In our 2022 IEEE S&P work, we developed a relay-protection mechanism designed to “live” below EMV, at the ISO/IEC-14443 layer, so it can protect any application built on top of proximity contactless protocols. The idea and early development story is described here.

The essence.

---

In 2022, this work progressed to **ISO/IEC standardisation**. A project was opened to amend **ISO/IEC 14443** so that relay protection can be supported natively in the standard. The ISO/IEC amendment project opened with **Ioana Boureanu** as **project lead and editor** of the amendment.

Three years on.

---

Three years later, the relay protection has been **implemented (in part)** in **ISO/IEC 14443-4** via **S(PARAMETERS)**.

The mechanism is defined as a set of 8 commands, of which 4 are obligatory.

Testing specifications by ISO/IEC are also in progress.

Why it matters.

---

This is not “payments-only”.

Because ISO/IEC 14443 underpins any proximity-contactless application, this relay protection can serve everything that sits on top of the stack, including:

• access control,

• transport ticketing,

• identity credentials,

• payments.

Standardisation status.

---

The amendment is currently at **DIS (Draft International Standard)** stage, i.e., in the ISO member enquiry phase.

Expected publication.

---

If the process continues as planned, the amended relay-protection mechanism is expected to be published as a full ISO/IEC standard in **2026**.