Extending emv tokenised payments to offline-environments
D Jayasinghe, K Markantonakis… - 2016 IEEE Trustcom …, 2016 - ieeexplore.ieee.org
2016 IEEE Trustcom/BigDataSE/ISPA, 2016•ieeexplore.ieee.org
Tokenisation has been adopted by the payment industry as a method to prevent Personal
Account Number (PAN) compromise in EMV (Europay MasterCard Visa) transactions. The
current architecture specified in EMV tokenisation requires online connectivity during
transactions. However, it is not always possible to have online connectivity. We identify three
main scenarios where fully offline transaction capability is considered to be beneficial for
both merchants and consumers. Scenarios include making purchases in locations without …
Account Number (PAN) compromise in EMV (Europay MasterCard Visa) transactions. The
current architecture specified in EMV tokenisation requires online connectivity during
transactions. However, it is not always possible to have online connectivity. We identify three
main scenarios where fully offline transaction capability is considered to be beneficial for
both merchants and consumers. Scenarios include making purchases in locations without …
Tokenisation has been adopted by the payment industry as a method to prevent Personal Account Number (PAN) compromise in EMV (Europay MasterCard Visa) transactions. The current architecture specified in EMV tokenisation requires online connectivity during transactions. However, it is not always possible to have online connectivity. We identify three main scenarios where fully offline transaction capability is considered to be beneficial for both merchants and consumers. Scenarios include making purchases in locations without online connectivity, when a reliable connection is not guaranteed, and when it is cheaper to carry out offline transactions due to higher communication/payment processing costs involved in online approvals. In this study, an offline contactless mobile payment protocol based on EMV tokenisation is proposed. The aim of the protocol is to address the challenge of providing secure offline transaction capability when there is no online connectivity on either the mobile or the terminal. The solution also provides end-to-end encryption to provide additional security for transaction data other than the token. The protocol is analysed against protocol objectives and we discuss how the protocol can be extended to prevent token relay attacks. The proposed solution is subjected to mechanical formal analysis using Scyther. Finally, we implement the protocol and obtain performance measurements.
ieeexplore.ieee.org
以上显示的是最相近的搜索结果。 查看全部搜索结果