The protocol by which "contactless" (NFC) credit cards operate is insecure. Previous work has done much to protect this protocol from malicious third parties, e.g. eavesdroppers, credit card skimmers, etc. However, most of these defenses rely on the retailers being honest, and on their Points of Sale following the credit card protocol faithfully. In this paper, we extend the threat model to include malicious retailers, and remove any restrictions on the operation of their Points of Sale. In particular, we identify two classes of attacks which may be executed by a malicious retailer: Over-charge attacks exploiting victim customers, and Transparent Bridge attacks exploiting victim retailers. We then extend the protocol from previous work in order to defend against these attacks, protecting cardholders and honest retailers from malicious retailers.
展开▼