In the field of security engineering, a pre-play attack is a cryptographic attack in which an attacker prepares for the attack in advance by carrying out a simulated transaction while pretending to be the device to be attacked, and then repeats the attack a second time with the real device at a time when it is likely to carry out the same series of operations as in the simulation. The technique relies on being able to guess the content of the transaction in advance, something usually made possible by a poor choice of unpredictability within the system. [1] [2] The name is a play on "replay attack". Pre-play attacks are not very effective and chances of success are slim.
A debit card is a payment card that can be used in place of cash to make purchases. It is similar to a credit card, but unlike a credit card, the money for the purchase must be in the cardholder's bank account at the time of a purchase and is immediately transferred directly from that account to the merchant's account to pay for the purchase.
Electronic funds transfer at point of sale is an electronic payment system involving electronic funds transfers based on the use of payment cards, such as debit or credit cards, at payment terminals located at points of sale. EFTPOS technology was developed during the 1980s. In Australia and New Zealand, it is also the brand name of a specific system used for such payments; these systems are mainly country-specific and do not interconnect. In Singapore, it is known as NETS.
An automated teller machine (ATM) or cash machine is an electronic telecommunications device that enables customers of financial institutions to perform financial transactions, such as cash withdrawals, deposits, funds transfers, balance inquiries or account information inquiries, at any time and without the need for direct interaction with bank staff.
A smart card, chip card, or integrated circuit card is a physical electronic authorization device, used to control access to a resource. It is typically a plastic credit card-sized card with an embedded integrated circuit (IC) chip. Many smart cards include a pattern of metal contacts to electrically connect to the internal chip. Others are contactless, and some are both. Smart cards can provide personal identification, authentication, data storage, and application processing. Applications include identification, financial, mobile phones (SIM), public transit, computer security, schools, and healthcare. Smart cards may provide strong security authentication for single sign-on (SSO) within organizations. Numerous nations have deployed smart cards throughout their populations.
EMV is a payment method based upon a technical standard for smart payment cards and for payment terminals and automated teller machines which can accept them. EMV originally stood for "Europay, Mastercard, and Visa", the three companies that created the standard.
MIFARE is the NXP Semiconductors-owned trademark of a series of integrated circuit (IC) chips used in contactless smart cards and proximity cards.
Mastercard Maestro is a brand of debit cards and prepaid cards owned by Mastercard that was introduced in 1991. Maestro debit cards are obtained from associate banks and are linked to the cardholder's savings account, current account or any of several other types of accounts, while prepaid cards do not require a bank account to operate. Maestro cards can be used at point of sale (POS) and ATMs. Payments are made by swiping cards through the payment terminal, insertion into a chip and PIN device or by a contactless reader. The payment is authorized by the card issuer to ensure that the cardholder has sufficient funds in their account to make the purchase. The cardholder then confirms the payment by either signing the sales receipt or entering their 4- to 6-digit PIN, except with contactless transactions below a specified amount for which no further verification is required.
Verifone is an American multinational corporation headquartered in Coral Springs, Florida, that provides technology for electronic payment transactions and value-added services at the point-of-sale. Verifone sells merchant-operated, consumer-facing and self-service payment systems to the financial, retail, hospitality, petroleum, government and healthcare industries. The company's products consist of POS electronic payment devices that run its own operating systems, security and encryption software, and certified payment software, and that are designed for both consumer-facing and unattended environments.
A Lebanese loop is a device used to commit fraud and identity theft by exploiting automated teller machines (ATMs). In its simplest form, it is a strip or sleeve of metal or plastic which blocks the ATM's card slot, causing any inserted card to be apparently retained by the machine, allowing it to be retrieved by the fraudster when the card holder leaves.
A card reader is a data input device that reads data from a card-shaped storage medium. The first were punched card readers, which read the paper or cardboard punched cards that were used during the first several decades of the computer industry to store information and programs for computer systems. Modern card readers are electronic devices that can read plastic cards embedded with either a barcode, magnetic strip, computer chip or another storage medium.
