Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks

As Alice inserts her card, Bob sends a message to his accomplice, Carol, who is about to pay $2 000 for a expensive diamond ring at honest Dave’s jewellery shop. Carol inserts a counterfeit card into Dave’s terminal. This card is wired to a laptop in her backpack, which communicates with Bob’s laptop using mobile phones. The data to and from Dave’s terminal is relayed to the restaurant’s counterfeit terminal such that the diamond purchasing transaction is placed on Alice’s card. The PIN entered by Alice is recorded by the counterfeit terminal and is sent, via a laptop and wireless headset, to Carol who enters it into the genuine terminal when asked. The result is that the crooks have paid for a diamond ring using Alice’s money, who got her meal for free, but will be surprised when her bank statement arrives.