Skip to main content
Kent Academic Repository

POS Terminal Authentication Protocol to Protect EMV Contactless Payment Cards

Emms, Martin and Arief, Budi and Hannon, Joseph and van Moorsel, Aad (2013) POS Terminal Authentication Protocol to Protect EMV Contactless Payment Cards. Technical report. CS-TR-1386 (KAR id:58709)


The original EMV protocol was designed to operate in a situation where the card holder removes their card from their wallet and insert the card into a Point of Sale (POS) terminal. The protocol operates predominantly in plaintext which was not a problem because the attackers needed to tamper with the POS to gain access to the information on the card. The introduction of contactless EMV cards exposes the mainly plaintext EMV protocol to a wireless interface. This allows attackers to use an off-the-shelf NFC reader to access the card without the cardholders knowledge and potentially whilst the card is still in their wallet. Research has demonstrated that contactless EMV cards are vulnerable to various attacks carried out using off-the- shelf equipment which is both cheap and easy to obtain. The proposed solution addresses these issues by having the card request that any NFC reader, attempting to initiate communication, must authenticate itself as a genuine bank issued POS. The POS does this using a Bank issued private key to sign a nonce provided by the card.

Item Type: Reports and Papers (Technical report)
Uncontrolled keywords: Contactless card payment, Elliptic Curve Cryptography, Point of Sale Authentication, EMV, Payment Protocol
Subjects: Q Science > QA Mathematics (inc Computing science)
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: Budi Arief
Date Deposited: 17 Nov 2016 09:57 UTC
Last Modified: 16 Nov 2021 10:23 UTC
Resource URI: (The current URI for this page, for reference purposes)

University of Kent Author Information

  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.