Network issues and payment systems

Highways, railroads, pipelines—we see or hear about these types of physical networks almost every day. But information systems, such as the Internet, and payment systems, such as ATMs and credit cards, also involve networks. Hence, understanding the economics of networks and the unique features of network-dependent industries is crucial to modern life. In this article, James McAndrews outlines some of the unique features of network-dependent industries. He also analyzes some related payment-system issues and demonstrates that determining appropriate public policy would be difficult without a knowledge of the economics of payment networks.Payment systems

Chip and Skim: cloning EMV cards with the pre-play attack

EMV, also known as "Chip and PIN", is the leading system for card payments worldwide. It is used throughout Europe and much of Asia, and is starting to be introduced in North America too. Payment cards contain a chip so they can execute an authentication protocol. This protocol requires point-of-sale (POS) terminals or ATMs to generate a nonce, called the unpredictable number, for each transaction to ensure it is fresh. We have discovered that some EMV implementers have merely used counters, timestamps or home-grown algorithms to supply this number. This exposes them to a "pre-play" attack which is indistinguishable from card cloning from the standpoint of the logs available to the card-issuing bank, and can be carried out even if it is impossible to clone a card physically (in the sense of extracting the key material and loading it into another card). Card cloning is the very type of fraud that EMV was supposed to prevent. We describe how we detected the vulnerability, a survey methodology we developed to chart the scope of the weakness, evidence from ATM and terminal experiments in the field, and our implementation of proof-of-concept attacks. We found flaws in widely-used ATMs from the largest manufacturers. We can now explain at least some of the increasing number of frauds in which victims are refused refunds by banks which claim that EMV cards cannot be cloned and that a customer involved in a dispute must therefore be mistaken or complicit. Pre-play attacks may also be carried out by malware in an ATM or POS terminal, or by a man-in-the-middle between the terminal and the acquirer. We explore the design and implementation mistakes that enabled the flaw to evade detection until now: shortcomings of the EMV specification, of the EMV kernel certification process, of implementation testing, formal analysis, or monitoring customer complaints. Finally we discuss countermeasures

Annual report 2013

Podeu consultar la versió en català a: http://hdl.handle.net/11703/8810

Annual report 2012

Podeu consultar la versió en català a: http://hdl.handle.net/11703/8810

Activity 2006

Podeu consultar la versió en català a: http://hdl.handle.net/11703/8809

Blackouts: a sociology of electrical power failure

Electricity fuels our existence. It powers water purification, waste, food, transportation and communication systems. Modern social life is impossible to imagine without it. This article looks at what happens when the power goes off. It scrutinises the causes and consequences of accidental electrical power cuts. It begins by identifying the reasons for power failure. In doing so, power generation systems are identified as critical infrastructures. They are more fragile than is commonly supposed, and the argument is made that they are getting frailer. Irrespective of cause, blackouts display similar effects. These social patterns are identified. They include measurable economic losses and less easily quantified social costs. Financial damage, food safety, crime, transport issues and problems caused by diesel generators are all discussed. This is more than a record of failures past. It is contended that blackouts are dress rehearsals for the future in which they will appear with greater frequency and greater severity. Increasing numbers of blackouts are anticipated due to growing uncertainties in supply and growing certainties in demand. Supply will become ever more precarious because of peak oil, political instability, infrastructural neglect, global warming and the shift to renewable energy resources. Demand will become stronger because of population growth, rising levels of affluence and the consumer ‘addictions’ which accompany this

Efficiency and costs of payments: some new evidence from Finland

This paper deals with optimal payment systems. The issue boils down to how large are the costs of different payment media, which can be interpreted as a question of the efficiency of the means of payment. However, there are other qualifications related to the choice of payment media. Here, at least three issues can be distinguished. First is the question of optimal payment medium for each individual payment (size, location, EFTPOS etc.). This choice is not independent of the individual characteristics of the payer and payee. Secondly, there is the question of cost effectiveness of payments for different institutions and sectors. The final issue concerns the social optimum for each payment medium. These issues have been particularly controversial in the case of cash, which is still the dominant payment medium in most euro countries. Part of the controversy arises from the fact that the costs and benefits of different payment media affect different market participants in quite different ways, so that a possible social optimum might not correspond eg to the optima for different firms. The paper contains a short review of calculation methods and empirical results for a sample of countries. It also provides new evidence from Finland, which is to an extent one of the front-runners in payment technology and institutional design in payment systems. This shows up in relatively low overall costs of payments. Our estimate of total costs of payment media is 0.3 per cent of GDP, which is very low by international standards.payment media; cash; payment systems; costs of payments