{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,20]],"date-time":"2026-03-20T21:27:41Z","timestamp":1774042061705,"version":"3.50.1"},"reference-count":112,"publisher":"IGI Global","issue":"4","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020,10]]},"abstract":"<jats:p>In recent years, contactless transactions have risen rapidly. It includes NFC, MST, contactless cards, and many other payment methods. These payment methods have certain security issues, and attackers are in a regular search for the exploits to break its security. These security issues require proper analysis to secure user data from attackers. This article will discuss the contactless smart cards and payment systems in detail including the techniques used for securing user data and different possible attacks on the technology used for communication. The article also presents some countermeasures to prevent the attack and issues with those countermeasures. In addition, the article includes some future research issues and suggestions to overcome the security issues in contactless payment system.<\/jats:p>","DOI":"10.4018\/jgim.2020100108","type":"journal-article","created":{"date-parts":[[2020,9,23]],"date-time":"2020-09-23T12:50:19Z","timestamp":1600865419000},"page":"135-159","source":"Crossref","is-referenced-by-count":30,"title":["A Survey on Contactless Smart Cards and Payment System"],"prefix":"10.4018","volume":"28","author":[{"given":"Brij B.","family":"Gupta","sequence":"first","affiliation":[{"name":"Department of Computer Engineering, National Institute of Technology, Kurukshetra, India & Department of Computer Science and Information Engineering, Asia University, Taiwan"}]},{"given":"Shaifali","family":"Narayan","sequence":"additional","affiliation":[{"name":"National Institute of Technology, Kurukshetra, India"}]}],"member":"2432","reference":[{"key":"JGIM.2020100108-0","doi-asserted-by":"crossref","unstructured":"Rankl, W., & Effing, W. (2004). Smart card handbook. John Wiley & Sons. Report Buyer. https:\/\/www.reportbuyer.com\/product\/5445386","DOI":"10.1002\/047085670X"},{"key":"JGIM.2020100108-1","unstructured":"Schneier, B., & Shostack, A. (1999, May). Breaking up is hard to do: modeling security threats for smart cards. In USENIX Workshop on Smart Card Technology, Chicago, Illinois, USA, http:\/\/www. counterpane. com\/smart-card-threats. html"},{"issue":"2","key":"JGIM.2020100108-2","first-page":"74","article-title":"Smart card security; Technology and adoption.","volume":"5","author":"H.Taherdoost","year":"2011","journal-title":"International Journal of Security"},{"key":"JGIM.2020100108-3","doi-asserted-by":"publisher","DOI":"10.1109\/ICEBE.2008.91"},{"key":"JGIM.2020100108-4","doi-asserted-by":"publisher","DOI":"10.1016\/S0277-9536(00)00388-9"},{"key":"JGIM.2020100108-5","doi-asserted-by":"publisher","DOI":"10.1007\/s10916-009-9391-5"},{"key":"JGIM.2020100108-6","unstructured":"Chen, S. (2016). Trust Management for a Smart Card Based Private eID Manager [Master's thesis]. NTNU."