A survey of payment token vulnerabilities towards stronger security with fingerprint based encryption on Samsung Pay

  • Author(s) / Creator(s)
  • The use of payment tokens, based on EMV® specifications and the Payment Card Industry token standard, both propels the spread of mobile payment technologies and improves the security of Mobile Payments including protection of the original payment information and primary account numbers. However, some researchers have demonstrated that attacks on payment tokens through decoding the magnetic secure transmission or near field communication signal allows an attacker to use stolen tokens to complete malicious transactions or to guess new tokens through analysis of the token format. The stolen tokens are then used to make fraudulent transactions. In this research we examined Samsung Pay in order to design a novel theoretical security model using a fingerprint-based master key for unlock phone authentication, and transaction authentication and encryption. Samsung Pay is an application installed in a Secure Element in a Samsung Android device. In our theoretical security model presented, this master key can be created using one biometric fingerprint pattern or two merged patterns. Sub-keys can then be generated from this master key
    that can be applied to transaction encryption, payment token encryption and to protect the payment token in the Secure Element in the phone where the mobile EMV® customer information is stored.

  • Date created
    2018
  • Subjects / Keywords
  • Type of Item
    Research Material
  • DOI
    https://doi.org/10.7939/r3-a2y1-3a98
  • License
    Attribution-NonCommercial 4.0 International