Security plays a crucial role in payment systems; however, some implementations of payment card security rely on weak cardholder verification methods, such as card and a signature, or use the card without having any cardholder verification process at all. Other vulnerable implementations of cardholder verification methods suffer from many security attacks, such as relay attacks and cloning attacks. In addition, the impact of these security attacks is high since they cause monetary losses for banks and consumers. In this paper, we introduce a new cardholder verification method using a multi-possession factor authentication with a distance bounding technique. It adds an extra level of security to the verification process and utilizes the idea of distance bounding which prevents many different security attacks. The proposed method gives the user the flexibility to add one or more extra devices and select the appropriate security level. This paper argues that the proposed method mitigates or removes many popular security attacks that are claimed to be effective in current card based payment systems, and that it can help to reduce fraud on payment cards. Furthermore, the proposed method provides an alternative verification technique and enables cardholders with special needs to use the payment cards and make the payment system more accessible.

• 出版日期2015-10
• 单位北京师范大学