Using EMV Smartcards for Internet Payments
نویسندگان
چکیده
∗ This work was done while at the IBM Zurich Research Laboratory, Rüschlikon, Switzerland. This paper is an updated version of [12]. Abstract—Existing smartcards developed for point-ofsale payments are being considered for use in Internet transactions. Such use provides an alternative to designing new smartcard solutions supporting protocols more specifically designed for Internet payments, such as SET ([9]). In this paper, we analyze EMV’96 [7], a representative example of an existing payment smartcard specification. We investigate the security of possible Internet payment systems based on EMV, and suggest modifications that can enhance the security of an Internet payment scheme based on EMV.
منابع مشابه
Risks and Potentials of Using EMV for Internet Payments
Existing payment smartcards developed for traditional point-of-sale transactions are being considered for use in Internet transactions. Such solutions have been suggested as alternatives to using payment protocols more specifically designed for Internet payments (such as SET [6]) but often lacking smartcard support. In this paper, we analyze EMV’96 [5], a representative example of an existing p...
متن کاملe-EMV: Emulating EMV for Internet payments using Trusted Computing technology
The introduction of Static Data Authentication (SDA) compliant EMV cards with their improved cardholder verification and card authentication capabilities has resulted in a dramatic reduction in the levels of fraud seen at Point of Sale (POS) terminals. However, with this POS-based reduction has come a corresponding increase in the level of fraud associated with Internet-based Card Not Present (...
متن کاملOn the Security of the EMV Secure Messaging
We present new attacks against the EMV financial transaction security system (known in Europe as “Chip and PIN”), specifically on the back-end API support for sending secure messages to EMV smartcards. EMV is the new electronic payment system designed by VISA and Mastercard and widely deployed throughout Europe in the last 12 months. It aims to eventually supersede magnetic-stripe systems. Cust...
متن کاملMight Financial Cryptography Kill Financial Innovation? - The Curious Case of EMV
The credit card system has been one of the world’s great successes because of its adaptability. By the mid-1990s, a credit card had become a mechanism for authenticating a transaction by presenting a username (the card number) and a password (the expiry date, plus often a CVV) that was already used in mail order and could be adapted with little fuss to the Internet. Now banks in Europe, and inc...
متن کاملRelaying EMV Contactless Transactions using Off-The-Shelf Android Devices
Dutch banks introduced contactless payments in April 2014, and have been promoting the use of contactless cards since then. Contactless payments are based on the EMV specification, the worldwide standard for contact and contactless transactions. EMV Contact is a well-researched field and many vulnerabilities have been found. Although EMV Contactless is newer and less researched, a few vulnerabi...
متن کامل