EMV is the protocol implemented to secure the communication, between a client’s payment device and a merchant’s payment device, during a contact or an NFC purchase transaction. It represents a set of security messages and rules, exchanged between the different transaction actors, guaranteeing several important security properties, such as authentication, non-repudiation and integrity. Indeed, researchers, in various studies, have analyzed the operation of this protocol in order to verify its safety: unfortunately, they have identified two security vulnerabilities that lead to multiple attacks and dangerous risks threatening both clients and merchants. In this paper, we are firstly interested in presenting a general overview of the EMV protocol and secondly, in proposing a new security solution that enhances the EMV protocol by solving the two dangerous EMV vulnerabilities. We verify the accuracy of our solution by using the Scyther security verification tool.

EMV是实现的协议，用于在联系或NFC购买交易期间确保客户的支付设备与商户的支付设备之间的通信安全。它代表了一组安全消息和规则，它们在不同的交易参与者之间进行交换，从而保证了几个重要的安全属性，例如身份验证，不可否认性和完整性。实际上，在各种研究中，研究人员已经分析了该协议的运行以验证其安全性：不幸的是，他们发现了两个安全漏洞，这些漏洞导致多重攻击和威胁客户和商人的危险。在本文中，我们首先有兴趣介绍EMV协议的概述，其次，提出了一种新的安全解决方案，通过解决两个危险的EMV漏洞来增强EMV协议。我们使用Scyther安全验证工具来验证我们解决方案的准确性。