A Survey on Contactless Smart Cards and Payment System: Technologies, Policies, Attacks and Countermeasures

A Survey on Contactless Smart Cards and Payment System: Technologies, Policies, Attacks and Countermeasures

Brij B. Gupta (Department of Computer Engineering, National Institute of Technology, Kurukshetra, India & Department of Computer Science and Information Engineering, Asia University, Taiwan) and Shaifali Narayan (National Institute of Technology, Kurukshetra, India)
Copyright: © 2020 |Pages: 25
DOI: 10.4018/JGIM.2020100108
Article PDF Download
Open access articles are freely available for download


In recent years, contactless transactions have risen rapidly. It includes NFC, MST, contactless cards, and many other payment methods. These payment methods have certain security issues, and attackers are in a regular search for the exploits to break its security. These security issues require proper analysis to secure user data from attackers. This article will discuss the contactless smart cards and payment systems in detail including the techniques used for securing user data and different possible attacks on the technology used for communication. The article also presents some countermeasures to prevent the attack and issues with those countermeasures. In addition, the article includes some future research issues and suggestions to overcome the security issues in contactless payment system.
Article Preview

1. Introduction

With the expeditious growth in smart cards and payment technology in today’s time, human life has become much easier and smart driven. Smart cards are the small plastic cards with chip embedded to them along with CPU, RAM and ROM for processing and storage (Rankl & Effing, 2004). According to a report, the smart card market will grow at 8.7% Compound Annual Growth Rate (CAGR) by 2023 (Report Buyer, 2018). There are many entities involved in smartcards, such as card holder, terminal, data owner, card manufacturer, card issuer and software manufacturer (Schneier & Shostack, 1999). Smart cards have been used to identify users and can also be used for logical and physical access as they are the cost effective multi-function cards (Taherdoost et al., 2011). With the ease provided by smart cards, they are now broadly used from secure payment applications like credit and debit cards, public transport system (Markantonakis et al., 2008) to user identification and authentication applications like smart health cards (Aubert & Hamel, 2001; Hsu et al., 2011), employee cards (Chen, 2016), membership cards (Conlon & Whitacre, 2005), IoT (Vanderhoof, 2017; Gupta & Quamara, 2018); mobile based applications as Subscriber Identity Module(SIM) card for making paid television connections, purchasing goods, etc. For the smart card-based applications, to control the access dynamic security policies were proposed (Gupta & Quamara, 2018b).

Smart cards are frequently used in applications that require strong authentication and security protection in comparison to other machine-readable data storage techniques like bar- code and magnetic-stripe. The self-containment property makes them impervious to attack as they don’t rely upon the potentially vulnerable external resources. Smart card offers vital system safety modules that are needed for nearly any form of network information exchange (Smart Card Basics, 2018). Smart cards protect against security threats from negligent storage of user password to sophisticated system hacks. There have also been some suggested schemes that use user biometrics such as face recognition (Parmar & Mehta, 2014), iris matching (Nedjah et al., 2017), fingerprint matching (Nedjah et al., 2017b) for user data security. The main driving factor in the success of smart card is its ability to perform security sensitive operations and maintain the integrity of the data stored in the card. For example, the cost to control password reset in an organization is very high, but in such an environment smart cards are a cost-effective solution. However, in terms of storage and computing capacity, their resources are obligatory. Also, for power supply and clock mechanism card depend on the card readers (Moore et al., 2002). With the increase in the number of its application, several opportunities have been generated for the attackers to extricate the secret information (Messerges et al., 2002).

Complete Article List

Search this Journal:
Volume 31: 2 Issues (2023): 1 Released, 1 Forthcoming
Volume 30: 12 Issues (2022)
Volume 29: 6 Issues (2021)
Volume 28: 4 Issues (2020)
Volume 27: 4 Issues (2019)
Volume 26: 4 Issues (2018)
Volume 25: 4 Issues (2017)
Volume 24: 4 Issues (2016)
Volume 23: 4 Issues (2015)
Volume 22: 4 Issues (2014)
Volume 21: 4 Issues (2013)
Volume 20: 4 Issues (2012)
Volume 19: 4 Issues (2011)
Volume 18: 4 Issues (2010)
Volume 17: 4 Issues (2009)
Volume 16: 4 Issues (2008)
Volume 15: 4 Issues (2007)
Volume 14: 4 Issues (2006)
Volume 13: 4 Issues (2005)
Volume 12: 4 Issues (2004)
Volume 11: 4 Issues (2003)
Volume 10: 4 Issues (2002)
Volume 9: 4 Issues (2001)
Volume 8: 4 Issues (2000)
Volume 7: 4 Issues (1999)
Volume 6: 4 Issues (1998)
Volume 5: 4 Issues (1997)
Volume 4: 4 Issues (1996)
Volume 3: 4 Issues (1995)
Volume 2: 4 Issues (1994)
Volume 1: 4 Issues (1993)
View Complete Journal Contents Listing