Cryptology ePrint Archive: Report 2018/402

Another Look at Relay and Distance-based Attacks in Contactless Payments

Ioana Boureanu and Anda Anda

Abstract: Relay attacks on contactless e-payments were demonstrated in 2015. Since, countermeasures have been proposed and Mastercard has recently adopted a variant of these in their specifications. These relay-counteractions are based on the payment-terminal checking that the card is close-by. To this end, several other EMV-adaptations have emerged, with the aim to impede dishonest cards cheating on their proximity-proofs. However, we argue that both the former and the latter measures are ineffective.

We only sketch possible designs in the right directions, with the idea to pass on the message that these problems should be look at much more carefully.

We shortly debate what should and should not be the case w.r.t. confirmation of EMV contactless payments.

We also discuss alternative views onto making contactless payments secure against relay-attacks via proximity-checking.

Category / Keywords:

Date: received 1 May 2018

Contact author: icboureanu at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20180503:064528 (All versions of this report)

Short URL: ia.cr/2018/402


[ Cryptology ePrint archive ]