论文信息 - SafePay: Protecting against credit card forgery with existing magnetic card readers

SafePay: Protecting against credit card forgery with existing magnetic card readers

Existing magnetic cards adopt plain text to store confidential information, thus being vulnerable to an untrusted credit card reader or a skimming device. To tackle the problem, researchers have proposed several new techniques such as integrated circuit card (IC card) and mobile wallet applications [1]; however, none of them can support existing magnetic card readers thereby facing backwards compatibility issue. In this paper, to combat such credit card information leakages and remain backwards compatible, we propose SafePay, a system that transforms disposable credit card information to electrical current and drives a magnetic card chip to simulate the behavior of a physical magnetic card. We have implemented a prototype system of SafePay by a mobile phone and a prototype magnetic card chip. In the evaluation, we show that the current cost is about $0.5 excluding the phone, and the cost can be even lowered if manufactured in large scale. We also evaluated the prototype in experimental environment such as oscilloscope and real-world scenarios such as vending machines. The results show that the physical signal in oscilloscope is the same as the theoretical value, and meanwhile, we can successfully buy products in all the tested real-world scenarios.

[1] Giovanni Vigna,et al. Multi-module vulnerability analysis of web-based applications , 2007, CCS '07.

[2] Jeremy Andrus,et al. Cells: a virtual mobile smartphone architecture , 2011, SOSP '11.

[3] V. N. Venkatakrishnan,et al. Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[4] Christopher Krügel,et al. Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis , 2007, NDSS.

[5] Dimva,et al. Detection of Intrusions and Malware, and Vulnerability Assessment, 5th International Conference, DIMVA 2008, Paris, France, July 10-11, 2008. Proceedings , 2008, DIMVA.

[6] Ekrem Duman,et al. Detecting credit card fraud by genetic algorithm and scatter search , 2011, Expert Syst. Appl..

[7] Abhinav Srivastava,et al. Credit Card Fraud Detection Using Hidden Markov Model , 2008, IEEE Transactions on Dependable and Secure Computing.

[8] Niall M. Adams,et al. Transaction aggregation as a strategy for credit card fraud detection , 2009, Data Mining and Knowledge Discovery.

[9] Ieee Staff,et al. 2013 IEEE Conference on Communications and Network Security (CNS) , 2013 .

[10] V. N. Venkatakrishnan,et al. XSS-GUARD: Precise Dynamic Prevention of Cross-Site Scripting Attacks , 2008, DIMVA.