a “Yes” card. Thus, two conditions need to be met – SDA card (BIN- specific) and offline terminal to exploit the vulnerability. (J. 2007). Suggested Solution: Use DDA or CDA implementation of CAM. In these implementations, the card chip contains a cryptogram and the information on the card changes for every transaction. Hence, it is not possible to clone a DDA or CDA implemented card.
4.4 Attacks in Hybrid Environmenta) Magnetic stripe fallback mechanism: Countries all over the world are in migrating phase
to EMV technology. Some countries including parts of USA still support old magnetic stripe cards. Due to this EMV chip cards still have a magnetic stripe to make the card usable at older POS terminals or in situations where the chip is damaged or if the card is used abroad in countries which have not fully migrated to EMV chip technology. As a result, attackers leverage the vulnerabilities in EMV technology and magnetic stripe cards to carry out cross-border attacks. When an EMV card is inserted into the card reader. The data between card and terminal is sent in clear text. Also, the data between the terminal and acquiring bank is sent unencrypted. Man-in-the-middle attack at any of these positions can be performed to create fake magnetic stripe cards. These fake cards can be used at POS terminals in regions which are yet to migrate to EMV credit cards. (Ogundele 2012).Suggested Solution The solutions to this issue are very straightforward:
Stop producing hybrid cards (EMV chip cards having magnetic stripe at the back) Complete migration to EMV technology all over the world. Installation of EMV chip card readers at major retail outlets.
b) Replay attack: In October 2014, 3 financial institutions reported huge fraudulent credit and debit card transactions coming from Brazil. Many of the compromised accounts were those involved in Home Depot breach that occurred recently that time. All these transactions were strangely carried out via Visa and MasterCard’s network as chip-enabled transactions. However, the banks involved had not issued chip-enabled cards to their customers. A similar breach occurred in Canada soon after this incident incurring huge losses to banks involved. Fraud analysts at Gartner Inc. suspected a “replay” attack wherein attackers can copy the data on magnetic stripe card to create fake EMV chip cards. Let’s discuss how replay attack is carried out:Replay attack does not break the EMV protocol to carry out the attack rather simply leverage the implementation flaw in the EMV protocol. A hybrid card can be used to perform cross-border fraud when either the chip on the card is damaged or the POS terminal is not EMV-chip enabled. With a skimmer installed on POS terminal, fraudulent merchants can record all the cardholder information including his PIN to generate counterfeit EMV-chip cards. These cards are programmed to say “yes” to PIN
14
verification request even if the PIN is not entered. Usually, these fake cards are SDA implemented and used at offline terminals to successfully process the transaction. The know-how of this technique has already been discussed in previous sections. Attackers take the overhead of pushing magnetic stripe data onto a chip card because they know that banks do not check the cryptogram and dynamic counter code in an EMV transaction and they simply authorize the transaction. (Brian 2014).
4.5 CVM Downgrade AttackA CVM list is signed and used in Offline Data Authentication. It is believed to be
tamperproof and PIN can be harvested only is CMV method chosen by the terminal is ‘Plaintext PIN verification performed by ICC’ “The Action Codes are data elements used to specify policies for accepting or rejecting transactions, there are two types of Action Codes: Issuer Action Codes (published by the card) and Terminal Action Codes (set by the terminal). Additionally, there are three flavours of Action Codes: Denial, Online, and Default. The Online Action Codes specify which failure conditions trigger online transactions. “In CVM downgrade attack, POS terminal can be interfered with to manipulate Action Codes so that making changes in CVM list would not result in offline rejection. As a result, CVM list is modified to select ‘Plaintext PIN verification performed by ICC’ and PIN is harvested. Despite having original CVM List configuration, this attack works successfully with SDA and DDA cards. (AdamLaurie 2011).Suggested Solution: One solution to this vulnerability as suggested by researchers at Aperture Labs would require modification to CVM list to remove the option of ‘Plaintext PIN verification performed by ICC’ to stop CVM downgrade attacks. But this would disable transactions on SDA cards not possessing on-line PIN verification capabilities. (Adam Laurie 2011).
