KIRAS Security Research

2013, bilateral Projects

3B3M

The recent increased use of contactless technology (NFC) for payments at the point-of-sale presents the police and the payment industry with new threat scenarios for criminal use. The looming diversity of these payment systems contributes its part to increase the attack potential on the basis of individual susceptibility to errors and requires a specific appearance against these new challenges on criminalistic side. By appropriatly supporting the management, visualization and knowledge of these activities, a proactive research of the risk potential and a consequent knowledge building should support deciding on the right measures, at best already in advance

Recent developments in the payment area have led to an increased use of contactless technology with NFC chip cards as well as NFC compatible devices. The use of such technology for credit/debit cards and the NFC operating distance of a few centimeters have opened up new approaches for criminal use. The police is faced with added complexity in their daily work. Moreover the diversity of such transaction systems increases the susceptibility of individual errors being exploited.
State-of-the-art of science and technology plays an important role in highlighting future threat scenarios and is essential to developing an appropriate understanding of the actions takenby offenders and to protect the citizens.
The research project is focused on three major themes:
The first one is covered by the concrete implementation of an information system to support the investigative work of the police. The capabilities and strengths (and limits) of such a system are examined in cooperation with partners in science, industry and criminology. The outcome will be incorporated in a dedicated software product (short: „EnReCo“), optimized for the needs of the police. The analysis of established payment systems and their infrastructure is a major activity within the research project. The components are examined to detect weak spots and identify the potential risk of fraud scenarios. A set of proof-of-concept applications will be developed during the practical work. These prototypes can then be used to demonstrate system vulnerabilities to terminal manufacturers and financial institutions and promote protective countermeasures.
Considering the results and the specific knowledge obtained in the preceding tasks, the know-how will be translated into guidelines, best-practice papers and training materials. Furthermore, the results constitute the foundation of the expert network. Additional meetings will be used to exchange expert knowledge and maintain social contacts.

Project leader
Dipl. Ing. Christof Kier, Research Industrial Systems Engineering (RISE) Forschungs-, Entwicklungs- und Großprojektberatung GmbH

Project partner
Research Industrial Systems Engineering (RISE) Forschungs-, Entwicklungs- und Großprojektberatung GmbH
Bundesministerium für Inneres und Bundeskriminalamt, Sektion I /Abteilung I/11, Büro für Sicherheitspolitik
Bundeskriminalamt (BK): Bundeskriminalamt, Abt. 7
TU Wien, Fachbereich Rechtswissenschaften
Karl-Franzens-Universität Graz, Institut für Soziologie
PayLife Bank GmbH
Erste Bank der österreichischen Sparkassen AG

Contact
Dipl. Ing. Christof Kier
Research Industrial Systems Engineering (RISE) Forschungs-, Entwicklungs- und Großprojektberatung GmbH
Concorde Business Park F
2320 Schwechat
Austria
Mobile: +43 664 60 8444 1070
Fax: +43 1 5057473
Email: christof.kier@rise-world.com
Web: www.rise-world.com

print