{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,22]],"date-time":"2026-02-22T07:31:24Z","timestamp":1771745484081,"version":"3.50.1"},"reference-count":41,"publisher":"MDPI AG","issue":"5","license":[{"start":{"date-parts":[[2022,3,3]],"date-time":"2022-03-03T00:00:00Z","timestamp":1646265600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100004663","name":"Ministry of Science and Technology of Taiwan","doi-asserted-by":"publisher","award":["MOST 110-2218-E-A49 -011 -MBK"],"award-info":[{"award-number":["MOST 110-2218-E-A49 -011 -MBK"]}],"id":[{"id":"10.13039\/501100004663","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004663","name":"Ministry of Science and Technology of Taiwan","doi-asserted-by":"publisher","award":["MOST 110-2218-E-002-045 \u2013"],"award-info":[{"award-number":["MOST 110-2218-E-002-045 \u2013"]}],"id":[{"id":"10.13039\/501100004663","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004663","name":"Ministry of Science and Technology of Taiwan","doi-asserted-by":"publisher","award":["MOST 110-2221-E-033-008 -"],"award-info":[{"award-number":["MOST 110-2221-E-033-008 -"]}],"id":[{"id":"10.13039\/501100004663","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>In recent years, improvements to the computational ability of mobile phones and support for near-field-communication have enabled transactions to be performed by using mobile phones to emulate a credit card or by using quick response codes. Thus, users need not carry credit cards but can simply use their mobile phones. However, the Europay MasterCard Visa (EMV) protocol is associated with a number of security concerns. In contactless transactions, attackers can make purchases by launching a relay attack from a distance. To protect message transmission and prevent relay attacks, we propose a transaction protocol that is compatible with EMV protocols and that can perform mutual authentication and ambient authentication on near-field-communication-enabled mobile phones. Through mutual authentication, our protocol ensures the legitimacy of transactions and establishes keys for a transaction to protect the subsequent messages, thereby avoiding security problems in EMV protocols, such as man-in-the-middle attacks, skimming, and clone attacks on credit cards. By using ambient factors, our protocol verifies whether both transacting parties are located in the same environment, and it prevents relay attacks in the transaction process.<\/jats:p>","DOI":"10.3390\/s22051989","type":"journal-article","created":{"date-parts":[[2022,3,3]],"date-time":"2022-03-03T20:36:30Z","timestamp":1646339790000},"page":"1989","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":14,"title":["Contactless Credit Cards Payment Fraud Protection by Ambient Authentication"],"prefix":"10.3390","volume":"22","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-4773-7352","authenticated-orcid":false,"given":"Ming-Hour","family":"Yang","sequence":"first","affiliation":[{"name":"Department of Information and Computer Engineering, Chung Yuan Christian University, Taoyuan 32023, Taiwan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1395-5810","authenticated-orcid":false,"given":"Jia-Ning","family":"Luo","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Information Engineering, Chung Cheng Institute of Technology, National Defense University, Taoyuan 335009, Taiwan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Murugesan","family":"Vijayalakshmi","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, Thiagarajar College of Engineering, Madurai 625015, India"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Selvaraj Mercy","family":"Shalinie","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, Thiagarajar College of Engineering, Madurai 625015, India"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2022,3,3]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"931","DOI":"10.1016\/j.techfore.2018.09.018","article-title":"Mobile payment is not all the same: The adoption of mobile payment systems depending on the technology applied","volume":"146","year":"2019","journal-title":"Technol. Forecast. Soc. Change"},{"key":"ref_2","first-page":"38","article-title":"Security perspectives for USSD versus SMS in conducting mobile transactions: A case study of Tanzania","volume":"1","author":"Nyamtiga","year":"2013","journal-title":"Intl. J. Tech. Enhanc. Emerg. Eng. Res."},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Kieseberg, P., Leithner, M., Mulazzani, M., Munroe, L., Schrittwieser, S., Sinha, M., and Weippl, E. (2010, January 8\u201310). QR code security. Proceedings of the 8th International Conference on Advances in Mobile Computing and Multimedia (MoMM 2010), Paris, France.","DOI":"10.1145\/1971519.1971593"},{"key":"ref_4","unstructured":"EMVCo (2017). Payment Tokenisation Specification, EMVCo, LLC. Version 2.0 ed."