Contactless payments are fast replacing cash and chip inserted transactions. Now Accounting for a staggering 40% of transactions globally. Yet, contactless makes use of protocols much older than the technology itself. With this in mind, just how safe and secure are contactless payments?
In this talk, we discuss the intricacies of the EMV protocols. Our findings show that contactless payments are not as safe and secure as first thought. Their reliance on older technology has introduced several flaws into their protocols.
We detail new vulnerabilities; how to bypass limits for contactless payments made using cards and how to circumvent limits for mobile wallets, even on locked devices. We also cover flaws in the generation keys values, the unpredictable number (UN) and application transaction counter (ATC).
We close the session by discussing how existing implementations of card authorization processes differ from each other. Finally, we talk about the best practices that should be implemented to create a secure environment for payments.