A contactless smart card is a contactless credential whose dimensions are credit-card size. Its embedded integrated circuits can store data and communicate with a terminal via NFC. Commonplace uses include transit tickets, bank cards and passports.
Gemalto was an international digital security company providing software applications, secure personal devices such as smart cards and tokens, and managed services. Formed in June 2006 by the merger of two companies, Axalto and Gemplus International. Gemalto N.V.'s revenue in 2018 was €2.969 billion.
Contactless payment systems are credit cards and debit cards, key fobs, smart cards, or other devices, including smartphones and other mobile devices, that use radio-frequency identification (RFID) or near field communication for making secure payments. The embedded integrated circuit chip and antenna enable consumers to wave their card, fob, or handheld device over a reader at the point of sale terminal. Contactless payments are made in close physical proximity, unlike other types of mobile payments which use broad-area cellular or WiFi networks and do not involve close physical proximity.
A payment terminal, also known as a point of sale (POS) terminal, credit card terminal, EFTPOS terminal, is a device which interfaces with payment cards to make electronic funds transfers. The terminal typically consists of a secure keypad for entering PIN, a screen, a means of capturing information from payments cards and a network connection to access the payment network for authorization.
The Chip Authentication Program (CAP) is a MasterCard initiative and technical specification for using EMV banking smartcards for authenticating users and transactions in online and telephone banking. It was also adopted by Visa as Dynamic Passcode Authentication (DPA). The CAP specification defines a handheld device with a smartcard slot, a numeric keypad, and a display capable of displaying at least 12 characters. Banking customers who have been issued a CAP reader by their bank can insert their Chip and PIN (EMV) card into the CAP reader in order to participate in one of several supported authentication protocols. CAP is a form of two-factor authentication as both a smartcard and a valid PIN must be present for a transaction to succeed. Banks hope that the system will reduce the risk of unsuspecting customers entering their details into fraudulent websites after reading so-called phishing emails.
A PIN pad or PIN entry device (PED) is an electronic device used in a debit, credit or smart card-based transaction to accept and encrypt the cardholder's personal identification number (PIN).
Credit card fraud is an inclusive term for fraud committed using a payment card, such as a credit card or debit card. The purpose may be to obtain goods or services or to make payment to another account, which is controlled by a criminal. The Payment Card Industry Data Security Standard is the data security standard created to help financial institutions process card payments securely and reduce card fraud.
A credit card is a payment card issued to users (cardholders) to enable the cardholder to pay a merchant for goods and services based on the cardholder's accrued debt. The card issuer creates a revolving account and grants a line of credit to the cardholder, from which the cardholder can borrow money for payment to a merchant or as a cash advance. There are two credit card groups: consumer credit cards and business credit cards. Most cards are plastic, but some are metal cards, and a few gemstone-encrusted metal cards.
A card security code is a series of numbers that, in addition to the bank card number, is embossed or printed on a card. The CSC is used as a security feature for card not present transactions, where a personal identification number (PIN) cannot be manually entered by the cardholder. It was instituted to reduce the incidence of credit card fraud.
Apple Pay is a mobile payment and digital wallet service by Apple Inc. that allows users to make payments in person, in iOS apps, and on the web using Safari. It is supported on the iPhone, Apple Watch, iPad, and Mac. It is not available on any client device that is not made and sold by Apple. It digitizes and can replace a credit or debit card chip and PIN transaction at a contactless-capable point-of-sale terminal. It does not require Apple Pay-specific contactless payment terminals; it can work with any merchant that accepts contactless payments. It adds two-factor authentication via Touch ID, Face ID, PIN, or passcode. Devices wirelessly communicate with point of sale systems using near field communication (NFC), with an embedded secure element (eSE) to securely store payment data and perform cryptographic functions, and Apple's Touch ID and Face ID for biometric authentication.