4.6 Pre-play AttackIn September 2012, a person in Mallorca, Spain reported of his stolen wallet and five
ATM withdrawals totaling upto1350 Euros within the first hour of theft. Apart from this incident, Target data breach and Neiman Marcus incidents have raised questions about the effectiveness of EMV technology. Researchers at Cambridge University, UK studied the attack methodology in these incidents and demonstrated a “pre-play” attack. Pre-play attack is similar to card cloning with the only difference that it can be used in instances where cloning is impossible. The figure gives a high-level overview of pre-play attack methodology. Pre-play attack can be pulled off in two ways:
a) Use of weak Random number generator (RNG)b) Manipulation of UN between terminal and bank
POS terminals generate unpredictable numbers (UNs) or nonce which are unique for each transaction to ensure integrity. Random number generation (RNG) algorithms or counters or timestamps are used to supply these UNs. However, the use of defective RNG makes POS terminals vulnerable to pre-play attack which allows attackers to carry out fraudulent transactions from counterfeit chip-enabled cards. Chip cards generate an authorization request cryptogram (ARQC) from its secret key plus UN and transaction data supplied by POS terminal. The POS terminal sends this ARQC, encrypted PIN and UN in PLAINTEXT to the issuing bank for verification. At this point, pre-play attack can take place as discussed below:
15
a) If an attacker can predict the UN which will be generated by a particular ATM at a particular time in future, then the attacker can force genuine chip card to generate an ARQC with that UN and future date and use that ARQC on fake chip cards to process payment transactions. (Lucian 2012).
b) Researchers at University of Cambridge, UK have suggested an effective solution to pre-play attack. They have explained the solution as discussed below: “a man-in-the-middle device between the terminal and the bank can be used to attack a system where the random number generation is sound. The attacker records an ARQC in response to the nonce N and presents it to a terminal that actually generated the nonce N0. The terminal sends the ARQC along with the transaction data and N0 to the bank; the MITM changes N0 to N, and the transaction may well be accepted. This means that a terminal infested with malware can debit your card not once, but multiple times, and for arbitrary amounts.” (Bond 2014).
Suggested Solution: One workaround to prevent a pre-play attack is that unpredictable numbers should be provided by banks instead of having them automatically generated at POS terminals. Weak RNG algorithms generate alike numbers which are very easy to predict and carry out the attack. Also, malware running on terminals or ATM could alter the UN choice. This solution was suggested by researchers at Cambridge University, UK.
4.7 Some More Solutions to Enhance the Overall Security in EMV Chip Transactions1. First Encrypt Then Tokenize: Encryption followed by provides a layered security
solution to overcome the vulnerabilities of EMV protocol thereby making it virtually impossible to steal the cardholder data. It works in following way:a) Customers inserts or taps (in the case of NFC-enabled POS terminal) the
EMV card onto the terminal. The card and cardholder are verified. The card data is sent to the terminal in clear text.
b) PAN is encrypted using session encryption and sent to the payment processor.c) Encrypted card data is received at the processor data center.d) Now. The encrypted PAN is sent to a server (uses tokenization algorithms) for
tokenization and to the bank for authorization.e) Multi-pay token is then received at POS terminal and is used to replace
original card data at all the places.f) All transactions from now on will use this multi-pay token instead of original
PAN. (First Data Corporation 2012).
16
Figure 6- Encryption + Tokenization FrameworkSource: (First Data Corporation 2012).
2. 3-D Secure: 3-D secure protocol adds an additional layer of security in CNP transactions. This 3-D secure protocol is offered by VISA by the name Verified by Visa and by MasterCard by the name MasterCard SecureCode. The issuers, vendors and networks have made some fundamental changes to the protocol to improve the overall security in CNP transactions: a) Migration to dynamic data: This requires the use of dynamic authentication
methods rather than static passwords which are easy to crack.b) Putting the merchant in control: Merchants have the freedom to choose
when to invoke 3-D Secure and on which transactions.c) Transition to risk-based authentication: This involves assessing the risk of
transactions based on data in Access Control Server and using stepped-up authentication only on those transactions which involve high risk. Cardholders no longer need to enrol for 3-D Secure eligibility. (Conroy 2014).
3. The Electronic Attorney: Customers can buy and insert a shim between their card and terminal which will protect their card information. “The shim can have a button, display, and secure storage and can decode, block, delay and alter command responses.” By using the shim, customer can reap following benefits:
Prevent relay attack as amount value is displayed before the transaction is processed.
PIN is never entered into the terminals and instead one-time passwords can be used
The customer can also choose to perform different security features such as biometric authentication. (J. 2007).
