Cloning Credit Cards: A combined pre-play and downgrade attack on EMV Contactless

Michael Roland, Josef Langer

Publikation: Beitrag in Buch/Bericht/TagungsbandKonferenzbeitragBegutachtung

27 Zitate (Scopus)

Abstract

Recent roll-outs of contactless payment infrastructures -- particularly in Austria and Germany -- have raised concerns about the security of contactless payment cards and Near Field Communication (NFC). There are well-known attack scenarios like relay attacks and skimming of credit card numbers. However, banks and credit card schemes often mitigate these attacks. They explain that attacks are impractical (e.g. in a relay attack an attacker needs to have RF access to a victim's card while performing a payment transaction) or even impossible (e.g. skimmed data does not contain the dynamic authorization codes that are normally required to perform a payment transaction). This paper introduces an attack scenario on EMV contactless payment cards that permits an attacker to create functional clones of a card that contain the necessary credit card data as well as pre-played authorization codes. The card clones can then be used to perform a limited number of EMV Mag-Stripe transactions at any EMV contactless payment terminal.
OriginalspracheEnglisch
TitelProceedings of the 7th USENIX Workshop on Offensive Technologies (WOOT'13)
Herausgeber (Verlag)USENIX
Seitenumfang12
PublikationsstatusVeröffentlicht - 2013
Veranstaltung7th USENIX Workshop on Offensive Technologies (WOOT'13) - Washington, D.C., USA/Vereinigte Staaten
Dauer: 13 Aug. 201313 Aug. 2013
https://www.usenix.org/conference/woot13

Workshop

Workshop7th USENIX Workshop on Offensive Technologies (WOOT'13)
Land/GebietUSA/Vereinigte Staaten
OrtWashington, D.C.
Zeitraum13.08.201313.08.2013
Internetadresse

Fingerprint

Untersuchen Sie die Forschungsthemen von „Cloning Credit Cards: A combined pre-play and downgrade attack on EMV Contactless“. Zusammen bilden sie einen einzigartigen Fingerprint.

Zitieren