Nowadays, NFC technology is used in contactless payment applications by offering the NFC payment functionality in credit/debit cards, smartphones and payment terminals. Thus, an NFC payment transaction is executed in a simple and practical way. EMV is the security protocol for both contact and contactless payment systems. However, during an EMV payment transaction, this standard does not ensure two main security constraints between a customer payment device and a payment terminal:(1) mutual authentication, (2) confidentiality of sensitive banking data exchanged. These weaknesses represent a major risk in the case of NFC payment because the transaction is performed using NFC radio waves in an open environment. The risk is reduced in the case of contact payment because the transaction is executed in a closed environment by inserting the card into the terminal. In this paper, we propose a new security protocol for NFC payment transactions based on a Cloud infrastructure. We verify the correctness of this proposal using Scyther tool that provides formal proofs for security protocols.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.