Research Area

Information and Communication Technologies

Contact

Karl Quinn

Inventors

John Tobin

Christina Thorpe

Topics

Relay NFC Counter-measure

NFC Relay Attack Countermeasure

A standards-compliant, terminal-based solution to relay attacks on NFC. Prevent contactless card fraud from the growing threat of this attack vector.

Overview
Near Field Communication (NFC), the technology behind contactless debit/credit cards and some access control card systems, has long been known to be vulnerable to relay attacks. Until recently, this attack vector posed minimal threat as only a handful of experts in the field had the necessary resources and knowledge to undertake this attack. Now, anyone with an NFC-enabled Android smartphone can download an app that enables them to carry out a relay attack – with limited-to-no expert knowledge required by the attacker. Combined with the rapid roll-out of contactless cards by financial institutions, the risk this attack presents is substantial and can no longer be ignored. Indeed, news reports of this vulnerability being exploited have started to become more frequent. It is imperative that this security flaw is patched to protect cardholders, retailers, and financial institutions from becoming victims of contactless payment fraud.
How It Works
This countermeasure provides a solution to prevent relay attacks on contactless cards, thus protecting customers and other stakeholders from financial loss. It is compliant with existing ISO/IEC standards and is implemented in card reader (terminal) devices. As such, it is backwards compatible with the millions of contactless cards already in circulation. The approach is software based and can be tailored to different devices. Ease of deployment is guaranteed and can be done through a firmware update, or similar, on terminal devices. The exact algorithm remains a trade secret but tests on over 10,000 transactions show a 100% detection rate. The countermeasure takes, on average, 0.22 seconds to complete and does not interfere with a customer’s contactless transaction.
Benefits
The expected benefits to consumers of the technology include: - Reduced financial loss attributable to contactless payment fraud, - Customers and retailers feel safer - Protection against a threat likely to grow in coming years - Risks of deploying contactless technology reduced leading to increased pick-up of the technology by retailers and financial institutions - Existing contactless cards that are susceptible to this attack can be protected without needing to issue a new card to the cardholder - Speed of contactless transactions and ease of use unaffected from consumer’s perspective.
For all other enquries please don't hesitate to contact us
  1. Search and filter

    Use these powerful search and filter tools to discover the technologies you are looking for.

  2. Technology summary

    Clicking here will give you a summary of this technology.

  3. Technology details

    Should you need further detail or contact details for this technology, clicking on the name will give you a larger number of insights into each technology, enquiry and licencing details.