First contact. Attacks against contactless cards

Technologically, the NFC set of protocols is a successor to the EMV standard; therefore, attacks on contactless cards are similar to those targeting EMV cards. Most of them exploit the backward compatibility and other shortcomings of the main EMV mechanisms: authorization, authentication, and verification.

After testing a few dozen cards, I was shocked by the scope of problems plaguing banks. None of these problems were solved since the early 2000s; furthermore, after the introduction of contactless payments, their severity increased greatly. A distinct feature of frauds involving contactless cards is that they are difficult to prove since the attacker doesn’t need physical access to the victim’s card. Therefore, banks often dispute such customer complaints.

Legacy

Researcher Peter Fillmore was the first to draw public attention to the insecurity of contactless legacy modes back in 2014.

What are contactless legacy modes and why were they introduced in early 2010s?

Legacy modes are special modes developed for terminals unable to use modern cryptography. The biggest market of such terminals was in the USA. Also, the backward compatibility makes it possible to use cards and terminals supporting the modern cryptography in legacy modes. Just imagine that your advanced chip-based card can be used for magnetic stripe-based payments: this example perfectly illustrates the level of insecurity inherent in the legacy modes.

In the legacy MSD (Magnetic Stripe Data) mode, Visa cards simply transmit Track2 Equivalent with a dynamic CVV field that changes ‘from time to time’. In other words, the same CVV can be used more than once. This mode also has a defect making it possible to use an incorrect source of CVV2 value field. It means that data read from the magnetic stripe, chip, or contactless chip of a payment card can be recorded and reproduced by a special application using the NFC protocol, and the bank will consider this a legitimate contactless transaction. Russian programmer Dmitry Holodov developed an app allowing you to read magnetic stripe data from your Visa card, save it on an Android smartphone and use this phone to make contactless payments.

MasterCard goes a little further: in its legacy mode called PayPass M-Stripe, the card accepts a random UN number from the terminal, uses an ATC counter, and generates the CVC3 authorization field based on these data. Then the terminal creates a dynamic Track2 Equivalent using the above values and sends it to the bank for payment authorization.

The main weakness of this mode is low entropy of the UN field and the absence of other fields for entropy (e.g. payment amount or transaction date). A UN value can occupy from 3 to 5 bytes, and each byte consists of only numbers. Accordingly, 999, 9999, or 99,999 different UN values can be transmitted to a card. In the first two cases, an attacker can hold a cellphone with a special app close to such a card and quickly clone all transactions that potentially can be made with it

Then the attacker makes a payment on a terminal that supports the M-Stripe mode using the phone with the cloned transactions. The terminal generates a random UN field, the phone searches its transaction database for the correct ATC/CVC3 pair corresponding to this UN and returns it to the terminal.

It’s necessary to keep in mind that payment systems recommend to keep track of the ATC values, to ensure that they are coming sequentially and not accept transactions with significant fluctuations of these values. If the antifraud systems are configured correctly, the attacker won’t be able to make more than one payment because, for the next payment, the value of the random UN field will result in a random value of the ATC field, either much higher or lower than the previous one. However, if the antifraud systems are configured to please ‘angry buyers’, then the attacker gets a fully-featured clone of the card that can be used multiple times.

Another potential abuse of the M/STRIPE mode discovered by the researchers is as follows: the attacker makes the terminal believe that the UN field size is 0. Accordingly, the terminal returns only one possible value: UN = 00000; and there is only one ATC/CVC3 pair corresponding to it. In this situation, cloning the card is as easy as apple pie.

Over the last 4 years, I found at least 3 banks supporting MasterCard legacy modes; one of them allowed to make transactions with UN=0. Also, at least two banks allowed transactions in the completely insecure Visa MSD mode.

The implementation of legacy modes is a great example of practicability of attacks used by fraudsters in the real world. For instance, attacks on Visa cards are still very popular and widespread: to make contactless payments with Visa cards, you can use Track2 or Track2 Equivalent data available for sale on special forums.

The legacy mode used by MasterCard also has vulnerabilities that can be exploited by attackers. However, it’s much more difficult to deliver such an attack in real life because it requires physical access to the victim’s card, at least for a minute. That is why such attacks are very rare.

It’s necessary to note that most digital wallets (GPay, Samsung Pay, custom HCE (Host-Card Emulation) Android apps emulating cards, etc.) also support the M-Stripe and MSD modes.

Cloning cards and transactions

It’s not possible to clone EMV contactless cards so that their transactions could be authorized online. Attackers and researchers haven’t invented yet a method allowing to extract cryptographic keys to create payment cryptograms. However, this is not the only way to create a functional clone of such a card:

• Track2 Equivalent can be recorded to a magnetic stripe to make payments in regions where magstripe transactions are common or the fallback mode is still available.
• the Cryptogram Replay technique can be used to clone transactions; or 
• a fully functional clone of a card or a clone of a limited number of transactions can be created using vulnerabilities of the legacy modes described above.

Bypassing cardholder verification

For the last 15 years, most studies on EMV/NFC insecurities were primarily focused on cardholder verification methods (CVM). Bypassing CVM is directly related to other security flaws: authorization and authentication. Such attacks are not very popular due to the same reason: the attacker needs physical access to the card. In the official statistics, this type of scam is called “Lost & Stolen”.

Cybercriminals can change the verification method at different stages of payment processing using the MITM (man in the middle) attack. The most common variants of this attack are described below.

Substitution between the terminal and the acquiring bank

This type of attack is called a transaction stream fraud: hackers substitute transaction data when these are transmitted from the payment terminal. As a result, the issuing bank approves the transaction, although it’s not supposed to. Transaction verification can be performed in two ways.

