Abstract
This paper introduces a new cardholder verification method using a multi possession-factor authentication with a distance bounding technique. It adds an extra level of security to the verification process and utilizes the idea of distance bounding which prevents many different security attacks. The proposed method gives the user the flexibility to add one or more extra devices and select the appropriate security level. This paper argues that the proposed method mitigates or removes many popular security attacks that are claimed to be effective in current card based payment systems, and it can help to reduce fraud on payment cards. Furthermore, the proposed method provides an alternative verification technique and enables cardholders with special needs to use the payment cards and make the payment system more accessible.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Atkins, S.: Visa Europe claims growth of 46% in contactless payments in last three months, http://contactlessintelligence.com/2013/05/21/visa-europe-claims-growth-of-46-in-contactless-payments-in-last-three-months-alone/ (accessed December 02, 2013)
Bond, M., Choudary, O., Murdoch, S.J., Skorobogatov, S., Anderson, R.: Chip and skim: cloning emv cards with the pre-play attack. arXiv preprint arXiv:1209.2531 (2012)
Bonneau, J., Preibusch, S., Anderson, R.: A birthday present every eleven wallets? the security of customer-chosen banking pins. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 25–40. Springer, Heidelberg (2012)
Breebaart, J., Buhan, I., de Groot, K., Kelkboom, E.: Evaluation of a template protection approach to integrate fingerprint biometrics in a pin-based payment infrastructure. Electronic Commerce Research and Applications 10(6), 605–614 (2011)
Ceipidor, U.B., Medaglia, C.M., Marino, A., Sposato, S., Moroni, A.: Kernees: A protocol for mutual authentication between nfc phones and pos terminals for secure payment transactions. In: 9th International ISC Conference on Information Security and Cryptology (ISCISC), pp. 115–120. IEEE (2012)
De Souza Faria, G., Kim, H.Y.: Identification of pressed keys from mechanical vibrations. IEEE Transactions on Information Forensics and Security 8(7), 1221–1229 (2013)
Emms, M., Arief, B., Defty, T., Hannon, J., Hao, F., van Moorsel, A.: The Dangers of Verify PIN on Contactless Cards. Computing Science. Newcastle University (2012)
Emms, M., van Moorsel, A.: Practical attack on contactless payment cards. In: HCI 2011 Health, Wealth and Identity Theft (2011)
EMV: Book A: Architecture and General Requirements. EMVCo (2013)
EMV: Book B: Entry Point. EMVCo (2013)
EMV: Book D: Contactless Communication Protocol. EMVCo (2013)
Hancke, G.P., Kuhn, M.G.: An rfid distance bounding protocol. In: First International Conference on Security and Privacy for Emerging Areas in Communications Networks, SecureComm 2005, pp. 67–73. IEEE (2005)
Henniger, O., Nikolov, D.: Extending emv payment smart cards with biometric on-card verification. In: Fischer-Hübner, S., de Leeuw, E., Mitchell, C. (eds.) IDMAN 2013. IFIP AICT, vol. 396, pp. 121–130. Springer, Heidelberg (2013)
Ion, I., Dragovic, B.: Dont trust pos terminals! verify in-shop payments with your phone. In: Proceedings of SMPU, vol. 8 (2010)
Joshi, G.P., Kim, S.W., et al.: Survey, nomenclature and comparison of reader anti-collision protocols in rfid. IETE Technical Review 25(5), 285 (2008)
King, D.: Chip-and-pin: Success and challenges in reducing fraud (2012)
Mathis, R.: Report: Contactless card payments current and forecast analysis to 2017, http://secureidnews.com/news-item/report-contactless-card-payments-current-and-forecast-analysis-to-2017/ (accessed December 01, 2013)
Mowery, K., Meiklejohn, S., Savage, S.: Heat of the moment: Characterizing the efficacy of thermal camera-based attacks. In: Proceedings of the 5th USENIX Conference on Offensive Technologies, p. 6. USENIX Association, Berkeley (2011)
Nakajima, M.: Payment system technologies and function innovations and developments. IGI Globale, Hershey (2011)
Ogundele, O., Zavarsky, P., Ruhl, R., Lindskog, D.: Fraud reduction on emv payment cards by the implementation of stringent security features, pp. 252–262 (2012)
Ogundele, O., Zavarsky, P., Ruhl, R., Lindskog, D.: The implementation of a full emv smartcard for a point-of-sale transaction. In: 2012 World Congress on Internet Security (WorldCIS), pp. 28–35. IEEE (2012)
S. Patrick, A., Yung, M. (eds.): FC 2005. LNCS, vol. 3570. Springer, Heidelberg (2005)
PCI: Payment Card Industry (PCI) Data Security Standard https://www.pcisecuritystandards.org/ (accessed December 21, 2013)
Sifatullah Bhuiyan, M.: Securing Mobile Payment Protocol based on EMV Standard. Master’s thesis, KTH (2012)
Wiedenbeck, S., Waters, J., Sobrado, L., Birget, J.C.: Design and evaluation of a shoulder-surfing resistant graphical password scheme. In: Proceedings of the Working Conference on Advanced Visual Interfaces, pp. 177–184. ACM (2006)
Zalewski, M.: Cracking safes with thermal imaging, http://lcamtuf.coredump.cx/tsafe/ (accessed December 25, 2013)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Alhothaily, A., Alrawais, A., Cheng, X., Bie, R. (2014). Towards More Secure Cardholder Verification in Payment Systems. In: Cai, Z., Wang, C., Cheng, S., Wang, H., Gao, H. (eds) Wireless Algorithms, Systems, and Applications. WASA 2014. Lecture Notes in Computer Science, vol 8491. Springer, Cham. https://doi.org/10.1007/978-3-319-07782-6_33
Download citation
DOI: https://doi.org/10.1007/978-3-319-07782-6_33
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-07781-9
Online ISBN: 978-3-319-07782-6
eBook Packages: Computer ScienceComputer Science (R0)