Banks: sink or swim with FinTech players

November 30, 2015
/   Voices

Banking institutions must engage with emerging financial technology (FinTech) companies or risk being left behind by an industry that is currently undergoing one of the largest transformations ever seen.

Winning the Customer

November 27, 2015
/   Spotlight

It’s exhausting just trying to keep pace, let alone stay ahead. Every provider in every business feels the pinch.

Five ways payments will be different in 2024

November 24, 2015
/   Voices

Predicting the future of cash and card payment volumes is arguably a fool’s errand – but Payments UK, Britain’s new trade organisation for the industry, is in a good place to have a go...

Contactless cards: Opt-in or opt-out?

/   Voices

Australia is toying with the idea of creating an opt-in function for contactless cards, in a move that highlights the problems around coping with new payment technology and how fraud risks are handled.

Five EMV lessons for the US

/   Voices

The EMV liability shift has occurred in the US, so what can we expect to see happen in the coming months and years as a result of this change?

Cause and Effect: If you build it, will they come?

July 23, 2014
/   Spotlight

Many financial institutions assume that digital banking is lucrative because the most valuable customers happen to bank online. While there is certainly a correlation between online bankers and higher profitability, quantitative evidence suggests that...

Fast Facts: Student Loans

January 22, 2013
/   Insights

The Financial Services Roundtable recently released another iteration of its Fast Facts, reliable, bullet-point research about issues facing the financial services industry. Topics span TARP, Dodd-Frank, insurance, lending, retirement savings and more.  Below are some updated Fast...

Intuit 2020 Report: The Future of Financial Services

April 11, 2011
/   Insights

Today, Intuit released the latest edition of the Intuit 2020 report, Intuit 2020 Report: The Future of Financial Services, which identifies and examines four key trend areas that will  transform the financial services industry...

The Top 10 Trends in the Digital Banking Industry

December 18, 2013
/   Spotlight

2014 is rapidly approaching and as the year wraps, the Digital Insight team has pulled together the top 10 trends in the digital banking industry based on data and trends from studying financial institutions....

Making Banking Fun: Gamification in Financial Services

August 5, 2013
/   Insights

Recently, the team sat in on American Banker’s webinar, “Gamification in Financial Services: Five Proven Ways to Get an Edge,” which shared how leading brands in financial services have applied gamification to reach...

Technology M&As: The Beats Go On

May 29, 2014
/   Insights

The ongoing fascination with Apple’s $3 billion purchase of Beats Electronics is entirely understandable, because it’s a cool story. However, it also says a lot about what’s going on between finance and tech.

Small Business: Perception vs. Reality

November 21, 2012
/   Insights

In the most recent election cycle, like most others before it, the one sector of the economy that got the most attention was small business.  This is the future, we were told by every...

What We’re Reading

May 5, 2011
/   Spotlight

Below are interesting stories the staff has been reading over the past week. What have you been reading? Let us know in the comments section below. Virtual Banking Worlds Provide Tangible Lessons American...

What We’re Reading: Thanksgiving Edition

November 22, 2012
/   Spotlight

Below are interesting stories the staff has been reading over the past week. What have you been reading? Let us know in the comments section below or Tweet @bankingdotcom. Mobile Thursday? Plans for Thanksgiving...

As the US comes out of its first post-EMV liability shift months, it’s worth looking at how chip cards have evolved over the years to improve security and how lessons learnt in other countries have made smart cards more secure than ever. While EMV cards are undoubtedly more secure than traditional mag stripe cards, there have been, and continue to be, certain vulnerabilities that can be exposed by fraudsters.

Researchers have detailed one such case in France that they say is the “most sophisticated smart card fraud encountered to date”.

It was a highly complex attack, but essentially it saw fraudsters embed two chips in payment cards to carry out man-in-the-middle style attacks. These were card-present frauds that managed to nullify the PIN. The fraud, which took place over several months from 2011 to 2012, caused a net loss of €600,000, involved over 7,000 transactions and featured 40 modified cards.

A paper from the École Normale Supérieure and the Centre Microélectronique de Provence analysed the fraud and produced some important findings for our understanding of card security today. Cards were fixed with a second, fake, chip that communicated with point of sale (POS) terminals – the so-called man in the middle. Remarkably, when the POS terminal communicated with the card to check if the PIN entered was correct, this spoof chip could give a positive answer no matter which four digits were entered on the keypad.

If anything it shows the sheer lengths to which fraudsters have been forced to go to since the introduction of EMV cards. The authors of the French report say: “This case shows that organised crime is following very attentively advances in information security. We also noted that producing the forgery required patience, skill and craftsmanship.”


The report notes that the attack could not happen today, thanks to the activation of a new authentication mode – CDA, or Combined Data Authentication, as well as “network level protections acting as a second line of defence”. The authors noted: “Until the deployment of CDA, this fraud was stopped using network-level counter-measures and PoS software updates.” They add, that “as a rule of thumb, an unmalleable cryptographic secure channel must always exist between cards and readers”.

CDA explained

What this study also makes clear is the importance of CDA, which is really transforming payment security and making fraud a lot harder. It works in the same way as Dynamic Data Authentication, but adds an extra layer of protection against man-in-the-middle attacks. During a transaction, the first part of the processing for CDA works in exactly the same way as standard DDA. But during card action analysis, the chip card generates a second dynamic signature which the terminal must verify.

It’s this combination of secure authentication that is stamping out card-present fraud. While chip cards don’t cure all the ills of payment card fraud, the emergence of processes such as CDA means the criminals have to go to increasingly difficult lengths to achieve a profit.

The next step for EMV cards is to be able to deliver a similar level of security in the card-not-present arena.


Insights’s perspective on industry news and trends



Must-read news and insights from financial industry leaders



Compelling voices and contributed content from around the web

James W. Gabberty

Gabberty is a professor of information systems at Pace University in New York City. An alumnus of the Massachusetts Institute of Technology and New York University Polytechnic Institute, he has served as an expert witness in telecommunication and information security at the federal and state levels and holds numerous certifications from SANS & ISACA.

Brad Strothkamp

Marisa Mann

Marisa Mann brings over 15 years of experience in consulting and financial services industries to the Solstice team, working on large scale enterprise initiatives across many technologies, including specializing in the digital space – Internet and mobile. Mann is passionate about mobile and the endless possibilities for the enterprise, delivering business value through strong brand recognition and driving to excellence in the consumer experience. Prior to Solstice, Mann worked at JP Morgan Chase, Diamond Management and Technology Consultants, Washington Mutual, Inc, and Accenture.

Zachary Ehrlich

25-year-old writer, and as a native San Franciscan, I am unreasonably loyal to Bank of America, if only for their superhero-like origin story, involving the 1906 earthquake and Italian fruit vendors.