SMARTCARD MANUFACTURERS
Decisions for issuers
As EMV rolls out across Europe, issuers face a choice between static data authentication and dynamic data authentication, or DDA and SDA. While many banks migrate initially to SDA smart cards, most are likely to end up with DDA or its even more advanced alternative, CDA – combined date authentication
EMV may be a standard, but it still comes in several variants, leading to choices for issuers. One key choice is between dynamic and static data authentication, or DDA and SDA.
The purpose of data authentication in EMV is to check whether the card is genuine. Static data authentication checks data embedded in the card at the time of issuance, while dynamic data authentication checks data generated during the lifetime of the card.
By Jane Adams
“The purpose is for the card to authenticate itself at the POS with the equivalent of a signature,” says Dirk Jan van den Heuvel, MD of Collis, the Dutch test tools and consulting company: “With SDA, the signature is the same every time you authenticate. With DDA, the signature is only valid for one authentication.”
Static data comprises a digital certificate signed by the issuer’s public key plus an additional static data block signed by the issuer’s private key. With DDA, the card holds its own key and is able to generate a fresh digital certificate combining the time of a transaction and card, cardholder and merchant details for each transaction.
Theoretically, because SDA data does not change, a fraudster could capture it and use it to clone a card. In practice this has not yet occurred in real life. With DDA, it would not be possible at all.
The big practical difference between DDA and SDA is that DDA allows authentication, risk management and cardholder verification to be conducted offline. This is because DDA chips incorporate an additional component to generate data – a crypto co-processor. Of course, a card with a crypto co-processor could also have an SDA chip, but a card without one cannot run DDA.
A DDA chip enables a card’s PIN to be verified offline. The PIN entered into the PINpad can be either encrypted or not. To encrypt it, the card must have its own key pair and computation ability. DDA chips can do this; SDA chips cannot, creating potential vulnerability when SDA cards are used with stand-alone PINpads.
Offline verification also enables additional applications like digital signatures, opening up the possibility of applications like government ID on bank cards. However, at present there is little appetite anywhere in Europe for this sort of real estate sharing, because of inability to agree business terms, for reasons of cost or because applications or cryptographic methods are too divergent between the two sectors.
If EMV cards in a given country carry out all transactions online, then arguably only SDA is needed, as the cards are already conducting dynamic authentication online. This is the case with Visa Electron and Maestro, which always go online.
Countries like Finland and the UK have offline infrastructures under which the card’s EMV profile determines whether the transaction goes online. Inevitably, that means that some SDA cards stay offline for some transactions, a potential security risk.
However, DDA and offline authentication increase the range of applications which can be done with EMV cards, in particular low value contactless payments. “The real motivation for DDA is extending the debit proposition to low value,” says Pascal Dufour, VP and head of chip products management, MasterCard Worldwide. Dufour is, nonetheless, keen to dispel the impression that SDA is a serious security risk. “We have not seen massive attacks or fraud on SDA,” he adds.
By conducting payments offline, transaction times can be speeded up, which is important in real life retail environments. “Low value payments occur in situations where consumers want to go fast,” says Dufour. Speed can be less important in pilots. For example, in the UK the Royal Bank of Scotland contactless payment trials are being conducted in-house (where one would hope that the fraud risk is lower than average) and use SDA cards.
One card manufacturer claims to have heard that DDA will be mandated for contactless payments, as contactless cards are easier to skim. Neither Visa nor MasterCard confirms this. “I don’t think a decision has taken place, but it wouldn’t be a big surprise. Already for offline cards we have a high recommendation that you should use DDA,” says Pekka Mattila, VP and head of chip integration, Visa Europe.
“We can use the encrypted PIN option if the card reader is not integrated in the PINpad,” says Eero Vasenius, VP Nordea Bank Finland. One of the commonest places to have a separate PINpad and card reader is the PC environment, “so no one can tap the line and see what PIN has been keyed in,” he notes.
The first major European EMV roll-out, in the UK, used SDA cards. At present, Visa estimates that across Europe, 3%-5% of EMV cards are DDA. In fact, different countries are taking different approaches. Austria will use DDA, while Belgium will start with SDA, says Dufour: “Most markets migrate via SDA.”
