Dynamic Virtual Credit Card Numbers

1
Dynamic Virtual Credit Card Numbers

• Ian Molloy, Jiangtao Li, and Ninghui Li

Financial Cryptography and Data Security Feb. 2007
2
Credit Card Numbers Get Stolen
3
(No Transcript)
4
(No Transcript)
5
(No Transcript)
6
(No Transcript)
7
Mitigating Stolen Credit Card Numbers
8
Card Verification Code

• Not mandatory
• Trust the Merchant
• Trust the Code
• Flaws in Systems
• Cartes Bancaires?

9

• Not used everywhere
• Online transactions only
• Not mandatory
• Requires Merchant changes

10
(No Transcript)
11
(No Transcript)
12
Transactional Proxy Numbers
13
Log into Server
14
Generate Number
5705 9585 3675 2745
15
Generate Number
5705 9585 3675 2745
16
Generate Number
5705 9585 3675 2745
17
Generate Number
5705 9585 3675 2745
18
Generate Number
5705 9585 3675 2745
19
Generate Number
5705 9585 3675 2745
5705 9573 6485 7658
20

• Requires Internet connection
• Must originate from Card issuer
• Per transaction communication

21
Offline
22
Without changing existing protocols
23
Lets Get Started
24
Credit CardNumber Format
25
(No Transcript)
26
First Digit
27
Major Industry Identifier
1 Airlines 3 Travel and Entertainment 4/5
Banking and Financial 6 Merchandizing
28
Digits One Through Six
29
Issuer Identifier
30
Digits Seven Through n
31
Account Number
This is the part you dont want getting out
32
Last Digit
33
Luhn Check Digit
Easily Calculated from the Previous Digits
34
(No Transcript)
35
Card Verification Code
Cryptographic Checksum of the face of the
card. Not on the magnetic strip
36
How does a transaction work?
37
Billing and Shipping Information
38
Billing and Shipping Information
Name, Address, Credit Card Number, etc.
39
Billing and Shipping Information
Merchant, Billing, and Transaction Information
40
Billing and Shipping Information
Merchant, Billing, and Transaction Information
Billing address can be verified at many levels of
granularity with the Address Verification Service
(AVS)
41
Billing and Shipping Information
Merchant, Billing, and Transaction Information
Accept/Reject, CVV AVS Response
42
Billing and Shipping Information
Merchant, Billing, and Transaction Information
Accept/Reject, CVV AVS Response
AVS Full match, partial match (5-digit zip vs
9-digit)
43
Billing and Shipping Information
Merchant, Billing, and Transaction Information
Accept/Reject, CVV AVS Response
Confirmation or Rejection
44
About Nine to Twelve Decimal Digits(29-39 bits)
45
Security Properties

• Complete
• We can always generate a VCC
• Sound
• We can always identify the original account
• Account Hiding
• Adversaries cannot find the credit card number
• Account Forgery
• Adversaries cannot create new valid VCC numbers

46
Possible Solutions
47
Use Credit Card Number as a Key
48
Brute-Force Attack Feasible
49
Add Additional Secrets
50
Social Security NumberorMothers Maiden Name
51
Smith? Johnson? Williams? Jones? Li?
Extremely Structured(Area - Group - ID)
52
Leaks Far More Sensitive Information
53
Public-Key Cryptography
54
Anyone Can EncryptLarge Ciphertext Space
Semantically Secure?
55
Need Additional Secret
56
Our Scheme
57
Dynamic Virtual Credit Card Numbers

• B - Billing Information
• C - Account Information
• T - Transaction Information
• P - Shared Secret
• H - Function from Secrets to Keys
• F - Function to calculate Keyed MAC

58
Generate

• Choose Expiration Date E
• Set s E B M T
• K H( C P )
• V FK(s) mod 10n
• Add Card Issuer and Luhn Code

59
Verification

• Identify C using the Address Verification
  Service (AVS)
• Find Secret P associated with C
• K H( C P )
• s From Merchant Submitted Values
• V FK(s) mod 10n
• Accept in V V

60
Real World Considerations
61
Multi-Use Numbers

• Bind to a Max amount, not a single value
• 0 Actual, 1 50, 2 100, ... , 9
  1000
• Choose single digit to encode the type
• Digits from FK(s) not used in V define
  permutation p
• Replace digit in V with p( )

62
Collisions Between Virtual and Actual Numbers

• We rely on the Address Verification Service
• If AVS is not provided, we must assume it is a
  standard account number
• If AVS is included
• Account number and CVV match, and its real (or C
  V)
• They do not, and it is virtual

63
Non-UniqueName-Address Pairs

• Probability two separate account match is
• Reject when there are collisions
• Use real CVV (or separate function on it)
• Add additional input, such as sequence number

64
Implementation

• Java 2 MicroEdition
• MIDlet 2.0 Profile
• Runs on Cell Phones
• SHA1 and HMAC

65
Security Analysis

• Need to show
• F is secure against forgery
• F is secure against account recovery
• We show
• If F is the trunc. of a PRF then F is a PRF
• Any PRF satisfies our security properties

66
Truncation

• If
  is a PRF, then is a PRF
• Build a distinguisher A for F that uses the
  distinguisher B for F

67
Truncation
A
x
x
B
y
trunc(y)
b
b
68
Secure Against Forgery

• If F is a PRF, then F is secure against forgery
• Build a distinguisher for F using a forgery for
  F

69
Forgery
x
A
x
B
y
trunc(y)
y,x
x
z
y trunc(z)
70
Secure AgainstAccount Recovery

• If F is a PRF, then F is secure against account
  recovery
• Requires preimage of H, or random guessing on C

71
Conclusion

• Secure Virtual Credit Card Scheme
• Difficult to Forge
• Difficult to gain original credit card number
• Generated offline
• Flexible to real-world constraints

72
Questions?