},{"key":"JGIM.2020100108-7","doi-asserted-by":"crossref","unstructured":"Conlon, J., & Whitacre, J. (2005). U.S. Patent Application No. 11\/047,593.","DOI":"10.1088\/1126-6708\/2005\/11\/047"},{"key":"JGIM.2020100108-8","author":"R.Vanderhoof","year":"2017","journal-title":"Smart Card Talk"},{"key":"JGIM.2020100108-9","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2018.05.185"},{"key":"JGIM.2020100108-10","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-01689-0_11"},{"key":"JGIM.2020100108-11","unstructured":"Smart Card Basics. (n.d.). Smart card overview. Retrieved from http:\/\/www.smartcardbasics.com\/smart-card-overview.html"},{"key":"JGIM.2020100108-12","unstructured":"Parmar, D. N., & Mehta, B. B. (2014). Face recognition methods & applications."},{"key":"JGIM.2020100108-13","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2017.05.008"},{"key":"JGIM.2020100108-14","article-title":"Efficient fingerprint matching on smart cards for high security and privacy in smart systems.","author":"N.Nedjah","year":"2017","journal-title":"Information Sciences"},{"key":"JGIM.2020100108-15","doi-asserted-by":"publisher","DOI":"10.1109\/ASYNC.2002.1000311"},{"key":"JGIM.2020100108-16","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2002.1004593"},{"key":"JGIM.2020100108-17","doi-asserted-by":"crossref","unstructured":"Gupta, B. B., & Quamara, M. (2018). A taxonomy of various attacks on smart card\u2013based applications and countermeasures. Concurrency and Computation: Practice and Experience, e4993.","DOI":"10.1002\/cpe.4993"},{"key":"JGIM.2020100108-18","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.11"},{"key":"JGIM.2020100108-19","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-10838-9_7"},{"key":"JGIM.2020100108-20","unstructured":"Roland, M., & Langer, J. (2013, August). Cloning Credit Cards: A Combined Pre-play and Downgrade Attack on EMV Contactless. In Presented as part of the 7th {USENIX} Workshop on Offensive Technologies. Academic Press."},{"key":"JGIM.2020100108-21","doi-asserted-by":"publisher","DOI":"10.1145\/514236.514239"},{"key":"JGIM.2020100108-22","first-page":"1493","article-title":"Apple Pay, Bitcoin, and Consumers: The ABCs of Future Public Payments Law.","volume":"67","author":"M. E.Burge","year":"2015","journal-title":"The Hastings Law Journal"},{"key":"JGIM.2020100108-23","unstructured":"EMVCo. (2018). Global circulation figures. Retrieved from https:\/\/www.emvco.com\/wp-content\/uploads\/2018\/04\/Global-CirculationFigures_FINAL.pdf"},{"key":"JGIM.2020100108-24","unstructured":"EMVCo. (n.d.). Deployment statistics. Retrieved from https:\/\/www.emvco.com\/about\/deployment-statistics\/"},{"key":"JGIM.2020100108-25","unstructured":"Roberston, D. (2018, October.). The Nilson Report, (1140). Retrieved from https:\/\/nilsonreport.com\/upload\/issues\/1140_0321.pdf"},{"key":"JGIM.2020100108-26","unstructured":"Eurosmart. (n.d.). Facts and Figures. Retrieved from http:\/\/www.eurosmart.com\/facts-figures.html"},{"key":"JGIM.2020100108-27","unstructured":"UK Finance. (2018). UK Finance 2017 Annual Fraud update. Retrieved from https:\/\/www.ukfinance.org.uk\/wp-content\/uploads\/2018\/03\/UKFinance_2017-annual-fraud-update-FINAL.pdf"},{"key":"JGIM.2020100108-28","unstructured":"Blunden, M. (2019). Surge in contactless card fraud - stealing \u00a31.18m in 10 months. Evening Standard. Retrieved from https:\/\/www.standard.co.uk\/news\/crime\/surge-in-contactless-card-fraud-stealing-118m-in-10-months-a4030256.html"},{"key":"JGIM.2020100108-29","unstructured":"Asokan, A. (2019). Visa Contactless Cards Vulnerable to Fraudsters: Report. Bank Info Security. Retrieved from https:\/\/www.bankinfosecurity.com\/visa-contactless-cards-vulnerable-to-fraudsters-report-a-12867"},{"key":"JGIM.2020100108-30","unstructured":"Lorsch, R. H. (1999). U.S. Patent No. 5,903,633."