Abstract

ABSTRACT This paper focuses on the EMV contactless payment cards and their vulnerability of leaking sensitive information such as the cardholder name, Primary Account Number (PAN), and the expiry date of the EMV card. Such data can be sniffed using off-the-shelf hardware or software without the knowledge of the genuine cardholder. The paper proposes a tokenization technique to replace the PAN of the actual EMV contactless card’s with a token to protect the genuine data from being sniffed by an attacker and used in the Card-No-Present (CNP) attack or any other attacks. The proposal was inspired by the implementation of the tokenization in the EMV Mobile payment such as Apple, Google, and Samsung mobile payments. We argue that the proposed tokenization technique is easy to adopt and cost-effective to implement by EMV protocol as it does not require any changes to the infrastructure of existing payment systems. A vital feature of the proposal is that all the changes in the EMV protocol are at the personalization phase of the EMV card. The paper presents a successful implementation of the tokenization approach using a Java contactless card framework to represent EMV contactless cards to demonstrate its effectiveness in improving the security and protecting the privacy of the card’s information.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.