[LINK] Chip vs mag stripe [was: Consumer Credit-Card Risks]
swilson at lockstep.com.au
Thu Jan 14 09:36:50 AEDT 2010
Jan Whitaker wrote:
> At 11:49 AM 13/01/2010, Stephen Wilson wrote:
>> Now, do you mind if I push the envelope a little? The reason chip cards
>> are important in payments is that, one way or another, they protect the
>> integrity of the cardholder account number and other details, as
>> transmitted with the user's consent (PIN), from the card to the
>> terminal. The details are encrypted (signed if you will) between the
>> chip and the terminal, which stops replay attack and thwarts ID theft.
>> More subtly, by increasing the dependability of those details, it means
>> that in princple less personal information is needed to corroborate a
> But wouldn't this protection only be the case if there were no
> magstripe that included the 'same' info as the chip? What I'm getting
> at is that the magstripe is still needed as long as the chip readers
> aren't ubiquitous.
Yes indeed. But the chip can contain different (additional) and
unskimmable information from that in the stripe. Moreover, receiving
parties can tell the difference between personal data that has been read
off a static stripe versus that presented dynamically by a chip, which
opens up new possibilities.
For illustration, when a doctor creates an electronic Medicare claim
relating to services they provided me, my Medicare number needs to be
input. Today it's picked up from a local database, or manually
entered. A level of Medicare fraud occurs because there are no
protections around the Medicare number entered. One way to curtail this
form of fraud is to involve a smartcard at the time of service, and use
a private key in the chip to digitally sign the claim, so as to bind a
genuine Medicare number. A Medicare number presented from a chip by way
of a digital signature cannot be replayed or made up. Any software
downstream can tell the difference between a Medicare number presented
cryptographically from a chip, and a number that has been manually
entered or transcribed.
I advocate protecting new health identifiers this way (be they national
"cradle to grave" IDs, commercial health record IDs or whatever). In
some use cases, the health ID might be entered/transcribed as a simple
"naked" number, but in others, it might be presented by way of a digital
signature. Different presentations could be matched to different use
case scenarios depending on risk; different levels of service might be
made available depending on the mode of presentation.
I rail against the idea that impending Health Identifiers be treated
like static numbers. A few years ago NEHTA used to say that it wouldn't
matter how individuals kept their Health ID; you could write it down, or
save it to a USB stick, or have it on magnetic stripe. In essence this
would treat Health IDs no differently from credit card numbers. I even
heard it said that the Health ID could be a log-in identifier for
accessing ones own EHRs. Yikes! This style of authentication is
completely obsolete in banking, but at least there you can get a credit
card number cancelled and re-issued. It beggars belief that health IDs
rolling out in the next few years could follow security practices that
were broken years ago.
Lockstep Consulting provides independent specialist advice and analysis
on digital identity and privacy. Lockstep Technologies develops unique
new smart ID solutions that enhance privacy and prevent identity theft.
More information about the Link