e-EMV: Emulating EMV for Internet payments using Trusted Computing technology v-2

摘要

The introduction of EMV-compliant payment cards, with theirimproved cardholder verification and card authentication capabilities,has resulted in a dramatic reduction in the levels of fraud seen atPoint of Sale (PoS) terminals across Europe. However, this reductionhas been accompanied by an alarming increase in the level of fraudassociated with Internet-based Card Not Present (CNP) transactions.This increase is largely attributable to the weaker authentication pro-cedures involved in CNP transactions. This paper shows how thefunctionality associated with EMV-compliant payment cards can besecurely emulated in software on platforms supporting Trusted Com-puting technology. We describe a detailed system architecture encom-passing user enrollment, card deployment (in the form of software),card activation, and subsequent transaction processing. Our proposalis compatible with the existing EMV transaction processing architec-ture, and thus integrates fully and naturally with already deployedEMV infrastructure. We show that our proposal, which effectivelymakes available the full security of PoS transactions for Internet-basedCNP transactions, has the potential to significantly reduce the oppor-tunity for fraudulent CNP transactions.