One time PIN

Julian · 2016-04-12 17:30:06 UTC

I would love to be able to use one time PIN in public places. Or no PIN at all for one transaction only.

I thought this is impossible since you change PIN using an ATM but I got a weird situation yesterday: I tried to withdraw money from ATM. It accepted the PIN and allowed me to enter the amount. Then it returned some sort of non PIN related error but Mondo app said my PIN was wrong. So if it was not a bug then it looks like Mondo gets the PIN every time and maybe can introduce one time PIN?

Rika · 2016-04-12 17:44:48 UTC

Outside of ATMs at least, PINs are verified against the one on the card. That’s how offline transactions can work and why you get a PIN verified message immediately, before a terminal connects out to the network.

Revolut users get in to huge problems when they change their PIN in the app. The PIN on the card and the one on the network get out of sync causing your new PIN to work at ATMs but not in stores until you perform a very specific dance of menu options that only work in some ATMs around the world.

To do one time PIN, you’d need the card to somehow be aware of what the current PIN should be (either by timer or counter) without ever getting out of sync. Not sure if Mondo even has the power/money to write card side code to begin with.

JoshuaT · 2016-04-12 21:59:35 UTC

Its possible to have the card ‘aware’ of a new/temp pin but probably not ideal.

As an example at my work place we have RFID tags to enter buildings, they are similar to how the RFID tag works in your card. To program a new tag we swipe the tag over a device that writes data to the tag, which is also linked in with buildings security system.

An hypothesis would be that; an iPhone 6S with its NFC chip could be used with the Mondo app to reprogram the cards PIN.

As a developer I can see problems, feasibility and security being one, but also merits to this idea. It’s unique and does offer up new options that were not, nor ever could be, offered by other banks.

billinghamj · 2016-04-13 00:39:03 UTC

The levels of effort & money required to get an EMV app certified are insane, and I’d imagine it’d be worse if the app has any interaction with the PIN.

Not going to happen I wouldn’t think.

Rika · 2016-04-13 00:48:23 UTC

If you can manage that on an iPhone, I have a good friend at Apple in Core OS Security who would like to know. (Seriously.)

You could always theoretically restrict the CVMs to just Online PIN I suppose but then you’re ruling out offline transactions. There are other ways one time PINs could maybe work but I’m not convinced it offers enough of a security benefit to offset the huge downsides that comes with the various methods.

@billinghamj Yup, I asked around quickly and was practically laughed at.

dannysmith · 2016-04-13 05:50:37 UTC

You could send us all a stupid little plastic card reader with a screen and buttons that writes the new pin to the card… Oh wait.

JoshuaT · 2016-04-13 13:14:53 UTC

I believe with the current implementation within iOS there is no general access to the NFC controller, this is a little odd as other devices - such as Android - do allow for complete access and you can even write data to NFC tags as well as read them.

I hope once Apple is happy with the security of their NFC functionality they might open it up, I am dubious though. But I don’t see that helping too much though, as the IFM probably wont allow the update of data without the certificate (I don’t really know). If someone has enough money to create their own Interface Module and get a certificate from Mastercard, that would probably allow this functionality, but in any case that’s way too much work for now.

I currently don’t see the advantages outweighing the disadvantages here. Its a neat idea, if only to have on the “To-Do-Maybe-In-The-Future-If-Apple-Allows-It-And-We-Have-Enough-Money” list.

Rika · 2016-04-13 14:37:23 UTC

I don’t see Apple opening up that kind of access to the NFC controller on current or future devices. To explain why would require a deep dive in to iOS hardware security but this is a very deliberate limitation and gives the Wallet team near-exclusive access to that hardware for Apple Pay and NFC passes.

JoshuaT · 2016-04-13 15:13:22 UTC

Indeed I don’t see apple opening up full control to the NFC controller either, but I see a high level abstraction that would allow some restricted access.

I am mainly thinking at my place of work I have this RFID tag that I have to swipe to allow me access, and yes I do forget it, but I don’t forget my phone, so would be amazing to allow me to make an app that simulates the tag and deploy it to our staff. Can’t see that happening soon though.

Julian · 2016-04-13 15:04:46 UTC

It seems I got my hopes too high after seeing that error message

Operating on the card data definitely sounds like an overkill. As far as I know iPhone does not have an active NFC chip so it is probably impossible even for purely technical reasons.

Slightly off topic, why does the ATM send the PIN to the bank? In a first naive thought I would have assumed that during an ATM transaction the card would ask for PIN, unlock its private key and sign a challenge generated by the bank. Why send the PIN at all?