},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Roland, M., Langer, J., and Scharinger, J. (2013, January 5). Applying relay attacks to Google wallet. Proceedings of the 5th International Workshop on Near Field Communication (NFC), Zurich, Switzerland.","DOI":"10.1109\/NFC.2013.6482441"},{"key":"ref_6","unstructured":"Breekel, J.V.D., Ortiz-Yepes, D.A., Poll, E., and Ruiter, J.D. (2016). Emv in a Nutshell, KPMG. Technical Report."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Liu, M., Xin, Y., Yang, Y., and Niu, X. (2007, January 5\u201312). Security Mechanism Research of EMV2000. Proceedings of the 2007 IEEE\/WIC\/ACM International Conferences on Web Intelligence and Intelligent Agent Technology, Silicon Valley, CA, USA.","DOI":"10.1109\/WIIATW.2007.4427595"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Murdoch, S.J., Drimer, S., Anderson, R., and Bond, M. (2010, January 16\u201319). Chip and pin is broken. Proceedings of the 2010 IEEE Symposium on Security and Privacy, Oakland, CA, USA.","DOI":"10.1109\/SP.2010.33"},{"key":"ref_9","unstructured":"Haselsteiner, E., and Breitfu\u00df, K. (2006, January 12\u201314). Security in Near Field Communication (NFC) Strengths and Weaknesses. Proceedings of the 2006 Workshop on RFID Security, Graz, Austria."},{"key":"ref_10","unstructured":"Hancke, G.P. (2010, January 7\u20139). Practical eavesdropping and skimming attacks on high-frequency RFID tokens. Proceedings of the 2010 Workshop on RFID Security, Istanbul, Turkey."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Heydt-Benjamin, T.S., Bailey, D.V., Fu, K., Juels, A., and O\u2019Hare, T. (2007, January 12\u201315). Vulnerabilities in first-generation RFID-enabled credit cards. Proceedings of the 11th International Conference on Financial Cryptography and Data Security, Lowlands, Scarborough, Trinidad and Tobago.","DOI":"10.1007\/978-3-540-77366-5_2"},{"key":"ref_12","unstructured":"Ruiter, J.D., and Poll, E. (April, January 31). Formal Analysis of the EMV Protocol Suite. Proceedings of the 2011 Theory of Security and Applications Conference, Saarbr\u00fccken, Germany."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"56","DOI":"10.1109\/MSP.2015.24","article-title":"Be prepared: The EMV preplay attack","volume":"13","author":"Bond","year":"2015","journal-title":"IEEE Secur. Priv."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Bond, M., Choudary, O., Murdoch, S.J., Skorobogatov, S., and Anderson, R. (2014, January 18\u201321). Chip and Skim: Cloning EMV Cards with the Pre-play Attack. Proceedings of the 2014 IEEE Symposium on Security and Privacy, San Jose, CA, USA.","DOI":"10.1109\/SP.2014.11"},{"key":"ref_15","unstructured":"Roland, M., and Langer, J. (2013, January 13). Cloning credit cards: A combined pre-play and downgrade attack on EMV Contactless. Proceedings of the 7th USENIX Workshop on Offensive Technologies (WOOT\u201913), Washington, DC, USA."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1155\/2014\/425853","article-title":"Security enhanced EMV-based mobile payment protocol","volume":"2014","author":"Yang","year":"2014","journal-title":"Sci. World J."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Tso, R.L. (2018). Untraceable and anonymous mobile payment scheme based on near field communication. Symmetry, 10.","DOI":"10.3390\/sym10120685"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Cremers, C., Rasmussen, K.B., Schmidt, B., and Capkun, S. (2012, January 20\u201323). Distance hijacking attacks on distance bounding protocols. Proceedings of the 2012 IEEE Symposium on Security and Privacy, San Francisco, CA, USA.","DOI":"10.1109\/SP.2012.17"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Helleseth, T. (1994). Distance-Bounding Protocols. Advances in Cryptology\u2014EUROCRYPT\u201993, Springer.","DOI":"10.1007\/3-540-48285-7"},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"370","DOI":"10.1109\/JSAC.2005.861394","article-title":"Wormhole attacks in wireless networks","volume":"24","author":"Hu","year":"2006","journal-title":"IEEE J. Sel. Areas Commun."},{"key":"ref_21","unstructured":"Desmedt, Y. (1988). Major security problems with the \u2018unforgeable\u2019(feige)-fiat-shamir proofs of identity and how to overcome them. SecuriCom\u201988, SEDEP."},{"key":"ref_22","first-page":"21","article-title":"Special uses and abuses of the fiat-shamir passport protocol","volume":"Volume 239","author":"Desmedt","year":"1987","journal-title":"Proceedings of the Advances in Cryptology\u2014CRYPTO\u201987, A Conference on the Theory and Applications of Cryptographic Techniques, Santa Barbara, CA, USA, 16\u201320 August 1987"},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"615","DOI":"10.1016\/j.cose.2009.06.001","article-title":"Confidence in smart token proximity: Relay attacks revisited","volume":"28","author":"Hancke","year":"2009","journal-title":"Comput. Secur."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Hancke, G.P. (2006, January 21\u201324). Practical attacks on proximity identification systems. Proceedings of the IEEE Symposium on Security and Privacy (SP\u201906), Berkeley, CA, USA.","DOI":"10.1109\/SP.2006.30"},{"key":"ref_25","unstructured":"Kfir, Z., and Wool, A. (2005, January 5\u20139). Picking virtual pockets using relay attacks on contactless smartcard. Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM\u201905), Athens, Greece."},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Madlmayr, G. (2008, January 4\u20137). NFC devices: Security & privacy. Proceedings of the Third International Conference on Availability, Reliability and Security, Barcelona, Spain.","DOI":"10.1109\/ARES.2008.105"},{"key":"ref_27","unstructured":"Breekel, J.V.D. (2015). Relaying EMV contactless transactions using off-the-shelf android devices. BlackHat Asia, 2015."},{"key":"ref_28","unstructured":"Francis, L., Hancke, G.P., Mayes, K.E., and Markantonakis, K. (2020, September 28). Practical Relay Attack on Contactless Transactions by Using NFC Mobile Phones. Cryptology ePrint Archive: Report 2011\/618. Available online: http:\/\/eprint.iacr.org\/2011\/618."},{"key":"ref_29","first-page":"35","article-title":"Practical NFC Peer-to-Peer relay attack using mobile phones","volume":"Volume 6370\/2010","author":"Francis","year":"2010","journal-title":"Radio Frequency Identification: Security and Privacy Issues"},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Verdult, R., and Kooman, F. (2011, January 22). Practical attacks on NFC enabled cell phones. Proceedings of the Third International Workshop on Near Field Communication (NFC 2011), Hagenberg, Austria.","DOI":"10.1109\/NFC.2011.16"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Radu, A.-I., Chothia, T., Newton, C.J., Boureanu, I., and Chen, L. (2022, January 22\u201326). Practical EMV Relay. Proceedings of the Protection 43rd IEEE Symposium on Security and Privacy, San Francisco, CA, USA.","DOI":"10.1109\/SP46214.2022.9833642"},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Chothia, T., Garcia, F.D., Ruiter, J.D., Breekel, J.V.D., and Thompson, M. (2015, January 26\u201330). Relay cost bounding for contactless EMV payments. Proceedings of the Financial Cryptography and Data Security\u201419th International Conference FC 2015, San Juan, Puerto Rico.","DOI":"10.1007\/978-3-662-47854-7_11"},{"key":"ref_33","unstructured":"EMVCo (2018). Book C-2: Kernel 2 Specification, EMVCo, LLC. Version 2.7 ed."},{"key":"ref_34","unstructured":"EMVCo (2011). Contact Specification Books, EMVCo, LLC. Version 4.3 ed."},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Halevi, T., Ma, D., Saxena, N., and Xiang, T. (2012, January 10\u201312). Secure proximity detection for NFC devices based on ambient sensor data. Proceedings of the 17th European Symposium on Research in Computer Security, Pisa, Italy.","DOI":"10.1007\/978-3-642-33167-1_22"},{"key":"ref_36","unstructured":"Varshavsky, A., Scannell, A., LaMarca, A., and Lara, E.D. (2008, January 21\u201324). Amigo: Proximity-based authentication of mobile devices. Proceedings of the 10th International Conference on Ubiquitous Computing (UbiComp 2008), Seoul, Korea."},{"key":"ref_37","doi-asserted-by":"crossref","first-page":"57","DOI":"10.1109\/TDSC.2012.89","article-title":"Location-aware and safer cards: Enhancing RFID security and privacy via location sensing","volume":"10","author":"Ma","year":"2013","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Truong, H.T.T., Gao, X., Shrestha, B., Saxena, N., Asokan, N., and Nurmi, P. (2014, January 24\u201328). Comparing and fusing different sensor modalities for relay attack resistance in zero-interaction authentication. Proceedings of the IEEE International Conference on Pervasive Computing and Communications (PerCom), Pisa, Italy.","DOI":"10.1109\/PerCom.2014.6813957"},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Mehrnezhad, M., Hao, F., and Shahandashti, S.F. (2015). Tap-tap and pay (TTP): Preventing the Mafia attack in NFC payment. International Conference on Research in Security Standardisation, Springer.","DOI":"10.1007\/978-3-319-27152-1_2"},{"key":"ref_40","doi-asserted-by":"crossref","first-page":"6562","DOI":"10.3934\/mbe.2019327","article-title":"Ambient audio authentication","volume":"16","author":"Luo","year":"2019","journal-title":"Math. Biosci. Eng."},{"key":"ref_41","doi-asserted-by":"crossref","unstructured":"Gong, R., Needham, M., and Yahalom, R. (1990, January 7\u20139). Reasoning about Belief in Cryptographic Protocols. Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, CA, USA.","DOI":"10.1109\/RISP.1990.63854"}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/22\/5\/1989\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T22:31:28Z","timestamp":1760135488000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/22\/5\/1989"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,3,3]]},"references-count":41,"journal-issue":{"issue":"5","published-online":{"date-parts":[[2022,3]]}},"alternative-id":["s22051989"],"URL":"https:\/\/doi.org\/10.3390\/s22051989","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,3,3]]}}}