Abstract
What lessons might we learn from the chip cards used for payments in Europe, now that the U.S. is adopting them too?
- Bond, M., Choudary, O., Murdoch, S.J., Skorobogatov, S., and Anderson, R. Chip and skim: Cloning EMV cards with the pre-play attack. In Proceedings of the IEEE Symposium on Security and Privacy (San Jose, CA, May 18--21, 2014).Google ScholarDigital Library
- Drimer, S. and Murdoch, S.J. Keep your enemies close: Distance bounding against smartcard relay attacks. In Proceedings of the USENIX Security Symposium (Boston, MA, Aug. 6--10, 2007). Google ScholarDigital Library
- Drimer, S., Murdoch, S.J., and Anderson, R. Thinking inside the box: System-level failures of tamper proofing. In Proceedings of the IEEE Symposium on Security and Privacy (Oakland, CA, May 18--21, 2008). Google ScholarDigital Library
- Murdoch, S.J. and Anderson, R. Security protocols and evidence: Where many payment systems fail. In Proceedings of Financial Cryptography and Data Security (Barbados, Mar. 3--7, 2014).Google ScholarCross Ref
- Murdoch, S.J., Drimer, S., Anderson, R., and Bond, M. Chip and PIN is broken. In Proceedings of the IEEE Symposium on Security and Privacy (Oakland, CA, May 16--19, 2010). Google ScholarDigital Library
Index Terms
- EMV: why payment systems fail
Recommendations
Harvesting High Value Foreign Currency Transactions from EMV Contactless Credit Cards Without the PIN
CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications SecurityIn this paper we present an attack, which allows fraudulent transactions to be collected from EMV contactless credit and debit cards without the knowledge of the cardholder. The attack exploits a previously unreported vulnerability in EMV protocol, ...
e-EMV: emulating EMV for internet payments with trusted computing technologies
STC '08: Proceedings of the 3rd ACM workshop on Scalable trusted computingThis paper shows how the functionality associated with EMV-compliant payment cards can be securely emulated in software on platforms supporting Trusted Computing technology. We describe a detailed system architecture encompassing user enrolment, card ...
Enhancing EMV Online PIN Verification
TRUSTCOM '15: Proceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA - Volume 01EMV (Europay MasterCard Visa) is a globally accepted standard for chip card-based payment transactions, which benefits from the intrinsic security characteristics of chip cards. The EMV specification is relatively flexible and can be deployed in both ...
Comments