As the play unfolds, the diner is coming to an end:

The diner cardholder presents her card to the waiter who has the point-of-sale terminal in hand. The waiter inserts the card into the terminal. The terminal authenticates the identity of the chip card and the chip card authenticates the identity of the terminal as well. After all, “Don’t talk to strangers” holds for cards and terminals just as it does for people. So, once the two devices have established a sufficient level of trust to continue, they do. In the course of the authentication operations, the credit card and terminal may have agreed upon the necessary keys to establish a private, trusted channel between the two, because even though the credit card is inserted into the terminal, it’s still possible that someone is eavesdropping on the conversation. Hence, this constitutes one of the threats (plot twists) in this story. So, assuming that the communication channel is private, the terminal now asks for the account number of the cardholder that is stored on the card. This account number is then validated by the point-of-sale terminal. An amount to be charged to this number is displayed on the screen of the point-of-sale terminal.

Now, the cardholder is asked to enter her Personal Identification Number (PIN) into the terminal. A point-of-sale terminal is certified, by the vendor that provides it, to guarantee secure personal identification number entry. If the correct personal identification number is entered, then an authorization operation is conveyed from the card to the terminal indicating that the cardholder allows the amount indicated on the point-of-sale terminal screen to be charged to the indicated account number. Because of the certification processes that the credit card and the terminal went through before being commissioned, the cardholder cannot repudiate the transaction, which means that it bears legal and fiduciary value. Once this is done, a receipt is printed by the terminal that can be given to the cardholder for confirmation of the transaction.

So, all in all this comprises a rather standard script. It is followed by a myriad of terminals acting on behalf of a plethora of restaurants around the world dealing with a multitude of diners using credit cards with embedded secure cores. So, what are some of the twists to the plot, the threats that the card and terminal are wary of?

Well, within the context of a script like this, the most common threats are the fraudulent expression of identity on the part of the terminal, the card or the cardholder. Depending on which of these identities is actually counterfeited, the end result can be a problem for any of the parties involved. For that reason, several layers of security measures are present, each presenting an answer to a possible attack. For example, the card will refuse to divulge information to the terminal before it has obtained from it proper credentials of the kind we discussed earlier when we presented private and public key infrastructures. Reciprocally, a terminal will refuse to communicate with a card that itself does not present proper credentials. Therefore, any threat that the card is not an accredited card, or that the terminal is fraudulent, is eliminated as far as transmission of information between the two is concerned. As this information is needed for the bank to provide credit, the threat of an improper financial transaction is covered. However, the next level of threat is if the credit card and the restaurant terminal are both genuine, but the credit card doesn’t actually belong to the diner. The mechanism to guard against that is the personal identification number, working on the assumption that if the card has been found or stolen, it is unlikely that the fraudster also obtained the access personal identification number. Therefore, the terminal asks for the personal identification number of the card before effectuating the transaction

Book available at Midori Press (regular)
Book available at Midori Press (signed)
Book available at Amazon (regular)