Point-of-sale (POS) systems introduce a number of security problems. In a traditional credit card model, the customer reveals his credit card number to the merchant. This allows a corrupt merchant to improperly use the customer's credit card.
To solve this problem, computer scientists have proposed the use of smart cards that can act as intermediate brokers. Smart cards are small handheld computational devices that can perform cryptographic operations. One type of smart card model is a stored value card containing an account balance register. The smart card is considered tamper-resistant, in that it is not feasible for any person to modify the smart card account balance without going through an approved protocol . Many recent smart cards provide mechanisms that will cause any attempt to physically read data in the smart card to result in all data being zeroed (e.g., US Federal Information Processing Standard 140-1 .)
Similarly, the merchant's POS computer will contain a tamper-resistant register representing the merchant's account balance. When a customer makes a purchase, the smart card account balance is decremented by the amount of the purchase, and the merchant's POS account balance is incremented by the same amount. Later, smart cards and POS systems report their current account balances to a computer acting as a bank, and their accounts are accordingly modified. If the registers are truly tamper-proof, this approach appears to provide a safe way to exchange values off-line. This approach (with slight modifications) is taken in the proposed MasterCard 2000 and Visa Stored Value Card systems [8, 10, 12].
A different set of approaches has been proposed by digital cash researchers [5, 6, 7]. ``Electronic wallets'' transfer an electronic token to the point-of-sale system. At a later time, the electronic token is ``cashed in'', for reconciliation, to the computer acting as a bank. Digital cash approaches typically provide anonymous transactions, and use fewer assumptions about tamper-resistance. In particular, Chaum  divides the smart card into an observer, a tamper-proof device trusted by the digital cash system, and the user's representative, in which the observer is embedded. The user has full control over the hardware embodying the representative, but has no internal access to the observer. The observer participates in Chaum's protocol and actively prevent double spending in such a way that the user need not trust the correctness of the observer with respect to leaking identity information; the observer may, however, cause denial of service.
However, both stored value cards and electronic wallets ignore one very feasible attack: since traditional smart cards do not contain any provision for directly displaying output or directly receiving input from the customer, they must depend on the merchant's POS system for I/O with the customer (this problem was observed in [3, 13, 14]). This introduces a significant vulnerability: for example, a corrupt merchant might try to charge the customer's smart card $1000 for the purchase of a gold watch while truthfully reporting on his POS display that the purchase is for a $10 watch battery. If the customer authorizes the smart card to transfer funds based on the displayed data, the merchant successfully defrauds the customer.
Note that the systemic threat that is being addressed by this paper differs dramatically from those being addressed by the above-mentioned observer model in digital cash systems. Here, we are concerned with the possibility of corruption of the POS terminal, so that the information displayed to the user -- as part of an authorization request -- shows one price, while the smart card is shown another. This variant of the Trojan Horse attack is impossible to solve without some way for the user to learn the true transaction value as seen by the smart card. In the observer model, Chaum assumes that the representative possesses secure I/O for communication with the user, a property not true of traditional smart cards.
This paper explores a number of variations in smart card designs that address this problem. We give an informal notation to describe equivalences of various smart card mechanisms to provide protection to interactions between the user and smart card where the smart card is accessed in a potentially hostile environment. These equivalences show that mechanisms that achieve certain security properties can be simulated by alternative mechanisms.
Further, we describe some potential designs for smart cards with additional I/O channels direct to the user. For example, these designs for smart cards contain LEDs that display values to be directly read by the smart card owner, or contain buttons to directly input material from the smart card owner. In this paper, we describe requirements for these I/O-enhanced smart cards and consequences of their theoretical security properties. However, we do not attempt here to discuss the physical construction, economics, or feasibility of various alternatives among these I/O-enhanced smart cards.