Pre-play attack

Last updated January 23, 2025

In the field of security engineering, a pre-play attack is a cryptographic attack in which an attacker prepares for the attack in advance by carrying out a simulated transaction while pretending to be the device to be attacked, and then repeats the attack a second time with the real device at a time when it is likely to carry out the same series of operations as in the simulation. The technique relies on being able to guess the content of the transaction in advance, something usually made possible by a poor choice of unpredictability within the system.^[1]^[2] The name is a play on "replay attack". Pre-play attacks are not very effective and chances of success are slim.

Related Research Articles

A debit card, also known as a check card or bank card, is a payment card that can be used in place of cash to make purchases. The card usually consists of the bank's name, a card number, the cardholder's name, and an expiration date, on either the front or the back. Many new cards now have a chip on them, which allows people to use their card by touch (contactless), or by inserting the card and keying in a PIN as with swiping the magnetic stripe. Debit cards are similar to a credit card, but the money for the purchase must be in the cardholder's bank account at the time of the purchase and is immediately transferred directly from that account to the merchant's account to pay for the purchase.

Electronic Funds Transfer at Point Of Sale, abbreviated as EFTPOS, is the technical term referring to a type of payment transaction where electronic funds transfers (EFT) are processed at a point of sale (POS) system or payment terminal usually via payment methods such as payment cards. EFTPOS technology was developed during the 1980s.

An automated teller machine (ATM) is an electronic telecommunications device that enables customers of financial institutions to perform financial transactions, such as cash withdrawals, deposits, funds transfers, balance inquiries or account information inquiries, at any time and without the need for direct interaction with bank staff.

A smart card (SC), chip card, or integrated circuit card, is a card used to control access to a resource. It is typically a plastic credit card-sized card with an embedded integrated circuit (IC) chip. Many smart cards include a pattern of metal contacts to electrically connect to the internal chip. Others are contactless, and some are both. Smart cards can provide personal identification, authentication, data storage, and application processing. Applications include identification, financial, public transit, computer security, schools, and healthcare. Smart cards may provide strong security authentication for single sign-on (SSO) within organizations. Numerous nations have deployed smart cards throughout their populations.

EMV is a payment method based on a technical standard for smart payment cards and for payment terminals and automated teller machines which can accept them. EMV stands for "Europay, Mastercard, and Visa", the three companies that created the standard.

MIFARE is a series of integrated circuit (IC) chips used in contactless smart cards and proximity cards.

Mastercard Maestro is a brand of debit cards and prepaid cards owned by Mastercard that was introduced in 1991. Maestro is accepted at around fifteen million point of sale outlets in 93 countries.

A transaction authentication number (TAN) is used by some online banking services as a form of single use one-time passwords (OTPs) to authorize financial transactions. TANs are a second layer of security above and beyond the traditional single-password authentication.

A Lebanese loop is a device used to commit fraud and identity theft by exploiting automated teller machines (ATMs). In its simplest form, it is a strip or sleeve of metal or plastic which blocks the ATM's card slot, causing any inserted card to be apparently retained by the machine, allowing it to be retrieved by the fraudster when the card holder leaves.

A contactless smart card is a contactless credential whose dimensions are credit card size. Its embedded integrated circuits can store data and communicate with a terminal via NFC. Commonplace uses include transit tickets, bank cards and passports.

<span class="mw-page-title-main">Gemalto</span> International digital security company

Gemalto was an international digital security company providing software applications, secure personal devices such as smart cards and tokens, e-wallets and managed services. It was formed in June 2006 by the merger of two companies, Axalto and Gemplus International. Gemalto N.V.'s revenue in 2018 was €2.969 billion.

A payment terminal, also known as a point of sale (POS) terminal, credit card machine, card reader, PIN pad, EFTPOS terminal, is a device which interfaces with payment cards to make electronic funds transfers. The terminal typically consists of a secure keypad for entering PIN, a screen, a means of capturing information from payments cards and a network connection to access the payment network for authorization.

