IET: Contactless payment cards: research highlights security concerns

Warnings about the use of contactless payment cards and Near Field Communication (NFC) capable devices are raised in a study published today by the Institution of Engineering & Technology’s (IET) The Journal of Engineering.

A team of researchers from the University of Surrey successfully received a contactless transmission from distances of 45-80cm using inconspicuous equipment, highlighting security concerns to personal data.

NFC technology is in use on more recent mobile phones and on contactless debit/credit cards issued by UK banks.

The team used portable, inexpensive and easily concealable equipment including a pocket-sized cylindrical antenna, a backpack, and a shopping trolley, none of which would raise suspicion if used in a supermarket queue or in a crowded place.

Using this equipment, the team showed how reliably eavesdropping could be carried out at various distances, with good reception possible even at 45cm when the minimum magnetic field strength required by the standard is in use.

The implications for consumers are significant. “The results we found have an impact on how much we can rely on physical proximity as a 'security feature' of NFC devices", said lead academic supervisor, Dr Johann Briffa. "Designers of applications using NFC need to consider privacy because the intended short range of the channel is no defence against a determined eavesdropper.”

Eleanor Gendle, IET Managing Editor at The Journal of Engineering, said: “With banks routinely issuing contactless payment cards to customers, there is a need to raise awareness of the potential security threats. It will be interesting to see further research in this area and ascertain the implications for users of contactless technology with regards to theft, fraud and liability.”

According to Paul Krause, Professor of Software Engineering at the University of Surrey, “Open access is vitally important in order to ensure that the results of publicly funded research are made available to all. It is particularly important for the stimulation of innovation in engineering where new enterprises may not have the financial resources to pay for a range of journal subscriptions. The IET has taken a very significant initiative in establishing a high quality open access journal that covers all aspects of engineering in one resource.”

Ends

Full paper: http://digital-library.theiet.org/content/journals/10.1049/joe.2013.0087

About the Authors
Thomas P. Diakos is a PhD student in the Department of Computing, University of Surrey, UK. His supervisory team is made up of Dr Johann A. Briffa and Dr Stephan Wesemeyer from the Department of Computing, and Dr Tim W. C. Brown from the Centre for Communication Systems Research.

The research was funded by the EPSRC and Consult Hyperion.

About The Journal of Engineering (www.thejournalofengineering.org)
Launched by the IET in April 2013, The Journal of Engineering (JoE) is a broad, online-only, open access journal, making essential engineering intelligence freely available to the worldwide engineering community online. JoE publishes scientifically sound research with rigorous peer-review and fast turnaround in emerging or cross-disciplinary areas including Electrical and Electronic engineering, Mechanical engineering, Energy engineering, Civil engineering, Micro- and Nanotechnology, Computing and Software, Biomedical engineering and Materials engineering.

About the IET (www.theiet.org)
Interview opportunities are available with IET spokespeople from a broad range of engineering and technology disciplines including cyber-security, energy, engineering skills, innovation, manufacturing, technology, transport and women in engineering.

The IET is one of the world’s largest organisations for engineers and technicians. It has 153,000 members in 127 countries and is leading the development of a global engineering and technology community to share and advance knowledge to enhance people’s lives.

The IET is the Professional Home for Life® for engineers and technicians, and a trusted source of engineering intelligence and thought leadership.

The IET’s portfolio of research and letters journals and monographs (print and e-Book) are available online through the IET Digital Library together with conference proceedings, seminar digests and magazines.  The IET Inspec database contains over 13 million abstract and indexing references to journal articles, conference proceedings and technical reports in the fields of science and technology, and IET.tv provides access to the world's largest specialised online archive of engineering and technology content. 

About Open Access
Open access publishing enables peer reviewed, accepted journal articles to be made freely available online to anyone with access to the internet. Open access publishing with the IET is funded through author publication charges. This model differs from the subscription based publishing model, whereby readers (or more commonly, readers' institutions) pay for access to journal articles.

Media enquiries
Robert Beahan, External Communications Manager
T: +44 (0)1438 767336
M: +44 (0)7595 400912
E: rbeahan@theiet.org