Skip to main content

Risks of Offline Verify PIN on Contactless Cards

Emms, Martin, Arief, Budi, Little, Nicholas, van Moorsel, Aad (2013) Risks of Offline Verify PIN on Contactless Cards. In: Sadeghi, Ahmad-Reza, ed. Lecture Notes in Computer Science. Lecture Notes in Computer Science LNCS , 7859. pp. 313-321. Springer Berlin Heidelberg, Berlin ISBN 978-3-642-39883-4. E-ISBN 978-3-642-39884-1. (doi:10.1007/978-3-642-39884-1_26)

PDF - Author's Accepted Manuscript
Download (225kB) Preview
[img]
Preview
Official URL
http://dx.doi.org/10.1007/978-3-642-39884-1_26

Abstract

Contactless card payments are being introduced around the world al- lowing customers to use a card to pay for small purchases by simply placing the card onto the Point of Sale terminal. Contactless transactions do not require veri- fication of the cardholder’s PIN. However our research has found the redundant verify PIN functionality is present on the most commonly issued contactless credit and debit cards currently in circulation in the UK. This paper presents a plausible attack scenario which exploits contactless verify PIN to give unlimited attempts to guess the cardholder’s PIN without their knowledge. It also gives experimental data to demonstrate the practical viability of the attack as well as references to support our argument that contactless verify PIN is redundant functionality which compromises the security of payment cards and the cardholder.

Item Type: Conference or workshop item (Proceeding)
DOI/Identification number: 10.1007/978-3-642-39884-1_26
Uncontrolled keywords: Contactless Payments, Verify PIN, NFC, EMV, Chip & PIN, Credit Card, Debit Card, Card Payment.
Subjects: Q Science > QA Mathematics (inc Computing science)
Divisions: Faculties > Sciences > School of Computing
Depositing User: Budi Arief
Date Deposited: 10 Feb 2016 18:08 UTC
Last Modified: 01 Aug 2019 10:40 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/54151 (The current URI for this page, for reference purposes)
Arief, Budi: https://orcid.org/0000-0002-1830-1587
  • Depositors only (login required):

Downloads

Downloads per month over past year