Contactless payment cards: research highlights

advertisement
Contactless payment cards: research highlights security
concerns
Warnings about the use of contactless payment cards and Near Field
Communication (NFC) capable devices are raised in a study published today by the
Institution of Engineering & Technology’s (IET) The Journal of Engineering.
A team of researchers from the University of Surrey successfully received a
contactless transmission from distances of 45-80cm using inconspicuous equipment,
highlighting security concerns to personal data.
NFC technology is in use on more recent mobile phones and on contactless
debit/credit cards issued by UK banks.
The team used portable, inexpensive and easily concealable equipment including a
pocket-sized cylindrical antenna, a backpack, and a shopping trolley, none of which
would raise suspicion if used in a supermarket queue or in a crowded place.
Using this equipment, the team showed how reliably eavesdropping could be carried
out at various distances, with good reception possible even at 45cm when the
minimum magnetic field strength required by the standard is in use.
The implications for consumers are significant. “The results we found have an impact
on how much we can rely on physical proximity as a 'security feature' of NFC
devices", said lead academic supervisor, Dr Johann Briffa. "Designers of applications
using NFC need to consider privacy because the intended short range of the channel
is no defence against a determined eavesdropper.”
Eleanor Gendle, IET Managing Editor at The Journal of Engineering, said: “With
banks routinely issuing contactless payment cards to customers, there is a need to
raise awareness of the potential security threats. It will be interesting to see further
research in this area and ascertain the implications for users of contactless
technology with regards to theft, fraud and liability.”
According to Paul Krause, Professor of Software Engineering at the University of
Surrey, “Open access is vitally important in order to ensure that the results of publicly
funded research are made available to all. It is particularly important for the
stimulation of innovation in engineering where new enterprises may not have the
financial resources to pay for a range of journal subscriptions. The IET has taken a
very significant initiative in establishing a high quality open access journal that covers
all aspects of engineering in one resource.”
Ends
About the Authors
Thomas P. Diakos is a PhD student in the Department of Computing, University of
Surrey, UK. His supervisory team is made up of Dr Johann A. Briffa and Dr Stephan
Wesemeyer from the Department of Computing, and Dr Tim W. C. Brown from the
Centre for Communication Systems Research.
The research was funded by the EPSRC and Consult Hyperion.
About The Journal of Engineering (www.thejournalofengineering.org)
Launched by the IET in April 2013, The Journal of Engineering (JoE) is a broad,
online-only, open access journal, making essential engineering intelligence freely
available to the worldwide engineering community online. JoE publishes scientifically
sound research with rigorous peer-review and fast turnaround in emerging or crossdisciplinary areas including Electrical and Electronic engineering, Mechanical
engineering, Energy engineering, Civil engineering, Micro- and Nanotechnology,
Computing and Software, Biomedical engineering and Materials engineering.
About the IET (www.theiet.org)
Interview opportunities are available with IET spokespeople from a broad range of
engineering and technology disciplines including cyber-security, energy, engineering
skills, innovation, manufacturing, technology, transport and women in engineering.
The IET is one of the world’s largest organisations for engineers and technicians. It
has 153,000 members in 127 countries and is leading the development of a global
engineering and technology community to share and advance knowledge to enhance
people’s lives.
The IET is the Professional Home for Life® for engineers and technicians, and a
trusted source of engineering intelligence and thought leadership.
The IET’s portfolio of research and letters journals and monographs (print and eBook) are available online through the IET Digital Library together with conference
proceedings, seminar digests and magazines. The IET Inspec database contains
over 13 million abstract and indexing references to journal articles, conference
proceedings and technical reports in the fields of science and technology, and IET.tv
provides access to the world's largest specialised online archive of engineering and
technology content.
About Open Access
Open access publishing enables peer reviewed, accepted journal articles to be made
freely available online to anyone with access to the internet. Open access publishing
with the IET is funded through author publication charges. This model differs from the
subscription based publishing model, whereby readers (or more commonly, readers'
institutions) pay for access to journal articles.
Media enquiries
Robert Beahan, External Communications Manager
T: +44 (0)1438 767336
M: +44 (0)7595 400912
E: rbeahan@theiet.org
Download