@inproceedings{6b0e0ea5c82b4e22a25ba5efa7130a65,
title = "Risks of offline verify PIN on contactless cards",
abstract = "Contactless card payments are being introduced around the world allowing customers to use a card to pay for small purchases by simply placing the card onto the Point of Sale terminal. Contactless transactions do not require verification of the cardholder's PIN. However our research has found the redundant verify PIN functionality is present on the most commonly issued contactless credit and debit cards currently in circulation in the UK. This paper presents a plausible attack scenario which exploits contactless verify PIN to give unlimited attempts to guess the cardholder's PIN without their knowledge. It also gives experimental data to demonstrate the practical viability of the attack as well as references to support our argument that contactless verify PIN is redundant functionality which compromises the security of payment cards and the cardholder.",
keywords = "Card Payment, Chip \& PIN, Contactless Payments, Credit Card, Debit Card, EMV, NFC, Verify PIN",
author = "Martin Emms and Budi Arief and Nicholas Little and \{Van Moorsel\}, Aad",
year = "2013",
doi = "10.1007/978-3-642-39884-1\_26",
language = "English",
isbn = "9783642398834",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "313--321",
booktitle = "Financial Cryptography and Data Security - 17th International Conference, FC 2013, Revised Selected Papers",
note = "17th International Conference on Financial Cryptography and Data Security, FC 2013 ; Conference date: 01-04-2013 Through 05-04-2013",
}