The Chip Authentication Program(CAP) is a MasterCard initiative and technical specification for using EMV banking smartcards for authenticating users and transactions in online and telephone banking. It was also adopted by Visa as Dynamic Passcode Authentication (DPA). The CAP specification defines a handheld device (CAP reader) with a smartcard slot, a numeric keypad, and a display capable of displaying at least 12 characters (e.g., a starburst display). Banking customers who have been issued a CAP reader by their bank can insert their Chip and PIN (EMV) card into the CAP reader in order to participate in one of several supported authentication protocols. CAP is a form of two-factor authentication as both a smartcard and a valid PIN must be present for a transaction to succeed. Banks hope that the system will reduce the risk of unsuspecting customers entering their details into fraudulent websites after reading so-called phishing emails.

A PIN pad or PIN entry device is an electronic device used in a debit, credit or smart card-based transaction to accept and encrypt the cardholder's personal identification number (PIN).

Credit card fraud is an inclusive term for fraud committed using a payment card, such as a credit card or debit card. The purpose may be to obtain goods or services or to make payment to another account, which is controlled by a criminal. The Payment Card Industry Data Security Standard is the data security standard created to help financial institutions process card payments securely and reduce card fraud.

<span class="mw-page-title-main">Credit card</span> Card for financial transactions on credit

A credit card is a payment card, usually issued by a bank, allowing its users to purchase goods or services, or withdraw cash, on credit. Using the card thus accrues debt that has to be repaid later. Credit cards are one of the most widely used forms of payment across the world.

<span class="mw-page-title-main">Card security code</span> Security feature on payment cards

A card security code is a series of numbers that, in addition to the bank card number, is printed on a credit or debit card. The CSC is used as a security feature for card not present transactions, where a personal identification number (PIN) cannot be manually entered by the cardholder. It was instituted to reduce the incidence of credit card fraud. Unlike the card number, the CSC is deliberately not embossed, so that it is not read when using a mechanical credit card imprinter which will only pick up embossed numbers.

RFID skimming is a method to unlawfully obtain someone's payment card information using a RFID reading device.

Apple Pay is a mobile payment service by Apple Inc. that allows users to make payments in person, in iOS apps, and on the web. Supported on iPhone, Apple Watch, iPad, Mac, and Vision Pro, Apple Pay digitizes and can replace a credit or debit card chip and PIN transaction at a contactless-capable point-of-sale terminal. It does not require Apple Pay–specific contactless payment terminals; it can work with any merchant that accepts contactless payments. It adds two-factor authentication via Touch ID, Face ID, Optic ID, PIN, or passcode. Devices wirelessly communicate with point of sale systems using near field communication (NFC), with an embedded secure element (eSE) to securely store payment data and perform cryptographic functions, and Apple's Touch ID and Face ID for biometric authentication.

Bank Zero, registered with the South African Reserve Bank in 2018, is an exclusively digital mutual bank in South Africa. It offers banking to both individuals and businesses. Bank Zero joins other new banks in South Africa, such as TymeBank and Discovery Bank. Despite an original planned soft launch at the end of 2019, the bank is as of June 2021, conducting a closed rollout with beta testing, with a proposed launch date in mid-2021.

References

↑ Mike Bond; Omar Choudary; Murdoch, Steven J.; Sergei Skorobogatov; Ross Anderson (2012). "Chip and Skim: Cloning EMV cards with the pre-play attack". arXiv: 1209.2531 [cs.CY].
↑ Mike Bond (September 10, 2012). "Chip and Skim: cloning EMV cards with the pre-play attack". Cambridge Computer Laboratory Security Research Group. Retrieved 2012-10-01.

This cryptography-related article is a stub. You can help Wikipedia by expanding it.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Mike Bond; Omar Choudary; Murdoch, Steven J.; Sergei Skorobogatov; Ross Anderson (2012). "Chip and Skim: Cloning EMV cards with the pre-play attack". arXiv: 1209.2531 [cs.CY].

[2] Mike Bond (September 10, 2012). "Chip and Skim: cloning EMV cards with the pre-play attack". Cambridge Computer Laboratory Security Research Group. Retrieved 2012-10-01.

[1]

[2]