That’s what happened in France, but from now on all new cards will be DDA. Currently 99.4% of Cartes Bancaires-branded cards are EMV-compliant, and 18.6% (over 9 million) use DDA (GCB figures from October 2006). All cards should use DDA by 2008. “It’s clearly an improvement in security to move from SDA to DDA,” says David Stephenson, head of international affairs at Groupement des Cartes Bancaires.
In addition, Banque de France has mandated that all transactions must either go online or be handled offline using a crypto-processor chip. “CB members decided that the second solution is preferable,” Stephenson says.
The decision was made on grounds of security rather than added applications such as the contactless trials currently being conducted by Crédit Mutuel. These are the concern of the individual banks, he says: “Our members share a technology platform but compete on services.”
In Germany, the national EMV operating system SECCOS is based on DDA and in general German issuers are issuing DDA cards, although a few credit card issuers who started their implementation programmes early use SDA cards.
“Most of the cards issued in Germany are based on the SECCOS operating platform,” says Oliver Hommel, group manager for debit and smart cards at BVR, the cooperative banks’ association: “When we started developing SECCOS in around 2000, we built it with DDA because of the extra security and the problems in security with SDA cards – they could be counterfeited. The other reason was product strategy. A lot of issuers were using their cards for very strong authentication methods such as digital signatures.”
These are online banking authentication applications, and there are no plans to put government applications on German bank cards. However, says Hommel: “We are discussing with the health sector and the government if we can use the same operating system, so getting more economies of scale on the chip production side.”
Nor is there much interest in Germany in contactless low value payments on EMV cards. “The major problem is the cost of the transaction,” says Hommel: “That’s the reason electronic purse systems were developed. We still believe that low value payments should be electronic purse transactions.”
Although the UK is purely SDA at present, growing bank interest in low value contactless payments may force a future move to DDA. So was it a mistake for the UK to start out with SDA? “Not really. We haven’t had any reported cases that an EMV SDA card has been compromised,” says Mattila: “But as you know there isn’t any such thing as 100% security. So we have to be a little bit ahead and that’s why banks will move to DDA when they see the appropriate time.”
“How much fraud has the UK sustained since it introduced SDA that it would not have sustained if it had been DDA,” asks Campbell Fisher, head of commercial development delivery at Royal Bank of Scotland: “The answer – zero. Yes, there have been attacks but they’ve all been on the magnetic stripe.”
Fisher points out the reality that banks need to make decisions which do not damage profitability over the short term. This applies to technology choices such as that between SDA and DDA as much as to anything else. “I can’t take (DDA) to a senior executive and make a business case that says that this will save you this much money next year, because it won’t,” he says: “The reality is that in the short term we will see zero benefits.”
Nonetheless UK banks are discussing DDA, particularly now that price and speed differences have disappeared. “The main reason we’re looking at DDA right now is not that there is fraud now on SDA, but we’ve got to look at a three-year cycle. So if we issue in 2007, the reissue cycle won’t complete till 2010,” says Fisher: “I don’t want to put a specific time on when we will start issuing DDA cards, but it should be sooner rather than later.”
In Switzerland, the EMV roll-out will complete in 2007 using DDA cards, although some banks have already issued SDA cards. “Most banks want to do the minimum to meet the liability shift,” comments Martin Ott, group purchasing and security supervisor at Swiss card manufacturer Trüb AG.
In the Nordic region there is a mixture of SDA and DDA cards. “I believe that most of the banks will move to DDA, but when, I do not know,” says Mattila.
“In Finland, we are the first and probably the only bank issuing DDA cards so far,” says Vasenius. Almost half of Nordea’s EMV cards in Finland use DDA, he adds: “We have the principle for our EMV migration that we recommend all countries to use DDA cards.” In Sweden, all Nordea EMV cards are DDA and when Nordea Finland starts to issue SEPA-compliant cards, they will all be DDA cards.
What factors does a bank or group of banks take into account when choosing between SDA and DDA?
