---------- Forwarded message ---------- Sender: efc-talk-owner@insight.cas.mcmaster.ca Subject: summary of recent meeting with top Mondex officials Date: Mon, 24 Aug 1998 14:07:40 -0400 (EDT) To: efc-talk@insight.cas.mcmaster.ca From: David Jones <djones@insight.cas.mcmaster.ca> Mondex meeting I would like to give a brief synopsis of the meeting that I attended two Fridays ago (August 14th) in Toronto. Present were: Joanne De Laurentiis, President & CEO, Mondex Canada David Phillips, Vice-President, General Counsel, Mondex Canada Deen Farouk, Director, Mondex Canada Mark Tonnesen, Executive Vice-President, Card Services, Royal Bank David Braidwood, Senior Manager, Standards and Security, Royal Bank Martyn Cooper, Senior Manager, Smart Card Industry, Royal Bank Ann Cavoukian, Privacy Commissioner of Ontario Carol Markusoff, Policy Analyst, Ontario Privacy Commission Peter Hope-Tindall, XL Consulting, Special Advisor to Privacy Commissioner David Jones, President, Electronic Frontier Canada The purpose of the meeting was to have an open discussion about privacy and security of the Mondex electronic payment system. As most of you probably know, Mondex value can be transfered between smart-cards to make purchases and new value can be downloaded onto the cards from bank ATMs or over the phone. For some (highly critical) background, please see: "Mondex: A House of Smart-Cards?" http://www.efc.ca/pages/media/convergence.12jul97.html What actually prompted the meeting was an article that appeared this summer in the June issue of the Financial Post Magazine. "Mondo Mondex" http://www.efc.ca/pages/media/financial-post-magazine.01jun98.html The meeting got off to an amusing start as two bankers remarked that I wasn't wearing a tie, although I must say I thought I was dressed quite fashionably, ... for a professor. I made some remark about "casual Fridays", but it didn't seem to help. The fact that I had taken a *bus* in from Hamilton that morning also seemed to be another clear indication to all present that I didn't hang around in the same circles as these senior bankers. I must say, it was a very cordial, informative, and interesting meeting. Everyone was quite charming and clearly expert in their own fields. They outlined the different roles that the banks and Mondex play in the system, including a separate corporate entity called the "Mondex Canada Originator" that actually "prints money", in the sense that it issues *new* value on Mondex cards. This is the only place this occurs: the banks, merchants, and consumers merely push value around in the system, from card to card. Interestingly, the "Mondex Canada Originator" is not recognized as a bank, and is not even recognized as a financial institution by Canadian authorities. The "float", the account holding real Canadian dollars to back up "value" stored on cards, is invested to earn a profit, but is *not* backed up by any federal deposit insurance. The current implementation of the Mondex system uses a well-known "symmetric" encryption algorithm for security, implemented on a Hitachi H8/3102 chip. Interestingly, the value of transactions is transferred "in the clear" between cards. Encryption is used for digital signatures. Each card has a transaction log that stores the following information about up to 10 transactions: PID,AMT,NAR,AMT,CUR,TIM,SEQ1,SEQ2 PID = purse ID of the *other* card NAR = 12 characters of "narrative" information (e.g. customer/vendor name) AMT = amount of value transferred CUR = currency used TIM = timestamp (from retail machine or consumer wallet, may be inaccurate) SEQ1= unique transaction sequence number for *this* purse SEQ2= unique transaction sequence number for the *other* purse It's at this point that the privacy commissioner, Ann Cavoukian, started asking questions about how this transaction data gets used. Although merchant terminals are able to capture all of this information, and even have a modem to transmit it back to banks, we were told that this is not done in Guelph, in part because there is not (yet) any software on the bank end to process the data. There was also the suggestion that, in the future, Mondex might choose to rely on contractual limitations on the use of the data to prevent some vendors (e.g., Walmart) from using the information for data mining. I am fairly willing to accept that there are not any terrible privacy problems with Mondex in Guelph *today*, but it is much more murky when we look to the future and imagine how the system may eventually be used. When discussing security and the potential for "hackers" to create counterfeit Mondex value, it became apparent that the banks themselves are doing nothing at all to deal with security. It seems to me that a good analogy could be made with how banks deal with credit cards: They depend on the credit card company to worry about security and fraud. With Mondex, the banks are relying on the chip's use of encryption and their "tamper-resistance" (meaning they are supposed to lock up if you mess around with them). Only the "Mondex Canada Originator" has a "crude" risk management system, which monitors that balance of funds sitting in the "float" account and monitors uploads and downloads between banks and merchants/customers. If usage patterns deviates outside normal fluctuations, on the order of 3-4%, then an alarm is raised to investigate. In the Guelph pilot, this alarm has gone off "about 5 times", (false alarms, since there has not been any fraud). In the "unlikely" scenario, that counterfeit Mondex value is created, the system is supposed to be able to contain the flow of fraudulent value and limit the damage that might occur. It is surrounding this point that there seems to be a great deal of confusion and contradictory information coming from Mondex. For instance, on their web site, Mondex says: Detection: On-Chip Security The Mondex chip has its own risk management measures, built-in to the chip itself. The chips are programmed to automatically react to 'unusual' card behaviour, such as very high levels of value redemption and temporarily close down. URL= http://www.mondex.com/mondex/cgi-bin/... .../printpage.pl?fname=../documents/detection.txt&doctype=genp Well, as far as I can tell, based on what I heard at the meeting, the statement above is not correct. On a related page, Mondex says: Recovery: Rogue Cards Naturally cards identified as being unauthorised, reported stolen, or potentially fraudulent can delinked immediately from the banking system. URL= http://www.mondex.com/mondex/cgi-bin/... .../printpage.pl?fname=../documents/recovery.txt&doctype=genp It turns out this statement, as far as I can tell, is also not correct. The "Mondex Canada Originator" has no authority and no technical ability to "delink" a card. The Banks also seem to lack the ability to remotely deactivate cards through their ATMs. I asked how many times cards in Guelph had been locked out because of suspicious behaviour. I was told "zero times". On an interesting technical note, we were told that Mondex cards use a seven-step protocol to transfer value from one card to another. It is not possible to "create" value by interrupting a transaction, but it is possible to "destroy" value, if one card has debited its value records before the other has credited its value. In such a case, the card is supposed to keep a record of this "exception", so the bank can later re-imburse the consumer for the lost value. We were told that approximately $4,600 has been paid out to customers for such failed transactions. To put this in context, so far about $2 million has been issued on Mondex cards in the 18 month pilot study, so this means roughly 0.25% of value gets destroyed by errant transactions. The discussion about security explored various "scenarios" about how someone might try to extract value from the system, assuming that it was even possible to "hack" a Mondex card. This so exasperated the Exec VP with the Royal Bank, Mark Tonnesen, that he turned to me and said, "Look, I'll pay you $100,000 if you can create fake Mondex value". Hmmm, maybe I'll just take him up on his offer. ;-) ;-) -- David Jones - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Prof. David G. Jones president, Electronic Frontier Canada McMaster University email: djones@efc.ca Dept of Computer Science web: http://www.efc.ca/ 1280 Main St West office: +1 (905) 525-9140 ext. 24689 Hamilton, ON, Canada L8S 4K1 fax: +1 (905) 546-9995 -----------------------------------------------------------------------------