1. Substitution with an offline PIN. This scheme is not applicable to contactless cards because it requires to tap the card twice during the payment. Not a single payment system was ready to this after the 2010s, when the number of terminals connected to the Internet has nearly approached 100%. However, our team identified five banks that authorize transactions if the declared verification method is “offline PIN”.

2. Substitution with an online PIN. If the payment authorization request indicates that an online PIN was selected, but the request field doesn’t contain the encrypted PIN, one of the surveyed banks authorizes the transaction anyway.

One might ask: if fraudsters use their own terminals, shouldn’t it be easy to track them down? Unfortunately, this is not always the case. For instance, the Brazilians mentioned in the article by Brian Krebs managed to escape and launder the stolen money prior to being captured by the FBI.

Substitution between the phone and the terminal

Substitution with signature

The second most popular (after the online PIN) cardholder verification method is signature substitution. Many cardholders are aware that instead of entering the PIN code, the card may by default request to affix a signature on the receipt. This scheme is called Chip & Signature (similar to Chip & PIN), and it came from America.

If a malefactor changes the verification type from PIN to signature and then puts a cross on the check (or an inattentive cashier doesn’t ask for an autograph), the cardholder can claim a refund if it can be proven that the operation was performed by somebody else. (However, no one can guarantee that the money will be actually refunded.) By contrast, if it’s proven that the PIN was entered and correctly verified for a card issued in Europe, the liability will be on the cardholder.

Specialists at Aperture Lab were involved in technical expertise of fraudulent card transactions for many years. They collected data on fraudulent transactions to prove to banks and judges that fraud victims were not involved into malicious activities (e.g. that payments were made without a correctly entered PIN or using a precloned cryptogram).

Substitution with a digital wallet or NoCVM

In addition to the two most popular verification schemes for contactless chip cards, terminals can accept several more nonstandard cardholder verification mechanisms. First, the attacker can tell the terminal that the card is not a card, but a mobile wallet (e.g. Apple Pay). In such a situation, most terminals won’t require the malefactor to enter the PIN code or even affix a signature on the check. The same happens if you select NoCVM as a verification method.

Our team has demonstrated this vulnerability for contactless Visa cards back in 2019. Concurrently, we have shown the security flaws in CVM mechanisms using cards issued in Russia, EU, USA, and UK. Later, researchers at the University of Zurich applied our methods to Swiss cards with minor changes reflecting the specificity of the European market. Their findings confirmed our earlier conclusions with regards to Visa cards.

Unlike Visa, MasterCard verifies the integrity of the selected CVM verification methods during the offline data authentication. This procedure is mandatory for every contactless MasterCard. Also, the field responsible for the digital wallet is a part of the payment cryptogram, and if it’s altered, the transaction will be rejected.

However all these security mechanisms went out of the window once the same University of Zurich researchers have found a way to present MasterCard cards to terminals as Visa cards. Using this Card Brand Mixup Attack, hackers can bypass cardholder verification methods and downgrade them to insecure ones even in the latest MasterCard cards.

PSD2 and card fraud in Europe

Each country has its own recommendations on NoCVM limits (i.e. small transactions that don’t require cardholder verification). This scheme is called Tap & Go. In the UK, it was £30 prior to the COVID outbreak, and currently it’s £45.

Each store and acquiring bank can set any limits for their terminals. However, taking that they are liable for any risks associated with potential NoCVM fraud, most banks and vendors don’t want to attract scammers by raising their limits above the standard level.

The most popular fraud scheme involving stolen contactless cards is simple: the malefactor goes to a store and makes a purchase using the above-mentioned Tap & Go scheme. In 2019, the total scope of such scams in the UK was ‘mere’ £10 million. The point is that scammers can make as many transactions within the NoCVM limits as they want until the card is blocked. The most arrogant crooks ask cashiers to split a large purchase into several ones under £30, thus, bypassing the national limits.

To counter this type of fraud, the European regulator has issued a set of new laws called PSD2 (Payment Service Directive, version 2). One of the main requirements relates to the cardholder verification frequency (Strong Customer Authentication). The regulations introduce cumulative limits for Tap & Go contactless transactions, and since 2020, issuing banks limit the number of transactions under the Tap & Go limits. The banks calculate the total amount spent and request the PIN code either every five transactions or after the cardholder spends the equivalent of the maximum amount set for five Tap & Go transactions (e.g. £225 in the UK or €250 in France). In most European countries, this procedure isn’t too annoying for cardholders, but in the UK, so-called hard limits are in place: to make a payment that requires the PIN code or signature, the purchaser must insert the card with a chip into the terminal.

The new legislation is slowly spreading across Europe. As soon as I have got enough cards operating in accordance with the Cumulative Limits rules, I started checking how efficient these rules are and how can they be bypassed using known vulnerabilities or their new variations. One of our recent studies has shown that the oldie-goodie PIN OK attacks, verification substitution for Chip & Signature, and Transaction Stream Fraud make it possible to ‘reset’ the established limits (i.e. £225 or €250). If hackers have victims’ cards and special terminals on hand, they can make payments in stores in excess of the established limits by ‘resetting’ these limits on a regular basis using special compromised terminals.

Conclusions

Three years of painstaking work with card transactions taught me a lot. The risk-based approach accepted in the payments industry forces banks and other market players to support obsolete forms of payment simply because “customers want so”. As a result, I made an exciting journey into the world of card fraud, found dozens of vulnerabilities in various banks and payment systems, learned to understand ISO-8583, emulated examples of transaction fraud, and mastered other innovative and unusual attack techniques. Hopefully, these dark secrets will forever remain within the walls our lab.