},{"issue":"1","key":"JGIM.2020100108-31","doi-asserted-by":"crossref","first-page":"183","DOI":"10.3141\/1817-24","article-title":"Origin and destination estimation in New York City with automated fare system data.","volume":"1817","author":"J. J.Barry","year":"2002","journal-title":"Transportation Research Record: Journal of the Transportation Research Board"},{"key":"JGIM.2020100108-32","unstructured":"Infosino, W. J. (2004). U.S. Patent No. 6,715,679."},{"key":"JGIM.2020100108-33","doi-asserted-by":"publisher","DOI":"10.1287\/mnsc.2013.1792"},{"key":"JGIM.2020100108-34","doi-asserted-by":"crossref","unstructured":"Masters, G., & Turner, P. (2007). Forensic data recovery and examination of magnetic swipe card cloning devices. Digital Investigation, 4, 16-22.","DOI":"10.1016\/j.diin.2007.06.018"},{"key":"JGIM.2020100108-35","unstructured":"Halope, C., & Zupanek, F. (2004). U.S. Patent No. 6,770,509."},{"key":"JGIM.2020100108-36","doi-asserted-by":"publisher","DOI":"10.1002\/9780470016152"},{"key":"JGIM.2020100108-37","author":"S. C.Alliance","year":"2007","journal-title":"Proximity mobile payments: Leveraging NFC and the contactless financial payments infrastructure"},{"key":"JGIM.2020100108-38","unstructured":"Lee, C. K., & Kwan, K. L. (2005). U.S. Patent No. 6,881,605."},{"key":"JGIM.2020100108-39","unstructured":"Habraken, G. W. (2014). U.S. Patent No. 8,689,013."},{"key":"JGIM.2020100108-40","unstructured":"Finn, D., Conneely, P. G., Czornack, J. T., Ummenhofer, K., & Lotya, M. (2015). U.S. Patent No. 9,033,250."},{"key":"JGIM.2020100108-41","unstructured":"Kreft, H. D. (1998). U.S. Patent No. 5,773,812."},{"key":"JGIM.2020100108-42","unstructured":"Fidalgo, J. C. (1997). U.S. Patent No. 5,598,032."},{"key":"JGIM.2020100108-43","doi-asserted-by":"publisher","DOI":"10.1109\/SCCC.2001.972643"},{"key":"JGIM.2020100108-44","doi-asserted-by":"publisher","DOI":"10.1109\/40.502402"},{"key":"JGIM.2020100108-45","unstructured":"Cuervo, V. (2001). U.S. Patent Application No. 09\/894,581."},{"key":"JGIM.2020100108-46","unstructured":"Canstar. (n.d.). What is a travel money card? Retrieved from https:\/\/www.canstar.com.au\/travel-money-cards\/what-is-a-travel-money-card\/"},{"key":"JGIM.2020100108-47","doi-asserted-by":"publisher","DOI":"10.1108\/00070700010329236"},{"key":"JGIM.2020100108-48","unstructured":"Clark, P. C. (1995). U.S. Patent No. 5,448,045."},{"key":"JGIM.2020100108-49","doi-asserted-by":"crossref","unstructured":"Noorhuzaimi, M. N., Junaida, S., Noraziah, A., & Chen, K. H. (2008, August). E-Visitor Information Management System (E-VIMS) using MyKad. In Proceedings of the First International Conference on the Applications of Digital Information and Web Technologies ICADIWT 2008 (pp. 44-49). IEEE.","DOI":"10.1109\/ICADIWT.2008.4664414"},{"key":"JGIM.2020100108-50","doi-asserted-by":"publisher","DOI":"10.1109\/4.933467"},{"key":"JGIM.2020100108-51","unstructured":"Andersson, D. (2016). A survey on contactless payment methods for smartphones."},{"key":"JGIM.2020100108-52","unstructured":"Lacmanovi\u0107, I., Radulovi\u0107, B., & Lacmanovi\u0107, D. (2010, May). Contactless payment systems based on RFID technology. In Proceedings of the 2010 Proceedings of the 33rd International Convention (pp. 1114-1119). IEEE."