MasterCard will protect chip-based payment products with Cryptography Research

As it was announced today, MasterCard Worldwide decided to license all it future chip-based MasterCard payment products with Cryptography Research and thus to secure against Differential Power Analysis (DPA) attacks. Cryptography Research identified the smart card vulnerability known as DPA and then patented countermeasures to protect chips against the attack. To date, three of the six largest smart card chip manufacturers – Infineon, Renesas and NXP – have signed license agreements for products utilizing DPA countermeasures. This announcement with MasterCard represents the first reversal of this arrangement whereby a downstream entity (i.e. a payment association, card issuer, end user) has publicly mandated the use of DPA-licensed products. This puts pressure upstream forcing companies that supply chips and cards to MasterCard-issuing banks to be licensed. Cryptography Research’s Kit Rodgers said: “The agreement between MasterCard and Cryptography Research covers all smart cards and as well as other types of payment devices using a security chip. These devices need strong security including DPA countermeasures and MasterCard is acknowledging that our portfolio of protections is crucial.” As for continuation of this trend throughout the payment industry or into other industries - while many do not have a centralized entity such as MasterCard to mandate behavior, nearly every card-issuing industry has some organization, association, or body that at least influences or recommends security best practices.