Risks and potentials of using EMV for internet payments

Abstract

Existing payment smartcards developed for traditional point-of-sale transactions are being considered for use in Internet transactions. Such solutions have been suggested as alternatives to using payment protocols more specifically designed for Internet payments (such as SET [8]) but often lacking smartcard support. In this paper, we analyze EMV'96 [7], a representative example of an existing payment smartcard specification. We investigate which security requirements for an Internet payment system can and cannot be met when using EMV for Internet payments. We suggest possible modifications that can enhance the security of an Internet payment scheme based on EMV.