Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

SoK: Attacks on Modern Card Payments

Xenia Hofmeier, David Basin, Ralf Sasse, Jorge Toro-Pozo

TL;DR

This work provides a comprehensive framework encompassing EMV's desired security properties and adversary models and identifies and categorizes a comprehensive collection of protocol flaws and shows how different subsets thereof can be combined into attacks.

Abstract

EMV is the global standard for smart card payments and its NFC-based version, EMV contactless, is widely used, also for mobile payments. In this systematization of knowledge, we examine attacks on the EMV contactless protocol. We provide a comprehensive framework encompassing its desired security properties and adversary models. We also identify and categorize a comprehensive collection of protocol flaws and show how different subsets thereof can be combined into attacks. In addition to this systematization, we examine the underlying reasons for the many attacks against EMV and point to a better way forward.

SoK: Attacks on Modern Card Payments

TL;DR

This work provides a comprehensive framework encompassing EMV's desired security properties and adversary models and identifies and categorizes a comprehensive collection of protocol flaws and shows how different subsets thereof can be combined into attacks.

Abstract

EMV is the global standard for smart card payments and its NFC-based version, EMV contactless, is widely used, also for mobile payments. In this systematization of knowledge, we examine attacks on the EMV contactless protocol. We provide a comprehensive framework encompassing its desired security properties and adversary models. We also identify and categorize a comprehensive collection of protocol flaws and show how different subsets thereof can be combined into attacks. In addition to this systematization, we examine the underlying reasons for the many attacks against EMV and point to a better way forward.