},{"key":"JGIM.2020100108-53","doi-asserted-by":"publisher","DOI":"10.1109\/MPRV.2006.13"},{"key":"JGIM.2020100108-54","doi-asserted-by":"publisher","DOI":"10.1109\/JSAC.2005.861395"},{"issue":"2","key":"JGIM.2020100108-55","article-title":"Literature survey on NFC, applications and controller.","volume":"3","author":"S.Pampattiwar","year":"2012","journal-title":"International Journal of Scientific & Engineering Research"},{"key":"JGIM.2020100108-56","doi-asserted-by":"publisher","DOI":"10.1007\/s11277-012-0935-5"},{"key":"JGIM.2020100108-57","doi-asserted-by":"publisher","DOI":"10.3390\/s150613348"},{"key":"JGIM.2020100108-58","doi-asserted-by":"publisher","DOI":"10.1109\/MOBISECSERV.2016.7440226"},{"key":"JGIM.2020100108-59","unstructured":"Ornce, M. R., Moyer, R., Sackenheim, G. J., Dollarhide, A. B., Glenn, K. R., & Pile, S. H. (2012). U.S. Patent Application No. 13\/315,544."},{"key":"JGIM.2020100108-60","unstructured":"Samsung. (n.d.). SamsungPay tokenization. Retrieved from https:\/\/developer.samsung.com\/tech-insights\/pay\/tokenization"},{"key":"JGIM.2020100108-61","unstructured":"Gaspar, D. (2015). U.S. Patent No. 9,092,777."},{"key":"JGIM.2020100108-62","unstructured":"Brown, K. D., & Chatelain, D. (2008). U.S. Patent Application No. 11\/875,860."},{"key":"JGIM.2020100108-63","unstructured":"Royyuru, V. K. (2013). U.S. Patent Application No. 13\/790,871."},{"key":"JGIM.2020100108-64","doi-asserted-by":"crossref","unstructured":"Stapleton, J., & Poore, R. S. (2011). Tokenization and other methods of security for cardholder data. Information Security Journal: A Global Perspective, 20(2), 91-99.","DOI":"10.1080\/19393555.2011.560923"},{"key":"JGIM.2020100108-65","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4614-9278-8_1"},{"key":"JGIM.2020100108-66","doi-asserted-by":"publisher","DOI":"10.1504\/IJITCA.2018.090169"},{"key":"JGIM.2020100108-67","unstructured":"Roland, M. (2012, June). Software card emulation in NFC-enabled mobile phones: great advantage or security nightmare. In Proceedings of theFourth International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use (pp. 1-6). Academic Press."},{"key":"JGIM.2020100108-68","doi-asserted-by":"crossref","unstructured":"Alattar, M., & Achemlal, M. (2014, August). Host-based card emulation: Development, security, and ecosystem impact analysis. In Proceedings of the 2014 IEEE Intl Conf on High Performance Computing and Communications, 2014 IEEE 6th Intl Symp on Cyberspace Safety and Security, 2014 IEEE 11th Intl Conf on Embedded Software and Syst (HPCC, CSS, ICESS) (pp. 506-509). IEEE.","DOI":"10.1109\/HPCC.2014.85"},{"key":"JGIM.2020100108-69","unstructured":"Haselsteiner, E., & Breitfu\u00df, K. (2006, July). Security in near field communication (NFC). In Workshop on RFID security (pp. 12-14). Academic Press."},{"key":"JGIM.2020100108-70","first-page":"5768","article-title":"Eavesdropping near field communication.","volume":"Vol. 27","author":"H.Kortvedt","year":"2009","journal-title":"Norwegian Information Security Conference (NISK)"},{"key":"JGIM.2020100108-71","first-page":"382","article-title":"A practical relay attack on ISO 14443 proximity cards. Technical report","volume":"59","author":"G. P.Hancke","year":"2005","journal-title":"University of Cambridge Computer Laboratory"},{"key":"JGIM.2020100108-72","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-16822-2_4"},{"key":"JGIM.2020100108-73","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-47854-7_11"},{"key":"JGIM.2020100108-74","doi-asserted-by":"publisher","DOI":"10.20533\/ijrfidsc.2046.3715.2013.0012"},{"key":"JGIM.2020100108-75","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-77366-5_2"},{"key":"JGIM.2020100108-76","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.11"},{"key":"JGIM.2020100108-77","unstructured":"Haselsteiner, E., & Breitfu\u00df, K. (2006, July). Security in near field communication (NFC). In Workshop on RFID security (pp. 12-14). Academic Press."