Special Uses and Sbuses of the Fiat-Shamir Passport Protocol
CRYPTO '87 A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology
Vulnerabilities in first-generation RFID-enabled credit cards
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Position statement in RFID S&P panel: RFID and the middleman
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
On the security issues of NFC enabled mobile phones
International Journal of Internet Technology and Secured Transactions
Practical NFC peer-to-peer relay attack using mobile phones
RFIDSec'10 Proceedings of the 6th international conference on Radio frequency identification: security and privacy issues
| Hi-index | 0.00 |
Recent roll-outs of contactless payment infrastructures-particularly in Austria and Germany - have raised concerns about the security of contactless payment cards and Near Field Communication (NFC). There are well-known attack scenarios like relay attacks and skimming of credit card numbers. However, banks and credit card schemes often mitigate these attacks. They explain that attacks are impractical (e.g. in a relay attack an attacker needs to have RF access to a victim's card while performing a payment transaction) or even impossible (e.g. skimmed data does not contain the dynamic authorization codes that are normally required to perform a payment transaction). This paper introduces an attack scenario on EMV contactless payment cards that permits an attacker to create functional clones of a card that contain the necessary credit card data as well as pre-played authorization codes. The card clones can then be used to perform a limited number of EMV Mag-Stripe transactions at any EMV contactless payment terminal.