- Overview
- Workshop Organizers
- Registration Information
- Registration Discounts
- At a Glance
- Calendar
- Workshop Program
- Birds-of-a-Feather Sessions
- Purchase the Box Set
- Co-located Workshops
- Sponsorship
- Activities
- Hotel and Travel Information
- Students
- Questions
- Help Promote!
- For Participants
- Call for Papers
- Past Workshops
sponsors
usenix conference policies
You are here
Cloning Credit Cards: A Combined Pre-play and Downgrade Attack on EMV Contactless
Website Maintenance Alert
Due to scheduled maintenance on Wednesday, October 16, from 10:30 am to 4:30 pm Pacific Daylight Time (UTC -7), parts of the USENIX website (e.g., conference registration, user account changes) may not be available. We apologize for the inconvenience.
If you are trying to register for LISA19, please complete your registration before or after this time period.
Michael Roland and Josef Langer, NFC Research Lab Hagenberg, University of Applied Sciences Upper Austria
Recent roll-outs of contactless payment infrastructures—particularly in Austria and Germany&mdsash;have raised concerns about the security of contactless payment cards and Near Field Communication (NFC). There are well-known attack scenarios like relay attacks and skimming of credit card numbers. However, banks and credit card schemes often mitigate these attacks. They explain that attacks are impractical (e.g. in a relay attack an attacker needs to have RF access to a victim’s card while performing a payment transaction) or even impossible (e.g. skimmed data does not contain the dynamic authorization codes that are normally required to perform a payment transaction). This paper introduces an attack scenario on EMV contactless payment cards that permits an attacker to create functional clones of a card that contain the necessary credit card data as well as pre-played authorization codes. The card clones can then be used to perform a limited number of EMV Mag-Stripe transactions at any EMV contactless payment terminal.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Michael Roland and Josef Langer},
title = {Cloning Credit Cards: A Combined Pre-play and Downgrade Attack on {EMV} Contactless},
booktitle = {Presented as part of the 7th {USENIX} Workshop on Offensive Technologies},
year = {2013},
address = {Washington, D.C.},
url = {https://www.usenix.org/conference/woot13/workshop-program/presentation/Roland},
publisher = {{USENIX}},
}
connect with us