Securing NFC Credit Card Payments Against Malicious Retailers
نویسندگان
چکیده
The protocol by which “contactless” (NFC) credit cards operate is insecure. Previous work has done much to protect this protocol from malicious third parties, e.g. eavesdroppers, credit card skimmers, etc. However, most of these defenses rely on the retailers being honest, and on their Points of Sale following the credit card protocol faithfully. In this paper, we extend the threat model to include malicious retailers, and remove any restrictions on the operation of their Points of Sale. In particular, we identify two classes of attacks which may be executed by a malicious retailer: Over-charge attacks exploiting victim customers, and Transparent Bridge attacks exploiting victim retailers. We then extend the protocol from previous work in order to defend against these attacks, protecting cardholders and honest retailers from malicious retailers.
منابع مشابه
An Off-the-shelf Relay Attack in a Contactless Payment Solution
The enhanced Radio-Frequency Identification (RFID) technology called Near Field Communication (NFC), is a standards-based wireless communication technology. Passive NFC devices, such as contactless smart cards use NFC to communicate with other devices without any physical connection, or an internal battery source, deriving power inductively via the radio field generated by the NFC reader device...
متن کاملA Secure Communication Model for HCE based NFC Services
Near Field Communication (NFC) is a new promising short-range wireless communication technology that provides ease of use by triggering the communication with a simple touch and making the user feel secure by short distance communication. Most promising functionality of NFC technology is via card emulation operating mode that enables an NFC Smartphone to behave like a contactless smart card. By...
متن کاملValue-based Adoption of Contactless near Field Communication (nfc) Payments: an Empirical Investigation
The objective of this study is to investigate empirically the adoption of credit card contactless payments with smartphones. Contactless Near Field Communication (NFC) mobile payments, that are sought to develop exponentially worldwide in the near future due to their unquestionable advantages, may also face some user doubts. To investigate consumer possible positive and negative perceptions abo...
متن کاملMeasuring 3-d Secure and 3d Set against E- Commerce End-user Requirements
The threat of credit card fraud is arguably the most serious issue of concern to e-commerce participants, including consumers and merchants. SSL/TLS and SET are two widely discussed means of securing online credit card payments. Because of implementation issues, SET has not really been adopted by e-commerce participants, whereas, despite the fact that it does not address all security issues, SS...
متن کاملSecuring End-to-End Internet communications using DANE protocol
Association Française pour le Nommage Internet en Coopération | www.afnic.fr | [email protected] | Twitter : @AFNIC | Facebook : afnic.fr Today, the Internet is used by nearly 2.5 billion people to communicate, provide/get information. When the communication involves sensitive information such as bank details, credit card numbers, health records etc., the communication method must be secure. The...
متن کامل