},{"key":"JGIM.2020100108-78","doi-asserted-by":"publisher","DOI":"10.1109\/CITSM.2016.7577582"},{"key":"JGIM.2020100108-79","doi-asserted-by":"crossref","unstructured":"Chen, W., Hancke, G. P., Mayes, K. E., Lien, Y., & Chiu, J. H. (2010, April). NFC mobile transactions and authentication based on GSM network. In Proceedings of the 2010 Second International Workshop on Near Field Communication (NFC) (pp. 83-89). IEEE.","DOI":"10.1109\/NFC.2010.15"},{"key":"JGIM.2020100108-80","doi-asserted-by":"crossref","unstructured":"Chen, W. D., Hancke, G. P., Mayes, K. E., Lien, Y., & Chiu, J. H. (2010, December). Using 3G network components to enable NFC mobile transactions and authentication. In Proceedings of the 2010 IEEE International Conference on Progress in Informatics and Computing (PIC) (Vol. 1, pp. 441-448). IEEE.","DOI":"10.1109\/PIC.2010.5687587"},{"key":"JGIM.2020100108-81","unstructured":"Lee, Y., Kim, E., & Jung, M. (2013, January). A NFC based authentication method for defense of the man in the middle attack. In Proceedings of 3rd International Conference on Computer Science and Information Technology (pp. 10-14). Academic Press."},{"key":"JGIM.2020100108-82","doi-asserted-by":"publisher","DOI":"10.1109\/ISCISC.2012.6408203"},{"key":"JGIM.2020100108-83","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2013.09.014"},{"key":"JGIM.2020100108-84","doi-asserted-by":"publisher","DOI":"10.1109\/ICOIN.2015.7057870"},{"issue":"8","key":"JGIM.2020100108-85","first-page":"256","article-title":"Secure Authentication Protocol for NFC Mobile Payment Systems.","volume":"17","author":"S.Nashwan","year":"2017","journal-title":"International Journal of Computer Science and Network Security"},{"key":"JGIM.2020100108-86","unstructured":"MST. (n.d.). Samsung. Retrieved from https:\/\/www.samsung.com\/global\/galaxy\/what-is\/mst\/"},{"key":"JGIM.2020100108-87","unstructured":"Villas-Boas, A. (2015, September 24). Samsung has a key technological advantage that makes it much better to pay with your phone. BusinessInsider. Retrieved from https:\/\/www.businessinsider.in\/Samsung-has-a-key-technological-advantage-that-makes-it-much-better-to-pay-with-your-phone\/articleshow\/49083595.cms"},{"key":"JGIM.2020100108-88","unstructured":"Mendoza, S. (2016, July). Samsung pay: Tokenized numbers, flaws and issues. In Proc. Black Hat USA (pp. 1-11). Academic Press."},{"key":"JGIM.2020100108-89","unstructured":"Magspoof. (n.d.). Retrieved from https:\/\/samy.pl\/magspoof\/"},{"key":"JGIM.2020100108-90","article-title":"Eavesdropping one-time tokens over magnetic secure transmission in Samsung Pay.","author":"D.Choi","year":"2016","journal-title":"Proceedings of the 10th USENIX Workshop on Offensive Technologies (WOOT 16)"},{"key":"JGIM.2020100108-91","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2018.2859447"},{"key":"JGIM.2020100108-92","doi-asserted-by":"crossref","unstructured":"Cortier, V., Filipiak, A., Florent, J., Gharout, S., & Traor\u00e9, J. (2017, April). Designing