© 2020, Institut Mines-Télécom and Springer Nature Switzerland AG. EMV is the protocol implemented to secure the communication, between a client’s payment device and a merchant’s payment device, during a contact or an NFC purchase transaction. It represents a set of security messages and rules, exchanged between the different transaction actors, guaranteeing several important security properties, such as authentication, non-repudiation and integrity. Indeed, researchers, in various studies, have analyzed the operation of this protocol in order to verify its safety: unfortunately, they have identified two security vulnerabilities that lead to multiple attacks and dangerous risks threatening both clients and merchants. In this paper, we are firstly interested in presenting a general overview of the EMV protocol and secondly, in proposing a new security solution that enhances the EMV protocol by solving the two dangerous EMV vulnerabilities. We verify the accuracy of our solution by using the Scyther security verification tool.
- Authentication,
- Bank,
- Card,
- Confidentiality,
- EMV,
- NFC,
- Security,
- Vulnerabilities
Available at: http://works.bepress.com/mohamad-badra/21/