Cryptology ePrint Archive: Report 2009/387

Securing Plastic Money Using an RFID Based Protocol Stack

Rishab Nithyanand

Abstract: Since 2006, there have been three major systems that have been implemented in an attempt to reduce the threat of credit card fraud - Chip and PIN (United Kingdom), Chip Authentication Program - CAP (European Union), and RFID enabled credit cards (United States of America). In spite of a big effort by the EMV\footnote{EMV Co.: a body comprising of Europay, Mastercard, and Visa which develops standards for credit card interaction.}, there has been little evidence to demonstrate the success of these schemes in stopping fraudsters, scammers, and identity thieves. This may be attributed to combinations of poor usability, lack of trusted interfaces, the absence of smart-card cryptography that takes full advantage of the available computation resources, and inadequate authentication protocols. In this paper, we explain the shortcomings and vulnerabilities of each of these systems, and then explain requirements of a secure and usable cashless payment system. We also describe a new RFID based protocol stack - SECAPS (Secure Cashless Payment System), which obviates many of the attacks on the current schemes by using the newly available computation resources on modern RFID Tags.

Category / Keywords: Credit Cards, RFID

Date: received 6 Aug 2009, last revised 31 Oct 2009

Contact author: rishabn at uci edu

Available formats: PDF | BibTeX Citation

Version: 20091101:022729 (All versions of this report)

Discussion forum: Show discussion | Start new discussion