{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,28]],"date-time":"2025-03-28T06:15:11Z","timestamp":1743142511623,"version":"3.40.3"},"publisher-location":"New York, NY","reference-count":32,"publisher":"Springer New York","isbn-type":[{"type":"print","value":"9781461479147"},{"type":"electronic","value":"9781461479154"}],"license":[{"start":{"date-parts":[[2013,9,13]],"date-time":"2013-09-13T00:00:00Z","timestamp":1379030400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2013,9,13]],"date-time":"2013-09-13T00:00:00Z","timestamp":1379030400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014]]},"DOI":"10.1007\/978-1-4614-7915-4_13","type":"book-chapter","created":{"date-parts":[[2013,9,12]],"date-time":"2013-09-12T08:10:18Z","timestamp":1378973418000},"page":"311-333","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Analysis of Potential Vulnerabilities in Payment Terminals"],"prefix":"10.1007","author":[{"given":"Konstantinos","family":"Rantos","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Konstantinos","family":"Markantonakis","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2013,9,13]]},"reference":[{"key":"13_CR1","unstructured":"Aite Group: Card Fraud in the United States: The Case for Encryption. January 2010. Available: http:\/\/www.aitegroup.com"},{"key":"13_CR2","unstructured":"ENISA, ATM crime: Overview of the European situation and golden rules on how to avoid it. August 2009. Available: www.enisa.europa.eu"},{"key":"13_CR3","unstructured":"EMVCo. A Guide to EMV. Version 1.0. May 2011. http:\/\/www.emvco.com"},{"key":"13_CR4","unstructured":"PCI, SSC Wireless Special Interest Group Implementation Team - Information Supplement: PCI DSS Wireless Guideline. Available: https:\/\/www.pcisecuritystandards.org\/pdfs\/PCI_DSS_Wireless_Guidelines.pdf"},{"key":"13_CR5","unstructured":"Payment card Industry (PCI) Data Security Standard: Requirements and Security Assessment Procedures. Version 2.0. October 2010. Available: https:\/\/www.pcisecuritystandards.org"},{"key":"13_CR6","unstructured":"PCI, SSC: PCI Data Storage Do\u2019s and Dont\u2019s. Available: https:\/\/www.pcisecuritystandards.org\/pdfs\/pci_fs_data_storage.pdf"},{"key":"13_CR7","unstructured":"PCI Encrypting PIN Pad (EPP) - Security Requirements, v2.1. January 2009. Available: https:\/\/www.pcisecuritystandards.org\/documents\/epp_security_requirements.pdf"},{"key":"13_CR8","unstructured":"Payment Card Industry (PCI) Point-to-Point Encryption. September 2011, Available: https:\/\/www.pcisecuritystandards.org"},{"key":"13_CR9","doi-asserted-by":"crossref","unstructured":"Murdoch, S. J., Drimer, S., Anderson, R., and Bond, M.: Chip and PIN is Broken. IEEE Symposium on Security and Privacy (2010) pp 433\u2013444.","DOI":"10.1109\/SP.2010.33"},{"key":"13_CR10","unstructured":"Anderson, R., Bond, M., and Murdoch, S. J.: Chip and SPIN. Computer Security Journal v 22 no 2 (2006) pp 1\u20136."},{"key":"13_CR11","doi-asserted-by":"crossref","unstructured":"Desmedt, Y., Goutier, C., and Bengio, S. Special uses and abuses of the Fiat-Shamir passport protocol. In Advances in Cryptology CRYPTO 87: Proceedings (1987), vol. 293 of LNCS, Springer, p. 21.","DOI":"10.1007\/3-540-48184-2_3"},{"key":"13_CR12","unstructured":"Murdoch, S.J., EMV flaws and fixes: vulnerabilities in smart card payment systems. Available: http:\/\/www.cl.cam.ac.uk\/sjm217\/talks\/leuven07emv.pdf"},{"key":"13_CR13","unstructured":"Everett D. Chip and PIN Security. Available: http:\/\/www.smartcard.co.uk\/Chip and PIN Security.pdf"},{"key":"13_CR14","unstructured":"EMV Iintegrated Circuit Card Specifications for Payment Systems - Book 2: Security and Key Management. Available: https:\/\/www.emvco.com"},{"key":"13_CR15","unstructured":"EMV Iintegrated Circuit Card Specifications for Payment Systems - Book 3: Application Specification. Available: https:\/\/www.emvco.com"},{"key":"13_CR16","unstructured":"Murdoch, S. J., Drimer, S., Anderson, R., and Bond, M.: EMV PIN verification \"wedge\" vulnerability, February 2010. Available: http:\/\/www.cl.cam.ac.uk\/research\/security\/banking\/nopin\/"},{"key":"13_CR17","unstructured":"Drimer, S., and Murdoch, S. J.: Keep your enemies close: Distance bounding against smartcard relay attacks. In USENIX Security Symposium, August 2007. Available: http:\/\/www.usenix.org\/events\/sec07\/tech\/drimer\/drimer.pdf"},{"key":"13_CR18","doi-asserted-by":"crossref","unstructured":"Centenaro, M., Focardi, R., Luccio, F., Steel, G.: Type-based analysis of PIN processing APIs. