Extending EMV Tokenised Payments To Offline-Environments

Danushka Jayasinghe, Konstantinos Markantonakis, Iakovos Gurulian, Raja Akram, Keith Mayes

Research output: Chapter in Book/Report/Conference proceedingConference contribution

680 Downloads (Pure)

Abstract

Tokenisation has been adopted by the payment industry as a method to prevent Personal Account Number (PAN) compromise in EMV (Europay MasterCard Visa) transactions. The current architecture specified in EMV tokenisation requires online connectivity during transactions. However, it is not always possible to have online connectivity. We identify three main scenarios where fully offline transaction capability is considered to be beneficial for both merchants and consumers. Scenarios include making purchases in locations without online connectivity; when a reliable connection is not guaranteed; and when it is cheaper to carry out offline transactions due to higher communication/payment processing costs involved in online approvals. In this study, an offline contactless mobile payment protocol based on EMV tokenisation is proposed. The aim of the protocol is to address the challenge of providing secure offline transaction capability when there is no online connectivity on either the mobile or the terminal. The solution also provides end-to-end encryption to provide additional security for transaction data other than the token. The protocol is analysed against protocol objectives and we discuss how the protocol can be extended to prevent token relay attacks. The proposed solution is subjected to mechanical formal analysis using Scyther. Finally, we implement the protocol and obtain performance measurements.
Original languageEnglish
Title of host publicationThe 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-16)
PublisherIEEE Computer Society
Pages1-8
Number of pages8
ISBN (Electronic)978-1-5090-3205-1
ISBN (Print)978-1-5090-3206-8
DOIs
Publication statusPublished - 9 Feb 2017

Keywords

  • EMV Contactless
  • Mobile Payments
  • Tokenisation
  • Ambient Sensor Data
  • Security
  • Cryptography
  • Offline Transaction Tokens

Cite this