and proving an EMV-compliant payment protocol for mobile devices. In Proceedings of the 2017 IEEE European Symposium on Security and Privacy (EuroS&P) (pp. 467-480). IEEE.","DOI":"10.1109\/EuroSP.2017.19"},{"key":"JGIM.2020100108-93","doi-asserted-by":"publisher","DOI":"10.4316\/AECE.2017.03009"},{"key":"JGIM.2020100108-94","unstructured":"Bai, X., Zhou, Z., Wang, X., Li, Z., Mi, X., Zhang, N., . . . Zhang, K. (2017, August). Picking Up My Tab: Understanding and Mitigating Synchronized Token Lifting and Spending in Mobile Payment. In Proceedings of the 26th USENIX Security Symposium (USENIX Security 17) (pp. 593-608). USENIX Association."},{"key":"JGIM.2020100108-95","doi-asserted-by":"publisher","DOI":"10.4018\/IJISMD.2018010104"},{"key":"JGIM.2020100108-96"},{"key":"JGIM.2020100108-97"},{"key":"JGIM.2020100108-98","unstructured":"pyResMan. (n.d.). Retrieved from https:\/\/www.javacardos.com\/tools\/pyresman"},{"key":"JGIM.2020100108-99","unstructured":"pyResMan. (n.d.). Retrieved from https:\/\/sourceforge.net\/projects\/pyresman\/"},{"key":"JGIM.2020100108-100"},{"key":"JGIM.2020100108-101","author":"SC.Open"},{"key":"JGIM.2020100108-102","unstructured":"Wikipedia. (n.d.). OpenSC. Retrieved from https:\/\/en.wikipedia.org\/wiki\/OpenSC"},{"key":"JGIM.2020100108-103"},{"key":"JGIM.2020100108-104"},{"key":"JGIM.2020100108-105","unstructured":"Tamarin Prover. (n.d.). Retrieved from https:\/\/tamarin-prover.github.io\/manual\/book\/001_introduction.html"},{"key":"JGIM.2020100108-106","unstructured":"Pockets. (n.d.). ICICI Bank. Retrieved from https:\/\/www.icicibank.com\/Personal-Banking\/bank-wallet\/pockets\/pockets.html"},{"key":"JGIM.2020100108-107","author":"B. B.Gupta","year":"2018","journal-title":"Computer and cyber security: principles, algorithm, applications, and perspectives"},{"key":"JGIM.2020100108-108","doi-asserted-by":"crossref","unstructured":"Almomani, A., Gupta, B. B., Wan, T. C., Altaher, A., & Manickam, S. (2013). Phishing dynamic evolving neural fuzzy framework for online detection zero-day phishing email.","DOI":"10.17485\/ijst\/2013\/v6i1.18"},{"key":"JGIM.2020100108-109","unstructured":"Jiang, F., Fu, Y., Gupta, B. B., Lou, F., Rho, S., Meng, F., & Tian, Z. (2018). Deep learning based multi-channel intelligent attack detection for data security. IEEE transactions on Sustainable Computing."},{"key":"JGIM.2020100108-110","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2018.02.060"},{"key":"JGIM.2020100108-111","doi-asserted-by":"publisher","DOI":"10.1007\/s11042-017-4452-0"}],"container-title":["Journal of Global Information Management"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=262960","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,5]],"date-time":"2022-05-05T21:49:11Z","timestamp":1651787351000},"score":1,"resource":{"primary":{"URL":"http:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/JGIM.2020100108"}},"subtitle":["Technologies, Policies, Attacks and Countermeasures"],"short-title":[],"issued":{"date-parts":[[2020,10]]},"references-count":112,"journal-issue":{"issue":"4"},"URL":"https:\/\/doi.org\/10.4018\/jgim.2020100108","relation":{},"ISSN":["1062-7375","1533-7995"],"issn-type":[{"value":"1062-7375","type":"print"},{"value":"1533-7995","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,10]]}}}