Towards More Secure Cardholder Verification in Payment Systems

This paper introduces a new cardholder verification method using a multi possession-factor authentication with a distance bounding technique. It adds an extra level of security to the verification process and utilizes the idea of distance bounding which prevents many different security attacks. The proposed method gives the user the flexibility to add one or more extra devices and select the appropriate security level. This paper argues that the proposed method mitigates or removes many popular security attacks that are claimed to be effective in current card based payment systems, and it can help to reduce fraud on payment cards. Furthermore, the proposed method provides an alternative verification technique and enables cardholders with special needs to use the payment cards and make the payment system more accessible.

[1]  U. B. Ceipidor,et al.  KerNeeS: A protocol for mutual authentication between NFC phones and POS terminals for secure payment transactions , 2012, 2012 9th International ISC Conference on Information Security and Cryptology.

[2]  Stefan Savage,et al.  Heat of the Moment: Characterizing the Efficacy of Thermal Camera-Based Attacks , 2011, WOOT.

[3]  Mohammad Sifatullah Bhuiyan,et al.  Securing Mobile Payment Protocol based on EMV Standard , 2012 .

[4]  Cacm Staff Is computing science , 2013 .

[5]  Olaf Henniger,et al.  Extending EMV Payment Smart Cards with Biometric On-Card Verification , 2013, IDMAN.

[6]  Budi Arief,et al.  Risks of Offline Verify PIN on Contactless Cards , 2013, Financial Cryptography.

[7]  Mike Bond,et al.  Chip and Skim: Cloning EMV Cards with the Pre-play Attack , 2012, 2014 IEEE Symposium on Security and Privacy.

[8]  Aad van Moorsel,et al.  The Dangers of Verify PIN on Contactless Cards , 2012 .

[9]  Ross J. Anderson,et al.  A Birthday Present Every Eleven Wallets? The Security of Customer-Chosen Banking PINs , 2012, Financial Cryptography.

[10]  David Brumley,et al.  Proceedings of the 5th USENIX conference on Offensive technologies , 2011 .

[11]  Pavol Zavarsky,et al.  The implementation of a full EMV smartcard for a point-of-sale transaction , 2012, World Congress on Internet Security (WorldCIS-2012).

[12]  Markus G. Kuhn,et al.  An RFID Distance Bounding Protocol , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[13]  Jeroen Breebaart,et al.  Evaluation of a template protection approach to integrate fingerprint biometrics in a PIN-based payment infrastructure , 2011, Electron. Commer. Res. Appl..

[14]  Pavol Zavarsky,et al.  Fraud Reduction on EMV Payment Cards by the Implementation of Stringent Security Features , 2012 .

[15]  Martin Emms,et al.  Practical Attack on Contactless Payment Cards , 2011 .

[16]  Joseph Bonneau,et al.  What's in a Name? , 2020, Financial Cryptography.

[17]  Hae Yong Kim,et al.  Identification of Pressed Keys From Mechanical Vibrations , 2013, IEEE Transactions on Information Forensics and Security.

[18]  Gyanendra Prasad Joshi,et al.  Survey, Nomenclature and Comparison of Reader Anti-Collision Protocols in RFID , 2008 .

[19]  Pavol Zavarsky,et al.  The Implementation of a Full EMV Smartcard for a Point-of-Sale Transaction and Its Impact on the PCI DSS , 2012, 2012 International Conference on Privacy, Security, Risk and Trust and 2012 International Confernece on Social Computing.

[20]  Simone Fischer-Hübner,et al.  Policies and Research in Identity Management - First IFIP WG11.6 Working Conference on Policies and Research in Identity Management (IDMAN'07), RSM Erasmus University, Rotterdam, The Netherlands, October 11-12, 2007 , 2008, IDMAN.

[21]  Susan Wiedenbeck,et al.  Design and evaluation of a shoulder-surfing resistant graphical password scheme , 2006, AVI '06.