In our earlier work on EMV security, we introduced PayBCR and PayCCR, two protocols designed to provide relay protection at the EMV application layer by equipping the Point-of-Sale (PoS) terminal with lightweight cryptographic capabilities.
These protocols were first presented at Financial Cryptography 2019 in
“Security of Contactless Payments: Relay Attacks and Cryptographic Countermeasures”.

Both PayBCR and PayCCR maintain EMV compatibility while enhancing the PoS’s role in authenticating the transaction context.
Mastercard viewed these schemes as promising pathways for strengthening EMV without changing card hardware.

The Essence.

---

PayBCR (Binding Cryptographic Responses) ensures that EMV cryptograms produced by the card become cryptographically bound to terminal-generated challenges.
This prevents attackers from reusing valid ARQCs or relaying card responses obtained from a remote environment.

PayCCR (Cryptographic Cardholder Verification) extends this integration, allowing PoS-cryptography-assisted verification of cardholder-related data, again in a way that prevents relay-based manipulation or context shifting.

In both protocols, the PoS becomes an active cryptographic participant, generating signed or MACed values that the card incorporates into its EMV computation.
This makes terminal state and timing part of the authenticated transcript.

Cryptographic Analysis.

---

A dedicated cryptographic analysis (ACM WiSec 2020) demonstrated that:

• PayBCR and PayCCR achieve relay resistance by binding PoS state and freshness to card-generated EMV cryptograms.
• Under standard PRF/PRP assumptions, adversaries cannot forge PoS contributions or precompute valid EMV tokens for altered contexts.
• The security improvements require no changes to cards, only PoS firmware/hardware updates.

This work provided the provable security foundations for deploying cryptography-enabled PoS as a scalable EMV enhancement.

Symbolic (Dolev–Yao) Analysis & Implementation.

---

A subsequent Dolev–Yao formalisation (ACM CCS Workshops 2020) modelled the protocols under a fully adversarial network capable of arbitrary message manipulation and replay.
The analysis confirmed:

• No valid attack trace enables a relay attacker to pass EMV authentication.
• Terminal-generated contributions cannot be forged, replayed, or substituted.
• The protocols eliminate downgrade paths to unsecured fallback modes.

Alongside this analysis, we built the first practical implementation in collaboration with Consult Hyperion, using TPM 2.0 to secure PoS cryptographic operations.

The prototype showed:

• EMV-compatible performance (well within PoS timing constraints).
• Secure storage and signing of PoS state inside the TPM.
• Feasible migration path: merchants upgrade PoS devices while cards remain unchanged.

Reception.

---

The PayBCR / PayCCR line of work received positive engagement from Mastercard, who considered PoS-side cryptographic enhancement a viable direction for future EMV evolution.

The PayBCR was also implemented in a product of Consult Hyperion called CardCracker, used for EMV testing, development and measurements.

The combination of provable security, symbolic verification, and a working TPM-based implementation demonstrated a deployable, industry-compatible anti-relay solution.

O

Further reading.

---

More can be read at
”Security of Contactless Payments: Relay Attacks and Cryptographic Countermeasures”
by Ioana Boureanu, Tom Chothia and Liqun Chen, published at Financial Cryptography and Data Security 2019.

Further cryptographic guarantees are analysed in
”Security Analysis of EMV with PayBCR/PayCCR”
by Ioana Boureanu, Sam Ivey, Liqun Chen, published at ACM WiSec 2020.

A symbolic Dolev–Yao treatment and a TPM-based implementation are described in
”Symbolic Verification and Practical Implementation of Relay-Resistant EMV Protocols”
by Ioana Boureanu, Tom Chothia, Alexandre Debant, and Stephanie Delaune, published at the ACM CCS Workshops 2020.