Government ID, Smart Cards, Identification and Authentication

MasterCard Worldwide says all chip-based payment products must be DPA-protected by Cryptography Research

Thursday, May 14, 2009

MasterCard Worldwide and Cryptography Research announced an agreement that ensures future chip-based MasterCard payment products will be licensed by Cryptography Research and thus secured against Differential Power Analysis (DPA) attacks.

Cryptography Research identified the smart card vulnerability known as DPA and then patented countermeasures to protect chips against the attack. The company has been working to encourage semiconductor manufacturers and chip card suppliers to sign license agreements (and pay license fees) for products utilizing DPA countermeasures. To date, three of the six largest smart card chip manufacturers – Infineon, Renesas and NXP – have signed license agreements.

Until today, the licensees have come from the supplier side of the smart card value chain. This announcement with MasterCard represents the first reversal of this arrangement whereby a downstream entity (i.e. a payment association, card issuer, end user) has publicly mandated the use of DPA-licensed products. This puts pressure upstream forcing companies that supply chips and cards to MasterCard-issuing banks to be licensed.

In the announcement, MasterCard’s Christian Delporte said, “The new requirements and rigorous testing provide enhanced assurances to our smart cards and devices.”

“The agreement covers all smart cards and as well as other types of payment devices using a security chip,” Cryptography Research’s Kit Rodgers told SecureIDNews, suggesting that EMV contact cards, contactless cards, and even mobile handsets with a SIMs would be covered. “These devices need strong security including DPA countermeasures and MasterCard is acknowledging that our portfolio of protections is crucial.”

Will this trend continue throughout the payment industry and even into other industries? While many do not have a centralized entity such as MasterCard to mandate behavior, nearly every card-issuing industry has some organization, association, or body that at least influences or recommends security best practices. [end] 

Related Articles
YESpay, YES-wallet deliver cloud-based NFC payments

The UK’s YESpay International and YES-wallet.com have teamed up to build an NFC-enabled cloud-based mobile payments platform.

By integrating the YES-wallet Pouch digital wallet with YESpay EMBOSS payment service, the companies will provide a platform that encompasses e-Money, pre-paid and gift-card payments based on Visa PayWave and MasterCard PayPass contactless standards.

read more »
Ingenico, MasterCard bring contactless ticketing to Turkey

Ingenico announced the launch of a new conactless card payment system for public transportation in Eskisehir, Turkey.

Based on MasterCard’s M/Chip Advance technology, the new system will allow riders on Eskisehir’s buses and tramways to pay for fares with the tap of a contactless “Esparacard” card.

read more »
MasterCard unveils payments road map

MasterCard introduced a road map focused on advancing the U.S. electronic payments system. The map, which includes the path for migration from magnetic stripe to EMV technology available on chip cards, will serve as the foundation for the next generation of products and services.

read more »
U.S. contacless payment card shipments takes a dip

The 2011 contactless payment card shipments in the United States have taken a dramatic drop, according to ABI Research.

The number of shipments has fallen considerably when comparing against quarterly shipments achieved in 2010, explains Phil Sealy, research analyst, security and ID. And the drop in shipments has primarily been driven by some overriding factors including:

read more »
EMV adoption grows

More than three-quarters POS terminals enabled

Adoption of EMV as the universal payment standard gained further traction in 2011, with official figures revealing that more than 42% of all payment cards and nearly 76% of all terminals in circulation globally are based on EMV technology. These numbers, however, do not reflect the U.S.

read more »
Quantum cryptography could be the real deal for smart phone security

Using smart phones for online banking and shopping has been promoted as the next big thing, but adoption has been slow, partly due to the fact that smart phones have security issues. Scientific American reports that this might change with the development of quantum cryptography.

read more »

Copyright © 2012, AVISIAN, Inc. All rights reserved.