SoK: Security of EMV Contactless Payment Systems
By: Mahshid Mehr Nezhad , Feng Hao , Gregory Epiphaniou and more
Potential Business Impact:
Finds ways to make contactless payments safer.
The widespread adoption of EMV (Europay, Mastercard, and Visa) contactless payment systems has greatly improved convenience for both users and merchants. However, this growth has also exposed significant security challenges. This SoK provides a comprehensive analysis of security vulnerabilities in EMV contactless payments, particularly within the open-loop systems used by Visa and Mastercard. We categorize attacks into seven attack vectors across three key areas: application selection, cardholder authentication, and transaction authorization. We replicate the attacks on Visa and Mastercard protocols using our experimental platform to determine their practical feasibility and offer insights into the current security landscape of contactless payments. Our study also includes a detailed evaluation of the underlying protocols, along with a comparative analysis of Visa and Mastercard, highlighting vulnerabilities and recommending countermeasures.
Similar Papers
SoK: Attacks on Modern Card Payments
Cryptography and Security
Finds ways to break phone payment security.
SoK: Stealing Cars Since Remote Keyless Entry Introduction and How to Defend From It
Cryptography and Security
Stops car thieves from unlocking your car.
Weak Enforcement and Low Compliance in PCI~DSS: A Comparative Security Study
Cryptography and Security
Makes credit card rules work better.