IC Chip Cards Deemed Not Impregnable to Fraud

A government think tank raised yesterday the hacking danger in integrated circuit-mounted ATM cards amid controversy over their vulnerability to fraud.

According to a report obtained by ruling Grand National Party lawmaker Jin Su-hee from the National Security Research Institute, researchers copied IC chip cards including in-built code keys.

The report said the institute wired money with the copied cards with a bank confirmation sheet.

The Bank of Korea was found to have failed to require a mandatory security test on the accessory channels of the chip. Therefore, a criminal can trace back the codes with data based on electricity consumed and heat emitted while generating the code-processing rules.

The institute ran currency through the chips in tests, making the rules react differently and thereby induced the code keys.

The test results were submitted to the presidential office, the National Intelligence Service, the Bank of Korea and the Financial Supervisory Service but no action was taken.

When Rep. Jin raised the hacking vulnerability of the chips in a parliamentary hearing last week, financial authorities simply said certain chips are prone to the danger but added all credit cards and the majority of ATM cards do not use them.

The supervisory service is converting all magnetic strip-based cards to those using IC chips to prevent copying. The phased mandatory use of IC chip cards will be used in all credit transactions from 2010.

Thirty-five million ATM cards, or 90 percent of all cards in circulation, have IC chips, as do 76 percent of credit cards, or almost 51 million.

sys1201@donga.com