Vulnerability in microchips
Are we ahead of the curve?
Globally, financial institutions particularly banks spend a lot of their time, and money to protect information. One of the easiest ways the hackers get access to people's information is via their card. For years, their safeguard protocol consisted of imprinted digits and a signature field, but now you will find most of the debit and credit cards are issued with smart chips and PIN/password verification to stand guard.
The new chip and PIN cards (an EMV standard) promised greater security than simple magnetic stripe cards but no sooner were they deployed than criminals tried to break their protection. The banking industry spends a lot of effort, time, and money to protect bank cards. For years, their protection consisted of printed digits and a signature field, but now smart chips and one-time passwords stand guard between your money and the criminals who want it.
In 2010, their secure chip product family by the name of SLE66 series security was compromised and the security vulnerability was demonstrated by an independent researcher C Tarnovsky.
Recently in Nov'17, Estonia and Spain citizen ID cards which were using Infineon's secure chip platform were security compromised. A team of researchers discovered vulnerability (Return of Coppersmith's Attack / ROCA) in a generation of RSA keys used by a software library adopted in cryptographic smart-cards, security tokens and other secure hardware chips manufactured by Infineon Technologies AG.
This weakness has far-reaching security consequences in electronic government documents like electronic passports, driving license, national id card…to name a few. A recent case of a German semiconductor company by the name of Infineon, whose security of the chips used in various government documents and banking products have been compromised.
Bangladesh government should give due attention to such developments. Several of the national Identity documents like National ID Card, Electronic Passport, and Driving License are already in pipeline. These will be based on secure smart card chips.
But what are the easy ways to stay safe? Researchers have two simple tips for cardholders who want to stay safe. Firstly, never ever enter PIN twice in a transaction. If you see an error and get a request to enter your PIN again, cancel the transaction, take out the card, insert it again, and enter your PIN once more (and only once).
The second tip is not applicable in all countries, but it's interesting. NCR experts have a high opinion of mobile payment systems security (like Apple Pay), so playing with your watch or phone can be more secure than using the credit card. We don't have those in Bangladesh yet, but still, we thought you should know. After all, at the end being safe is all that matters/.