In general, the primary issue is security. “In France, I think the driving thinking behind (the choice) was that there had been cases reported that the non-EMV domestic scheme had had some compromises,” says Mattila: “That drives the thinking of the authorities as well as the banks. In Germany, we generally feel they are security conscious so it might be just the normal attitude that they are more concerned.”
Performance is another question. At the time when the UK made its EMV planning decisions, there was a significant performance differential between DDA and SDA, with DDA’s extra security adding seconds at the POS. “It would have slowed down transactions and customer service would have been an issue,” says Fisher: “Some of the biggest retailers will happily tell you that one second longer per transaction costs a million pounds a year.”
With developments in chip technology, that difference is no longer significant. “At the moment, although we haven’t tested it to any great extent, there should be little perceptible difference,” Fisher adds: “However, that assumes you’ve got a terminal with a fairly up-to-date processor in it.”
There was also a price difference between SDA and DDA chips when the UK was making its EMV planning decisions, says Fisher: “DDA was a much more expensive product, significantly enough for us not to want to do it.”
Today, most people agree that the price difference at volume between DDA and SDA chips of the same size is minimal and at maximum no more than e0.25-e0.30 per chip. “We’ve produced around 60 million–70 million SECCOS cards and you get economies of scale,” says Hommel: “It becomes much cheaper. Plus chip hardware has become cheaper over the past few years and if you compare this price difference with the extra security you get, it’s a logical decision to pick a DDA card.” However, Trüb’s Ott points out that some manufacturers are offering larger DDA chips, increasing the price differential.
Collis looked into the issue of transaction speeds, says VP and manager, EMV competence centre, Maarten Bron: “We took EMV apart completely and constructed a mathematical model to see the effect of the longer key and we also found that the way the chip is personalized can make a difference.” But he adds: “The bottleneck is not 500 milliseconds for SDA or DDA chips – it’s the 5 or 6 seconds taken for PIN prompt and entry.”
The choice has no impact on terminal choice by acquirers and merchants, as all terminals must support both DDA and SDA cards by mandate from the associations.
Selection of DDA does make a minor difference to back office systems. “There is some work that needs to be done, but not to the same extent as introducing chip and PIN in the first place,” says Fisher. In addition, chip and PIN is only part of an overall fraud control strategy for banks.
“So as we move forward to DDA, there will be a re-evaluation of what the overall framework is,” he adds.
“DDA does make a difference to how you manage key data,” says Andy Brown, director of product marketing, ACI Worldwide: “Any bank that hasn’t taken that into account when developing a systems will have trouble upgrading. We programme for DDA with SDA as the exception.”
RBS took the same approach. “There was certainly an overall expectation that we’d be moving forward to DDA or CDA,” confirms Fisher.
And indeed, looking forward, banks will have a further option to consider – CDA or Combined Data Authentication, which was detailed in the EMV2000 specification. This works in the same way as DDA, but also protects against ‘man in the middle’ or ‘wedge’ attacks.
“The way the cryptography works in DDA prevents the cloning of cards, but it doesn’t absolutely preclude something coming between the card and the terminal,” says Fisher: “Now, that’s a fairly esoteric thing and you have to be really up to the mark to contemplate how to do it. In reality, being able to do it without detection is almost impossible. But it’s theoretically possible.”
The difference with respect to the card compared to DDA is a matter of personalization rather than extra hardware. CDA does require terminal changes and few terminals in the field are ready for CDA. However, that is today’s situation and banks are working on readying terminals for CDA and on ironing out any performance issues.
“If we can do that, there’s no reason why we shouldn’t go to CDA because the difference in terms of cost of chip is nothing,” says Fisher. Outside Europe some banks are choosing CDA – Aconite and Bell ID recently delivered a CDA-ready EMV solution to one of the biggest Saudi banks.
Back in Europe, France currently has no plans to move to CDA, although the banks are keeping a watching brief. In Germany, the next generation of the SECCOS operating system will use CDA. “In October 2007, we’ll see the first CDA cards issued to customers,” says Hommel.
Back
