Heartland Data Breach: MasterCard Introduces 'Tamper-Resistant' Chip

MasterCard will use a cryptographic countermeasure technology in its smart credit cards to protect them from being tampered with or read by hackers. Cryptography Research, Inc. and MasterCard Worldwide announced that they have signed an agreement relating to Cryptography Research's patent portfolio covering countermeasures to Differential Power Analysis (DPA).

This news comes after several big data breaches have hit consumers, banks and credit card companies, including Hannaford Bros., Heartland Payment Systems and RBS WorldPay in the last year.

What is DPA?

DPA is a tool that allows extraction of secret keys to compromise the security of smart cards and other cryptographic devices by analyzing their power consumption. The technique involves the analysis of the measurements of how much electrical power a chip is consuming as it operates, to figure out what the cryptographic keys are. It is similar to listening to the clicks coming from a safe to figure out what the combination is, but instead of using sound, you're using electrical power consumption. Unlike physical attacks, DPA attacks are non-invasive, easily-automated, and can be mounted without knowing the design of the target device.

MasterCard's 'Smarter' Card

Beginning now, MasterCard says it will require that vendors of smart cards and other cryptographic products that utilize DPA countermeasures be licensed from Cryptography Research in order to be used on MasterCard's payment networks. How does DPA work to protect the card information? CRI's Kit Rodgers explains, "On the technology side, DPA countermeasures are continually present on the payment device chip hardware. They are always 'on' when the chip is in use. DPA countermeasures are hardware and software design techniques whose primary goal is to make it difficult for attackers to use DPA to analyze/break a chip."

MasterCard's Erica Harvill, director of Communications, says that some of MasterCard's vendors already are using licensed products with the CRI solution and that the remaining vendors will be making the transition to the CRI solution in the near future.

"We recognize the importance of Cryptography Research's DPA technology and intellectual property in the area of tamper-resistant semiconductors," said Christian Delporte, Vice President, Chip Centre of Excellence, MasterCard Worldwide. "The new requirements and rigorous testing provide enhanced assurances to our smart cards and devices."

About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.