Contactless Smart Cards, RFID, Payment, Transit and Security

MasterCard Worldwide says all chip-based payment products must be DPA-protected by Cryptography Research

Thursday, May 14, 2009

MasterCard Worldwide and Cryptography Research announced an agreement that ensures future chip-based MasterCard payment products will be licensed by Cryptography Research and thus secured against Differential Power Analysis (DPA) attacks.

Cryptography Research identified the smart card vulnerability known as DPA and then patented countermeasures to protect chips against the attack. The company has been working to encourage semiconductor manufacturers and chip card suppliers to sign license agreements (and pay license fees) for products utilizing DPA countermeasures. To date, three of the six largest smart card chip manufacturers – Infineon, Renesas and NXP – have signed license agreements.

Until today, the licensees have come from the supplier side of the smart card value chain. This announcement with MasterCard represents the first reversal of this arrangement whereby a downstream entity (i.e. a payment association, card issuer, end user) has publicly mandated the use of DPA-licensed products. This puts pressure upstream forcing companies that supply chips and cards to MasterCard-issuing banks to be licensed.

In the announcement, MasterCard’s Christian Delporte said, “The new requirements and rigorous testing provide enhanced assurances to our smart cards and devices.”

“The agreement covers all smart cards and as well as other types of payment devices using a security chip,” Cryptography Research’s Kit Rodgers told SecureIDNews, suggesting that EMV contact cards, contactless cards, and even mobile handsets with a SIMs would be covered. “These devices need strong security including DPA countermeasures and MasterCard is acknowledging that our portfolio of protections is crucial.”

Will this trend continue throughout the payment industry and even into other industries? While many do not have a centralized entity such as MasterCard to mandate behavior, nearly every card-issuing industry has some organization, association, or body that at least influences or recommends security best practices. [end] 

Related Articles
Report: Contactless payment market - benefits to issuers, merchants?

Research and Markets announced the addition of Polasik Research’s contactless payment cards market report, “The Global Contactless Payment Cards Market”, to its offering.

The report describes the evolution contactless payment methods used at point-of-sale, with reference to the solutions offered under the American Express/MasterCard/Visa Agreement. The report also examines the prospects for the development of contactless payments all over the world, including the potential to develop into NFC-based mobile payments.

read more »
EMV adoption grows

More than three-quarters POS terminals enabled

Adoption of EMV as the universal payment standard gained further traction in 2011, with official figures revealing that more than 42% of all payment cards and nearly 76% of all terminals in circulation globally are based on EMV technology. These numbers, however, do not reflect the U.S.

read more »
MasterCard unveils payments road map

MasterCard introduced a road map focused on advancing the U.S. electronic payments system. The map, which includes the path for migration from magnetic stripe to EMV technology available on chip cards, will serve as the foundation for the next generation of products and services.

read more »
GlobalPlatform announces 2011-12 board election results

Marc Kekicheff, Visa’s senior business leader of chip innovation, has been re-elected chairman of GlobalPlatform, the group that standardizes the management of secure chip technology. Uwe Wittig, group vice president, payment division for Giesecke & Devrient, will remain the organization’s vice chair. In addition, Yves Moulart, director of development and innovation for STMicroelectronics, will remain secretary/treasurer.

read more »
U.S. contacless payment card shipments takes a dip

The 2011 contactless payment card shipments in the United States have taken a dramatic drop, according to ABI Research.

The number of shipments has fallen considerably when comparing against quarterly shipments achieved in 2010, explains Phil Sealy, research analyst, security and ID. And the drop in shipments has primarily been driven by some overriding factors including:

read more »
Ingenico, MasterCard bring contactless ticketing to Turkey

Ingenico announced the launch of a new conactless card payment system for public transportation in Eskisehir, Turkey.

Based on MasterCard’s M/Chip Advance technology, the new system will allow riders on Eskisehir’s buses and tramways to pay for fares with the tap of a contactless “Esparacard” card.

read more »

Ads by AVISIAN
Subscribe to the Contactless News Library
Gain access to the largest collection of Auto-ID analysis on the Internet.
Copyright © 2012, AVISIAN, Inc. All rights reserved.