University of Cambridge > > Computer Laboratory Security Group meeting presentations > Might Financial Cryptography Kill Financial Innovation? - The Curious Case of EMV

Might Financial Cryptography Kill Financial Innovation? - The Curious Case of EMV

Add to your list(s) Download to your calendar using vCal

If you have a question about this talk, please contact Omar Choudary.

I will present our paper for the Financial Crypto ‘11 conference, which will take place next week in St. Lucia. The abstract is below:

The credit card system has been one of the world’s great successes because of its adaptability. By the mid-1990s, a credit card had become a mechanism for authenticating a transaction by presenting a username (the card number) and a password (the expiry date, plus often a CVV ) that was already used in mail order and could be adapted with little fuss to the Internet. Now banks in Europe, and increasingly elsewhere, have moved to the EMV \Chip and PIN ” system which uses not just smart cards but also \trusted” hardware. The cryptography supported by this equipment has made some kinds of fraud much rarer { although other kinds have increased, and the jury is still out on the net e ect. In the USA in particular, some banks and others oppose EMV on the grounds that it will damage innovation to move to a monolithic and inflexible system.

We discuss the eff ects that cryptographic lock-down might have on competition and innovation. We predict that EMV will be adapted to use cards as keys; we have found, for example, that the DDA signature can be used by third parties and expect this to be used when customers use a card to retrieve already-purchased goods such as air tickets. This will stop forged credit cards being used to board airplanes.

We also investigate whether EMV can be adapted to move towards a world in which people can use bank cards plus commodity consumer electronics to make and accept payments. Can the EMV payment ecology be made more open and competitive, or will it have to be replaced? We have already seen EMV adapted to the CAP system; this was possible because only one bank, the card issuer, had to change its software. It seems the key to innovation is whether its benefi ts can be made sufficiently local and incremental. We therefore explore whether EMV can be adapted to peer-to-peer payments by making changes solely to the acquirer systems. Finally, we discuss the broader issue of how cryptographic protocols can be made extensible. How can the protocol designer steer between the Scylla of the competition authorities and the Charybdis of the chosen protocol attack?

This talk is part of the Computer Laboratory Security Group meeting presentations series.

Tell a friend about this talk:

This talk is included in these lists:

Note that ex-directory lists are not shown.


© 2006-2023, University of Cambridge. Contact Us | Help and Documentation | Privacy and Publicity