Abstract
Near field communication has enabled customers to put their credit cards into a smartphone and use the phone for credit card transaction. But EMV contactless payment allows unauthorized readers to access credit cards. Besides, in offline transaction, a merchant's reader cannot verify whether a card has been revoked. Therefore, we propose an EMV-compatible payment protocol to mitigate the transaction risk. And our modifications to the EMV standard are transparent to merchants and users. We also encrypt the communications between a card and a reader to prevent eavesdropping on sensitive data. The protocol is able to resist impersonation attacks and to avoid the security threats in EMV. In offline transactions, our scheme requires a user to apply for a temporary offline certificate in advance. With the certificate, banks no longer need to lower customer's credits for risk control, and users can have online-equivalent credits in offline transactions.
Highlights
Since credit cards can be embedded with radio frequency identification (RFID) tags, such as MasterCard’s PayPass [1] and Visa’s payWave [2], contactless payment has brought much convenience in shopping
We propose an Europay MasterCard Visa (EMV)-compatible mobile payment protocol, in which our modifications to the original EMV standards are transparent to merchants and users
We propose an EMV-compatible mobile payment protocol for users to perform online and offline transactions with the credit cards stored in their mobile devices
Summary
Since credit cards can be embedded with radio frequency identification (RFID) tags, such as MasterCard’s PayPass [1] and Visa’s payWave [2], contactless payment has brought much convenience in shopping. Nauman et al [7] use the secure boot scheme on MTM to authenticate software’s origin and can detect malware on android systems This technique can be applied to protect users’ sensitive data from malware on an NFC phone and prevents data leakage, for example, users’ credit card information in Google Wallet [8] and in Microsoft’s multiple virtual credit cards, which are remotely created by the trusted platform module virtual smart card (TPMVSC) [9]. Google Wallet [8] runs a credit card transaction protocol PayPass Magstripe [16] on NFC-embedded phones to provide payment services.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
