Enhancing EMV Tokenisation with Dynamic Transaction Tokens

  • Danushka Jayasinghe
  • Konstantinos Markantonakis
  • Raja Naeem Akram
  • Keith Mayes
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10155)


Europay MasterCard Visa (EMV) Tokenisation specification details how the risk involved in Personal Account Number (PAN) compromise can be prevented by using tokenisation. In this paper, we identify two main potential problem areas that raise concerns about the security of tokenised EMV contactless mobile payments, especially when the same token also called a static token is used to pay for all transactions. We then discuss five associated attack scenarios that would let an adversary compromise payment transactions. It is paramount to address these security concerns to secure tokenised payments, which is the main focus of the paper. We propose a solution that would enhance the security of this process when a smart phone is used to make a tokenised contactless payment. In our design, instead of using a static token in every transaction, a new dynamic token and a token cryptogram is used. The solution is then analysed against security and protocol objectives. Finally the proposed protocol was subjected to mechanical formal analysis using Scyther which did not find any feasible attacks within the bounded state space.


Tokenisation Security Dynamic transaction token EMV contactless mobile payments Cryptography Scyther Formal analysis 


  1. 1.
  2. 2.
    EMV integrated circuit card specifications for payment systems, Book 2: security and key management, Version 4.3, EMVCo, LLC, November 2011Google Scholar
  3. 3.
    EMV integrated circuit card specifications for payment systems, Book 3: application specification, Version 4.3, EMVCo, LLC, November 2011Google Scholar
  4. 4.
    EMV payment tokenisation specification: technical framework, Version 1.0, EMVCo, LLC, March 2014Google Scholar
  5. 5.
    Apple pay, July 2015.
  6. 6.
    EMV contactless specifications for payment systems, EMVCo, LLC, March 2015Google Scholar
  7. 7.
  8. 8.
    Askoxylakis, I., Pramateftakis, M., Kastanis, D., Traganitis, A.: Integration of a secure mobile payment system in a GSM/UMTS SIM smart card. System 12, 13 (2007)Google Scholar
  9. 9.
    BBC News: US and UK accused of hacking SIM card firm to steal codes (2015).
  10. 10.
    Bond, M., Choudary, O., Murdoch, S.J., Skorobogatov, S., Anderson, R.: Chip and Skim: cloning EMV cards with the pre-play attack. In: 2014 IEEE Symposium on Security and Privacy, pp. 49–64. IEEE (2014)Google Scholar
  11. 11.
    Bond, M., Choudary, O., Murdoch, S.J., Skorobogatov, S., Anderson, R.: Be prepared: the EMV pre-play attack. IEEE Secur. Priv. 13, 56–64 (2015)CrossRefGoogle Scholar
  12. 12.
    Chothia, T., Garcia, F.D., Ruiter, J., Breekel, J., Thompson, M.: Relay cost bounding for contactless EMV payments. In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 189–206. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-47854-7_11 CrossRefGoogle Scholar
  13. 13. Vulnerabilities found in three popular payment terminal models can result in credit card data theft (2012).
  14. 14.
    Cremers, C., Mauw, S.: Operational semantics of security protocols. In: Leue, S., Systä, T.J. (eds.) Scenarios: Models, Transformations and Tools. LNCS, vol. 3466, pp. 66–89. Springer, Heidelberg (2005). doi: 10.1007/11495628_4 CrossRefGoogle Scholar
  15. 15.
    Cremers, C.J.F.: The scyther tool: verification, falsification, and analysis of security protocols. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 414–418. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-70545-1_38 CrossRefGoogle Scholar
  16. 16.
    Crowe, M., Pandy, S., Lott, D., Mott, S.: Is payment tokenization ready for primetime? Perspectives from industry stakeholders on the tokenization landscape. Technical report, Federal Reserve Bank of Boston & Federal Reserve Bank of Atlanta (2015)Google Scholar
  17. 17.
    Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)MathSciNetCrossRefzbMATHGoogle Scholar
  18. 18.
    Drimer, S., Murdoch, S.J., et al.: Keep your enemies close: distance bounding against smartcard relay attacks. In: USENIX Security, vol. 2007 (2007)Google Scholar
  19. 19.
    Jayasinghe, D., Akram, R.N., Markantonakis, K., Rantos, K., Mayes, K.: Enhancing EMV online PIN verification. In: 2015 IEEE Trustcom/BigDataSE/ISPA, vol. 1, pp. 808–817, August 2015Google Scholar
  20. 20.
    Jayasinghe, D., Markantonakis, K., Gurulian, I., Akram, R., Mayes, K.: Extending emv tokenised payments to offline-environments. The 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom 2016). IEEE Computer Society (2016)Google Scholar
  21. 21.
    Kaspersky Lab: Equation group: the crown creator of cyber-espionage (2015).
  22. 22.
  23. 23.
    PCI Security Standards Council: Information Supplement: PCI DSS Tokenization Guidelines, Version 2.0, PCI Data Security Standard (PCI DSS), August 2011Google Scholar
  24. 24.
    Symantec: a special report on: attacks on point-of-sales systems, November 2014Google Scholar
  25. 25.
    TheHackerNews: 324,000 financial records with CVV numbers stolen from a payment gateway (2016).

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Danushka Jayasinghe
    • 1
  • Konstantinos Markantonakis
    • 1
  • Raja Naeem Akram
    • 1
  • Keith Mayes
    • 1
  1. 1.Smart Card Centre, Information Security GroupRoyal Holloway, University of LondonEghamUK

Personalised recommendations