17
CHAPTER 5 VULNERABILITIES IN NFC PAYMENT METHODS AND SUGGESTED SOLUTION
In Black Hat 2012 conference held in Las Vegas, Dr. Charlie Miller, a top security researcher demonstrated various attacks which can be carried out over NFC. One was ‘Double Free’ vulnerability in Android 2.3.3 which could be leveraged to run malicious code on the victim’s device over NFC. Another demonstration depicted functional flaw in ‘Android Beam’ application in Android 4+ wherein the attacker can send and run any Android Beam file on the victim’s phone without their consent (Seltzer 2012). Following are some critical vulnerabilities in NFC-based payment transaction:
5.1. Eavesdropping: Attackers can eavesdrop on two communicating NFC devices by using an antenna capable of recording RF signals (ex. Patch loop antenna). This attack is difficult to prevent because the attacker need not intercept the whole signal; only a few percent of total signal would be enough. (Suraperwata 2013).Suggested Solution: Use secure channels; communicating devices can agree upon a key agreement protocol such as ‘Diffie-Hellman key exchange’ or ‘NFC Specific Key Agreement’ secure channel. These secure channels maintain confidentiality, integrity and availability of data exchanged between communicating devices. (Suraperwata 2013).
5.2. Man-in-the-Middle Attack: An attacker can intercept signals sent by the sender device, modify and relay them to the receiving device. However, it is extremely difficult to carry out MITM attack because of:
the close proximity of communication devices (merely 3-4 cm). the use of AES encryption algorithm for secure communication. Interference signals sent by an attacker are very easily detected by the sender
device. (Suraperwata 2013).
Suggested Solution: “Use active-passive communication mode in data exchange.” In active mode, both the communicating devices will generate RF signals whereas, in passive mode, only one device will generate RF signal at a time. In this way, the sender can listen to any unwanted third party trying to perform MITM attack.
5.3. Relay Attack: Author S. Kavya and her co-authors have explained their work in volume 3 of IJSTR wherein they have described relay attack as follows: “the attacker forwards the request of the reader to the victim and relays back its answer to the reader in real time in order to carry out a task pretending to be the sender. This attack focuses on the extension of the range between NFC token and the reader, two NFC devices on acting as a reader and other as a card emulator will be required. The victim can’t detect this as it will appear like a card in front of it. The attacker holds the NFC reader near the victim’s card and relays the data over another communication channel to a second NFC reader placed in proximity to the original reader that will emulate the victim’s card. This Security concern can be resolved using the proposed technique.” (S.Kavya 2014).Suggested Solution: Some countermeasures to prevent relay attack are:
18
Faraday Cages: Simplest preventive measure is to protect the user’s card in a box called as Faraday cage.
Incorporate distance bounding protocol to ensure that the card is within the electromagnetic field.
5.4. Spoofing: In a spoofing attack, an attacker masquerades as another entity to induce the victim to tap its device against an NFC tag that has already been compromised by the attacker. This tag contains a malicious code which then executes on the victim’s device. Some devices are configured to run the NFC commands automatically without the user’s consent. The same flaw was discovered in an Android application ‘Android Beam’ which is discussed in greater detail in the following point. (Pierluigi 2013).Suggested Solution: Always configure your device so that it asks for your permission before executing commands received via NFC.
5.5. Data Corruption: It is a type of Denial-of-Service (DoS) attack. The attacker’s motive is to destroy, block or make the data sent by the sender undecipherable to the receiver. For accomplishing this, the attacker injects noise signals into the communication channel which tend to destroy the information content in the original signals sent by the sending device. (Pierluigi 2013).Suggested Solution: One workaround to this attack is to check the RF signals during data transmission as the power required to generate noise signals and corrupt the data is higher than the power required to send it. As a result, a difference between power consumption would let the attacker detect the unwanted intruder and will stop the transmission of data automatically.
CHAPTER 6 CONCLUSION AND FUTURE GENERATION TECHNOLOGY
In summary, EMV chip technology has improved the security in payment transactions via credit card and debit card manifold but the implementation of the protocol has some flaws in it. Having those flaws fixed, could result in a very strongly secured payment card processing technology.
NFC is an efficient technology which provides secure transactions with ease of use. It is gradually gaining popularity among the masses. It is a significant improvement over RFID and consumes very low power as compared to other devices like Bluetooth. Major smartphone companies have launched their own NFC-compatible payment application and surveys have shown that number of smartphone users using such apps have increased in past 2 years. But NFC-based payments are also vulnerable to attacks.
Having said all that, I believe that technology is an ever expanding domain and new technology can overcome or at least mitigate the risks involved with EMV-chip based and NFC-based payment processes.
Following are two technologies which can be implemented in future to enhance safety in contactless payments:
19
1. Cloud POS System: A cloud-based POS system provides an efficient, low-cost and much more secure payment transaction system. The whole process is explained in the diagram as shown below. There are several advantages of switching to a cloud-based POS system:
No setup cost involved. Merchants can start receiving payments by installing applications on their phones or laptops.
