Tales of Contactless Payment Security & Privacy
Toolboxes of Formal Analysis and Ethical Hacking for Attacks, Fixes and Designs in Contactless Payments
This is a collection of research projects in electronic payments'
security and privacy. Our work began with the "Timetrust" project
(2019-2023) involving the University of Surrey, University of
Birmingham, Visa, Mastercard, and others, funded by the National Cyber Security Centre (NCSC)
We aim to enhance contactless payment security and privacy, generally by
analysing EMVco
specifications and reverse-engineering closed specs from Visa , Apple , and others. Our methods include experimental research, ethical
hacking, and formal verification tools.
Our goal is to reduce fraud and increase trust in payment systems through
responsible research, always prioritizing security and public safety.
HIGHLIGHTED PROJECTS
Payments Development
These are some EMV-compliant payment schemes we developed.
See details
Vulnerability Disclosures
These are some of the payments' vulnerability that we disclosed.
See details
Demos&Engagement
These are demos of pieced of work we have done.
See details
Standardisation
This is about our engagement with standardisation bodies.
See detailsIN THE MEDIA
PEOPLE
PARTNERS
*These developments are primarily due to the TimeTrust (Robust Timing via Hardware Roots of Trust and Non-standard Hardware -with Application to EMV Contactless Payments) funded by NCSC (National Cyber Security Centre) under the UK-RISE (UK )
Events
No upcoming events