Heartland Data Breach: MasterCard Introduces 'Tamper-Resistant' ChipMasterCard will use a cryptographic countermeasure technology in its smart credit cards to protect them from being tampered with or read by hackers. Cryptography Research, Inc. and MasterCard Worldwide announced that they have signed an agreement relating to Cryptography Research's patent portfolio covering countermeasures to Differential Power Analysis (DPA).
This news comes after several big data breaches have hit consumers, banks and credit card companies, including Hannaford Bros., Heartland Payment Systems and RBS WorldPay in the last year.
What is DPA?
DPA is a tool that allows extraction of secret keys to compromise the security of smart cards and other cryptographic devices by analyzing their power consumption. The technique involves the analysis of the measurements of how much electrical power a chip is consuming as it operates, to figure out what the cryptographic keys are. It is similar to listening to the clicks coming from a safe to figure out what the combination is, but instead of using sound, you're using electrical power consumption. Unlike physical attacks, DPA attacks are non-invasive, easily-automated, and can be mounted without knowing the design of the target device.
MasterCard's 'Smarter' Card
Beginning now, MasterCard says it will require that vendors of smart cards and other cryptographic products that utilize DPA countermeasures be licensed from Cryptography Research in order to be used on MasterCard's payment networks. How does DPA work to protect the card information? CRI's Kit Rodgers explains, "On the technology side, DPA countermeasures are continually present on the payment device chip hardware. They are always 'on' when the chip is in use. DPA countermeasures are hardware and software design techniques whose primary goal is to make it difficult for attackers to use DPA to analyze/break a chip."
MasterCard's Erica Harvill, director of Communications, says that some of MasterCard's vendors already are using licensed products with the CRI solution and that the remaining vendors will be making the transition to the CRI solution in the near future.
"We recognize the importance of Cryptography Research's DPA technology and intellectual property in the area of tamper-resistant semiconductors," said Christian Delporte, Vice President, Chip Centre of Excellence, MasterCard Worldwide. "The new requirements and rigorous testing provide enhanced assurances to our smart cards and devices."