Support offline mode in case of network failure. Secure transmission and storage of payment card data. Central storage space for data from multiple devices thereby simplifying
data management process. (Trend Micro 2015).
Figure 7 – Cloud Based POS architectureSource: (Trend Micro 2015).
2. Secure Element: In this system, all the payment card information is stored in a Secure Element called Protected Applet (PA) thereby bypassing the POS software completely. Secure Element handles all the transaction processing request and can be configured to share certain data with POS terminal. This will enhance the security of payment card by manifolds as the sensitive data is not vulnerable to theft by RAM Scraper malware. Secure Element cannot be infected with malware and is tamper resistant. (Trend Micro 2015)
Figure 7 – Security Element architectureSource: (Trend Micro 2015)
20
REFERENCESEMV Migration Forum. “Understanding the 2015 U.S. Fraud Liability Shifts.” http://www.emv-
connection.com/. may 2015. http://www.emv-connection.com/downloads/2015/05/EMF-Liability-Shift-Document-FINAL5-052715.pdf (accessed Aprl 3, 2016).
A SMART CARD ALLIANCE MOBILE AND NFC COUNCIL . EMV and NFC: Complementary. White Paper, New Jersey: Smart Card Alliance, 2015.
Adam Laurie, Zac Franken , Andrea "lcars" Barisani , Daniele "danbia" Bianco. EMV - Chip & PIN CVM Downgrade Attack . 2011. https://dev.inversepath.com/download/emv/blackhat_df-whitepaper.txt (accessed april 3, 2016).
Alliance, Smart Card. "EMV and NFC: Complementary Technologies that Deliver Secure Payments and Value-Added Functionality.". White paper, A Smart Card Alliance Payments Council, 2012.
Android. Host-based Card Emulation. n.d. https://developer.android.com/guide/topics/connectivity/nfc/hce.html (accessed april 3, 2016).
Apple Inc. Apple Pay security and privacy overview. 23 January 2016. https://support.apple.com/en-us/HT203027 (accessed April 3, 2016).
Bhatla, Tej Paul, Vikram Prabhu, and Amit Dua. “"Understanding credit card frauds." .” Cards business review 1 no. 6, 2003.
Bohn, Dieter. Samsung Pay works almost anywhere your credit card does. 13 August 2015. http://www.theverge.com/2015/8/13/9146965/samsung-pay-mobile-payment-credit-card-readers-date (accessed April 3, 2016).
Bond, Mike, Omar Choudary, Steven J. Murdoch, Sergei Skorobogatov, and Ross Anderson. “Chip and Skim: cloning EMV cards with the pre-play attack.” In Security and Privacy (SP), 2014 IEEE Symposium on. IEEE, 2014. 49-64.
Brian, Krebs. ‘Replay’ Attacks Spoof Chip Card Charges. October 2014. http://krebsonsecurity.com/2014/10/replay-attacks-spoof-chip-card-charges/ (accessed april 3, 2016).
CAPEC. CAPEC-398: Magnetic Strip Card Brute Force Attacks. 7 December 2015. https://capec.mitre.org/data/definitions/398.html (accessed April 3, 2016).
CardLogix Corporation. Smart Card Standards. 2010. http://www.smartcardbasics.com/smart-card-standards.html (accessed April 3, 2016).
Conroy, Julie. Card-Not-Present Fraud in a Post-EMV. White paper, AITE GROUP , 2014.
Cotignac . EMV Offline Data Authentication. 11 December 2008. http://cotignac.co.nz/emv-offline-data-authentication/ (accessed April 3, 2016).
21
Cryptomathic. “White paper EMV Key Management - Explained.” www.cryptomathic.com. 2013. https://www.cryptomathic.com/hubfs/docs/cryptomathic_white_paper-emv_key_management.pdf (accessed April 3, 2016).
Elyse, Betters. Android Pay UK explained: Release date, how it works and where it's supported. 23 March 2016. http://www.pocket-lint.com/news/135017-android-pay-uk-explained-release-date-how-it-works-and-where-it-s-supported (accessed April 3, 2016).
First Data Corporation. EMV and Encryption + Tokenization:A Layered Approach to Security. White paper, First Data Corporation, 2012.
Fiserv Inc. FAQ EMV™. 2010. https://www.fiserv.com/ext/EMV_FAQ_9-17-14.pdf (accessed April 3, 2016).
Ganeshji, Marwaha. Mobile Payments: What is a Secure Element? 1 September 2014. http://www.gmarwaha.com/blog/2014/09/01/mobile-payments-what-is-a-secure-element/ (accessed April 3, 2016).
