Risks and Potentials of Using EMV for Internet Payments

نویسندگان

  • Els Van Herreweghen
  • Uta Wille
چکیده

Existing payment smartcards developed for traditional point-of-sale transactions are being considered for use in Internet transactions. Such solutions have been suggested as alternatives to using payment protocols more specifically designed for Internet payments (such as SET [6]) but often lacking smartcard support. In this paper, we analyze EMV’96 [5], a representative example of an existing payment smartcard specification. We investigate which security requirements for an Internet payment system can and cannot be met when using EMV for Internet payments. We suggest possible modifications that can enhance the security of an Internet payment scheme based on EMV.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Using EMV Smartcards for Internet Payments

∗ This work was done while at the IBM Zurich Research Laboratory, Rüschlikon, Switzerland. This paper is an updated version of [12]. Abstract—Existing smartcards developed for point-ofsale payments are being considered for use in Internet transactions. Such use provides an alternative to designing new smartcard solutions supporting protocols more specifically designed for Internet payments, suc...

متن کامل

e-EMV: Emulating EMV for Internet payments using Trusted Computing technology

The introduction of Static Data Authentication (SDA) compliant EMV cards with their improved cardholder verification and card authentication capabilities has resulted in a dramatic reduction in the levels of fraud seen at Point of Sale (POS) terminals. However, with this POS-based reduction has come a corresponding increase in the level of fraud associated with Internet-based Card Not Present (...

متن کامل

Might Financial Cryptography Kill Financial Innovation? - The Curious Case of EMV

The credit card system has been one of the world’s great successes because of its adaptability. By the mid-1990s, a credit card had become a mechanism for authenticating a transaction by presenting a username (the card number) and a password (the expiry date, plus often a CVV) that was already used in mail order and could be adapted with little fuss to the Internet. Now banks in Europe, and inc...

متن کامل

Relaying EMV Contactless Transactions using Off-The-Shelf Android Devices

Dutch banks introduced contactless payments in April 2014, and have been promoting the use of contactless cards since then. Contactless payments are based on the EMV specification, the worldwide standard for contact and contactless transactions. EMV Contact is a well-researched field and many vulnerabilities have been found. Although EMV Contactless is newer and less researched, a few vulnerabi...

متن کامل

Harvesting High Value Foreign Currency Transactions from EMV Contactless Cards Without the PIN

In this paper we present an attack which allows fraudulent transactions to be collected from EMV contactless credit and debit cards without the knowledge of the cardholder. The attack exploits a previously unreported vulnerability in EMV protocol, which allows EMV contactless cards to approve unlimited value transactions without the cardholder's PIN when the transaction is carried out in a fore...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 1999