Cloning Credit Cards: A Combined Pre-play and Downgrade Attack on EMV Contactless
نویسندگان
چکیده
Recent roll-outs of contactless payment infrastructures – particularly in Austria and Germany – have raised concerns about the security of contactless payment cards and Near Field Communication (NFC). There are well-known attack scenarios like relay attacks and skimming of credit card numbers. However, banks and credit card schemes often mitigate these attacks. They explain that attacks are impractical (e.g. in a relay attack an attacker needs to have RF access to a victim’s card while performing a payment transaction) or even impossible (e.g. skimmed data does not contain the dynamic authorization codes that are normally required to perform a payment transaction). This paper introduces an attack scenario on EMV contactless payment cards that permits an attacker to create functional clones of a card that contain the necessary credit card data as well as pre-played authorization codes. The card clones can then be used to perform a limited number of EMV Mag-Stripe transactions at any EMV contactless payment terminal.
منابع مشابه
Harvesting High Value Foreign Currency Transactions from EMV Contactless Cards Without the PIN
In this paper we present an attack which allows fraudulent transactions to be collected from EMV contactless credit and debit cards without the knowledge of the cardholder. The attack exploits a previously unreported vulnerability in EMV protocol, which allows EMV contactless cards to approve unlimited value transactions without the cardholder's PIN when the transaction is carried out in a fore...
متن کاملRelaying EMV Contactless Transactions using Off-The-Shelf Android Devices
Dutch banks introduced contactless payments in April 2014, and have been promoting the use of contactless cards since then. Contactless payments are based on the EMV specification, the worldwide standard for contact and contactless transactions. EMV Contact is a well-researched field and many vulnerabilities have been found. Although EMV Contactless is newer and less researched, a few vulnerabi...
متن کاملRelay Cost Bounding for Contactless EMV Payments
This paper looks at relay attacks against contactless payment cards, which could be used to wirelessly pickpocket money from victims. We discuss the two leading contactless EMV payment protocols (Visa’s payWave and MasterCard’s PayPass). Stopping a relay attack against cards using these protocols is hard: either the overhead of the communication is low compared to the (cryptographic) computatio...
متن کاملSecurity Enhanced EMV-Based Mobile Payment Protocol
Near field communication has enabled customers to put their credit cards into a smartphone and use the phone for credit card transaction. But EMV contactless payment allows unauthorized readers to access credit cards. Besides, in offline transaction, a merchant's reader cannot verify whether a card has been revoked. Therefore, we propose an EMV-compatible payment protocol to mitigate the transa...
متن کاملNFC Payment Spy: A Privacy Attack on Contactless Payments
In a contactless transaction, when more than one card is presented to the payment terminal’s field, the terminal does not know which card to choose to proceed with the transaction. This situation is called card collision. EMV (which is the primary standard for smart card payments) specifies that the reader should not proceed when it detects a card collision and that instead it should notify the...
متن کامل