The Toronto Star
Monday, October 6, 1997
pages E1, E2

Security of `cash cards' questioned

by Bob Brehl, bbrehl@thestar.ca

Photo: Kevin Argue
Whistle Blower: Computer science professor David Jones posted a secret bank memo on the Internet claiming the Mondex cash card had been compromised.
Is your money safe with electronic cash cards?

That is a question raging among computer security experts and hackers around the world, especially after word went out recently on the Internet that the Mondex computer chip had been hacked.

Mondex International Ltd. denies the security of their chip had been compromised.

The company's security officials insist the smart cards are a safe and convenient alternative to cash.

Unlike bank, credit, and debit cards, Mondex cards are almost like cash because customers load value on to them and this electronic sum can be spent at stores, payphones, and restaurants. Bank verification over phone lines is not needed.

Customers can even exchange E-cash between themselves from one card to another. This cuts down on infrastructure costs for authorization but means security must be confined to the microchip embedded in the card.

One of Mondex's largest pilot projects is in full swing now in Guelph, involving the big Canadian banks, Bell Canada, and more than $1 million of customers' electronic cash floating around.

(The Canadian banks contacted referred questions to Mondex security in London, England. Bell officials chose not to get back to The Star.)

An even bigger Mondex trial is set to begin in Manhattan later this month.

Mondex plans to hit the mass market next year and expects at least 5 million re-loadable E-cash cards in international circulation by the end of 1998.

``Tamper-resistant smart cards are illusory'', says Ross Anderson, a computer security expert at Cambridge University in England.

``The technology to break the new Mondex chip is in the field, well understood, and used by established Pay-TV hackers'', Anderson says.

Secret bank memo questions security of Mondex `cash card'

David Jones, a computer science professor at McMaster University in Hamilton and president of Electronic Frontier Canada, was threatened with legal action for putting on the Internet a secret memo from the National Bank of New Zealand about Mondex security.

``The risk remains that a significant technical weakness may be found in the (Mondex) 3109 chips'', the memo concluded.

In Guelph, an older 3101 chip is being used in trials.

Mondex officials said the memo is almost 18 months old, and therefore out of date.

Ken Warren, a senior Mondex security official in London, England, admits no card is tamper-proof but he disputes his company's chip could be hacked by just anyone today.

``There's no such thing as perfect security'', Warren said in a telephone interview from his home outside London.

He says Mondex chips are far more secure than Pay-TV systems because the satellite and cable box encryption has ``been patchwork'' while Mondex has set out from the beginning with security as a top priority.

Even still, if there are security breaches they will be contained, Warren says.

``You design your system to tolerate elements of security being breached. The system is not dead in the water even if that happens.''

For instance, he says, credit card fraud runs in the 2 to 3 per cent range and that cost is borne much the same way as grocery store prices are a little higher to take into account the cost of shoplifting.

``The technology to forge magnetic stripe cards is incredibly simple. Videotape, a corn flakes box, and an iron can do you a functional forgery'', Warren says.

``If you had a war chest to go out and attack something, there are an awful lot of softer targets around than smart cards.

``There's always going to be an arms race between the prevention and the hacking'', he says.

Jones says there is a possibility a hacker could get into the Mondex system and drain out vast amounts of the electronic currency that is backing up all the cards.

``Given we've just had the Bre-X fiasco, I think we should be more critical here'', Jones says. ``On what knowledge of Mondex's security did all these big Canadian banks jump on the bandwagon?''

Warren says he cannot go into details about security and cryptography because anything said aids the crooks.

Security knowledge is on a need-to-know basis, he says.

``Just because you've got the best safe in the world doesn't mean you'd put it in the middle of Central Park.''

But, in general terms, Warren says Mondex has several layers of security built into each chip so that if one is peeled off others will remain.

Even if all the layers are peeled, Mondex has a monitoring system ``to detect abnormal behaviour'' and a last-resort ability to shut down the system if a serious fraud was in process, Warren says.

7,500 Mondex card holders in the Guelph area have downloaded about $1 million to the cards in a pilot project

Jones says by that time, it could be too late and bank customers could be on the hook for hundreds of millions of dollars.

Such doomsday scenarios are far-fetched, Warren says.

``Nothing's impossible. But it is beyond the realm of any possibility that I can see'', he says.

The so-called ``melt-down'' scenario ``is sort of like saying cars have accidents, people die in accidents, therefore we should eliminate all cars'', Warren says.

He also says it would be ``virtually impossible'' for a crook to mass produce the cards loaded with counterfeit electronic currency and then sell them.

``Every Mondex card is unique (but) by cracking one, you can duplicate that card. The only people in position to make the (forged) chips are the semiconductor companies and they're not going to do that'', Warren told The Star.

``Even if they did, all you would be doing is issuing a number of cards that could interact in the Mondex scheme'', he says, adding that any attempt at massive cash outs would wave a red flag at authorities.

On the other hand, under the scenario, one could purchase a lot of items using the fake Mondex card.

The card was first developed by Britain's NatWest Group in 1990. Mondex is now controlled by MasterCard International Ltd.

Mondex Canada, owned by the Bank of Montreal, the Canadian Imperial Bank of Commerce, Canada Trust, the Credit Union Central of Canada, the Royal Bank, the Bank of Nova Scotia, and the Toronto Dominion Bank, has the rights in this country.

There are now 7,500 Mondex card holders in the Guelph area who have downloaded about $1 million on to the cards.

Anderson says he takes all computer and technology security talk from banks with a grain of salt.

``Until a few years ago, the banks used to say that their cash machines couldn't possibly be wrong'', says Anderson, from his Cambridge office.

``So if you had a phantom withdrawal on your account that was your tough luck. You must be mistaken, or lying, or colluding with a crook.

``This idiocy was shot to pieces. I was an expert witness for police (in a case against hackers of ATM machines) because some of the banking people here tried to get the villains off so that there wouldn't be a precedent on record that could be used against the banks in civil claims'' by honest customers who had money taken from their accounts, Anderson says.

``Before that time we actually had people here prosecuted for fraud when they complained about phantom withdrawals'', he says.

As Jones says, ``I am a computer scientist, not a Luddite. I am a fan of technology. Are Mondex cards better than stripe cards? Yes.''

``But are these smart cards as secure as Mondex would lead us to believe? No. And I think customers and shareholders of these banks should know that.''

Warren says Mondex cards are the most secure of current electronic money devices and if there is a business model for credit cards, despite widespread fraud, there is also a business model for Mondex so people won't have to walk around with their pockets loaded with change.

Copyright © 1997 by The Toronto Star. All Rights Reserved. Reprinted with permission.