Mobile Payments: What is HCE? 20 september 2014. http://www.gmarwaha.com/blog/2014/09/20/mobile-payments-what-is-hce/ (accessed april 3, 2016).
Guy, Berg. Fundamentals of EMV . n.d. http://www.smartcardalliance.org/resources/media/scap13_preconference/02.pdf (accessed April 3, 2016).
Homes, Tamara E. Credit Card Fraud and ID Theft Statistics. 16 September 2015. (accessed April 3, 2016).
Host Merchant Services. EMV Transaction Authorization. 2014. https://www.hostmerchantservices.com/articles/emv-articles/emv-transaction-authorization/ (accessed April 3, 2016).
J., Murdoch Steven. EMV flaws and fixes: vulnerabilities in. 2007. http://sec.cs.ucl.ac.uk/users/smurdoch/talks/leuven07emv.pdf (accessed april 3, 2016).
John, Kiernan. Credit Card & Debit Card Fraud Statistics. n.d. http://www.cardhub.com/edu/credit-debit-card-fraud-statistics/ (accessed April 3, 2016).
Kumar, Anurag. “NEAR FIELD COMMUNICATION.” http://dspace.cusat.ac.in/jspui/handle/123456789/2214. 9 February 2011. http://hdl.handle.net/123456789/2214 (accessed April 3, 2016).
Lucian, Constantin. EMV protocol flaw allows 'pre-play' attacks against chip-enabled payment cards, researchers say. 11 September 2012. http://www.pcworld.com/article/262197/emv_protocol_flaw_allows_preplay_attacks_against_chipenabled_payment_cards_researchers_say.html (accessed april 3, 2016).
22
Megan, Geuss. How Apple Pay and Google Wallet actually work. 29 October 2014. http://arstechnica.com/gadgets/2014/10/how-mobile-payments-really-work/ (accessed April 3, 2016).
Michael, Kassner. Anatomy of the Target data breach: Missed opportunities and lessons learned. 2 February 2015. http://www.zdnet.com/article/anatomy-of-the-target-data-breach-missed-opportunities-and-lessons-learned/ (accessed April 3, 2016).
Murdoch, Steven J. Chip & PIN (EMV) relay attacks. 6 February 2007. https://www.cl.cam.ac.uk/research/security/banking/relay/ (accessed March 30, 2016).
Ogundele, Oludele, Pavol Zavarsky, Ron Ruhl, and Dale Lindskog. “Fraud reduction on emv payment cards by the implementation of stringent security features.” Int J Intell Comput Res (IJICR) 3, no. 1/2, 2012: 252-262.
Pannifer Steve, Dick Clark, Dave Birch. “HCE and.” Consult Hyperion. june 2014. http://www.chyp.com/wp-content/uploads/2015/01/HCE-and-SIM-Secure-Element.pdf (accessed april 3, 2016).
Pierluigi, Paganini. Near Field Communication (NFC) Technology, Vulnerabilities and Principal Attack Schema. 18 june 2013. http://resources.infosecinstitute.com/near-field-communication-nfc-technology-vulnerabilities-and-principal-attack-schema/ (accessed april 3, 2016).
S. J. Murdoch, S. Drimer, R. Anderson, and M. Bond. “"Chip and PIN is Broken".” Security and Privacy (SP), 2010 IEEE Symposium on. Oakland: IEEE, 2010. 433-446.
S.Kavya, K.Pavithra, Sujitha Rajaram, M.Vahini, N Harini. “Vulnerability Analysis And Security System For.” INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VOLUME 3, ISSUE 6, 2014: 207-210.
Seltzer, Larry. NFC Phone Hacking and Other Mobile Attacks. 25 July 2012. http://www.informationweek.com/wireless/nfc-phone-hacking-and-other-mobile-attacks/d/d-id/1105508 (accessed april 3, 2016).
Smart Card Alliance. NFC Resources. n.d. http://www.smartcardalliance.org/smart-cards-applications-nfc/ (accessed April 3, 2016).
Steven J. Murdoch, Saar Drimer, Ross Anderson, Mike Bond. “Chip and PIN is Broken.” Security and Privacy (SP), 2010 IEEE Symposium on. Oakland, CA, USA: IEEE, 2010. 433 - 446.
Suraperwata, Aulia Virnanda, and Ika Yul Pratiwi. “Solutions to Near Field Communication (NFC) Vulnerabilities Against Interception Type Attacks.” 2013.
Trend Micro. Next-Gen Payment Processing Architectures. 1 August 2015. http://www.trendmicro.com/vinfo/us/security/news/security-technology/next-gen-payment-processing-architectures (accessed april 3, 2016).
23