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 5368. Springer, Heidelberg (2009).","DOI":"10.1007\/978-3-642-04444-1_4"},{"key":"13_CR19","unstructured":"The UKCARDS Association: Security guidance for card acceptance devices - Deployed in the face-to-face environment."},{"key":"13_CR20","unstructured":"EMV Integrated Circuit Card Specifications for Payment Systems: Book 4 - Cardholder, Attendant, and Acquirer Interface Requirements, June 2008. Available: www.emvco.com."},{"key":"13_CR21","unstructured":"Johnston, R. G., Garcia, A. R., and Pacheco, A. N.: Efficacy of tamper-indicating devices. Journal of Homeland Security (April 2002)."},{"key":"13_CR22","unstructured":"Mowery, K., Meiklejohn, S., Savage, S.: Heat of the Moment: Characterizing the Efficacy of Thermal Camera-Based Attacks. In 5th USENIX Workshop on Offensive Technologies, August 2011. Available: http:\/\/www.usenix.org\/events\/woot11\/tech\/final_files\/Mowery.pdf"},{"key":"13_CR23","unstructured":"Financial Fraud Action UK: Fraud - The Facts 2012. Available: http:\/\/www.financialfraudaction.org.uk"},{"key":"13_CR24","unstructured":"SPVA Lifecycle of a Secure Payment Device: Post Manufacturing Stage, June 2011, Available: www.spva.org."},{"key":"13_CR25","unstructured":"Mastercard, Understanding Terminal Manipulation at the Point of Sale. Available: http:\/\/www.mastercard.com\/us\/company\/en\/docs\/Terminal_Manipulation_At_POS.pdf"},{"key":"13_CR26","unstructured":"Visa Best Practices for Primary Account Number Storage and Truncation. Available: http:\/\/usa.visa.com\/download\/merchants\/PAN_truncation_best_practices.pdf"},{"key":"13_CR27","unstructured":"European Association of Payment Service Providers for Merchants. Point-to-Point Encryption and Terminal Requirements in Europe. May 2011. Available: http:\/\/www.epsm.eu"},{"key":"13_CR28","unstructured":"VISA, Guide to Data Field Encryption. Available: http:\/\/www.visacemea.com\/ac\/ais\/uploads\/AIS_Guide_0610_Data_Field_Encryption.pdf"},{"key":"13_CR29","unstructured":"Mastercard Worldwide, An Analysis of End-to-end Encryption as a Viable Solution for Securing Payment Card Data. Available: http:\/\/www.mastercardacquirernews.com\/pdfs\/encryptionAnalysis.PDF"},{"key":"13_CR30","unstructured":"Visa Best Practices for Tokenization Version 1.0. Available: http:\/\/usa.visa.com\/download\/merchants\/tokenization_best_practices.pdf"},{"key":"13_CR31","unstructured":"CISP Bulletin, Top three POS system vulnerabilities identified to promote data security awareness. November 2006. Available: http:\/\/usa.visa.com\/download\/merchants\/top_three_pos_system_vulnerabilities_112106.pdf"},{"key":"13_CR32","unstructured":"Bond, M., Cvrcek, D., and Murdoch S.J.: Unwrapping the Chrysalis, In: Technical report, No. 592, 2004, Cambridge, GB, p. 15, ISSN 1476\u20132986."}],"container-title":["Secure Smart Embedded Devices, Platforms and Applications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-1-4614-7915-4_13","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,1,24]],"date-time":"2023-01-24T02:34:34Z","timestamp":1674527674000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-1-4614-7915-4_13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013,9,13]]},"ISBN":["9781461479147","9781461479154"],"references-count":32,"URL":"https:\/\/doi.org\/10.1007\/978-1-4614-7915-4_13","relation":{},"subject":[],"published":{"date-parts":[[2013,9,13]]},"assertion":[{"value":"13 September 2013","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}