Today we release a paper on security protocols and evidence which analyses why dispute resolution mechanisms in electronic systems often don’t work very well. On this blog we’ve noted many many problems with EMV (Chip and PIN), as well as other systems from curfew tags to digital tachographs. Time and again we find that electronic systems are truly awful for courts to deal with. Why?
The main reason, we observed, is that their dispute resolution aspects were never properly designed, built and tested. The firms that delivered the main production systems assumed, or hoped, that because some audit data were available, lawyers would be able to use them somehow.
As you’d expect, all sorts of things go wrong. We derive some principles, and show how these are also violated by new systems ranging from phone banking through overlay payments to Bitcoin. We also propose some enhancements to the EMV protocol which would make it easier to resolve disputes over Chip and PIN transactions.
Update (2013-03-07): This post was mentioned on Bruce Schneier’s blog, and this is some good discussion there.
Update (2014-03-03): The slides for the presentation at Financial Cryptography are now online.
Brian Krebs has a piece on US banks being hit with fraudulent card transactions from Bazilian banks in which fraudulent transactions on US cards that have not yet been issued as chip-and-pin cards are reported as chip transactions and accepted automatically as genuine by stand-in processors. This is something we wrote about in our paper (see reference 12). In fact, we first came across dishonest merchants misrepresenting mag-strip transactions as chip transactions several years ago when a UK cardholder was in dispute about alleged transactions in Turkey. In that case, he managed to prove his innocence by getting a sales clerk in the store to send him a copy of the till roll entry which showed the transaction was mag strip, contrary to the bank’s claim about its records.
Clearly this one will run and run.