Harvesting High Value Foreign Currency Transactions from EMV Contactless Credit Cards Without the PIN
- Submitting institution
-
The University of Kent
- Unit of assessment
- 11 - Computer Science and Informatics
- Output identifier
- 9703
- Type
- E - Conference contribution
- DOI
-
10.1145/2660267.2660312
- Title of conference / published proceedings
- Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security - CCS '14
- First page
- 716
- Volume
- -
- Issue
- -
- ISSN
- -
- Open access status
- -
- Month of publication
- November
- Year of publication
- 2014
- URL
-
https://kar.kent.ac.uk/54148/
- Supplementary information
-
-
- Request cross-referral to
- -
- Output has been delayed by COVID-19
- No
- COVID-19 affected output statement
- -
- Forensic science
- No
- Criminology
- No
- Interdisciplinary
- No
- Number of additional authors
-
4
- Research group(s)
-
-
- Citation count
- 9
- Proposed double-weighted
- No
- Reserve for an output with double weighting
- No
- Additional information
- This paper presents an attack which allows fraudulent transactions to be collected from contactless credit cards without the cardholder's knowledge. This is significant because, unlike other attacks, our attack can be performed offline without synchronization, making it more scalable. The paper attracted major financial organisations, e.g. Visa Europe collaborated with the authors on countermeasures. The EMV protocol (used by over a billion cards worldwide) was changed as direct consequence of the research.
- Author contribution statement
- -
- Non-English
- No
- English abstract
- -