Contactless Credit Cards Payment Fraud Protection by Ambient Authentication

In recent years, improvements to the computational ability of mobile phones and support for near-field-communication have enabled transactions to be performed by using mobile phones to emulate a credit card or by using quick response codes. Thus, users need not carry credit cards but can simply use...

Full description

Saved in:
Bibliographic Details
Published inSensors (Basel, Switzerland) Vol. 22; no. 5; p. 1989
Main Authors Yang, Ming-Hour, Luo, Jia-Ning, Vijayalakshmi, Murugesan, Shalinie, Selvaraj Mercy
Format Journal Article
LanguageEnglish
Published Switzerland MDPI AG 03.03.2022
MDPI
Subjects
ambient authentication
Authentication
Cell Phone
Cell phones
Cellular telephones
Communication
Computer Security
Credit cards
Fraud
Fraud - prevention & control
Humans
IoT security
Mobile commerce
mobile transaction
mutual authentication
Near fields
NFC
Personal identification numbers
Sensors
smart card
mutual authentication
IoT security
mobile transaction
NFC
smart card
ambient authentication
Online AccessGet full text

Cover

More Information
Summary:In recent years, improvements to the computational ability of mobile phones and support for near-field-communication have enabled transactions to be performed by using mobile phones to emulate a credit card or by using quick response codes. Thus, users need not carry credit cards but can simply use their mobile phones. However, the Europay MasterCard Visa (EMV) protocol is associated with a number of security concerns. In contactless transactions, attackers can make purchases by launching a relay attack from a distance. To protect message transmission and prevent relay attacks, we propose a transaction protocol that is compatible with EMV protocols and that can perform mutual authentication and ambient authentication on near-field-communication-enabled mobile phones. Through mutual authentication, our protocol ensures the legitimacy of transactions and establishes keys for a transaction to protect the subsequent messages, thereby avoiding security problems in EMV protocols, such as man-in-the-middle attacks, skimming, and clone attacks on credit cards. By using ambient factors, our protocol verifies whether both transacting parties are located in the same environment, and it prevents relay attacks in the transaction process.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 23
ISSN:1424-8220
1424-8220
DOI:10.3390/s22051989