A new method that allows users to verify the transaction details (e.g., the amount being charged) and explicitly approve them on RFID enabled payment and transaction instruments.
RFID tags are commonly used as payment and transaction instruments (e.g., credit, debit, ATM and voting cards). In such settings, a malicious reader can easily mislead the tag into signing or authorizing a transaction different from the one that is communicated to, or intended by, the user. This is possible because there is no direct channel from a tag to its user (i.e., no secure user interface) on regular RFID tags and the only information a user gets (e.g., a receipt, or an amount displayed on the cash register) is under the control of a potentially malicious reader. Thus, it seems impossible for a user to verify (in real time) transaction details, e.g., the amount or the currency. This problem becomes especially important with current electronic credit cards.
UCI researchers have developed an approach to transaction amount verification that is designed to work with any RFID-enabled payment instrument. Its primary goal is to provide simple, secure and usable transaction verification at a Point-of-Sale (PoS).
RFID enabled payment instruments
This solution takes a proactive approach (instead of reacting to fraudulent transactions after they occur) and doesn’t allow any transactions to go through without user’s approval of its details (e.g, the amount for a credit card transaction). It is also important that users verify transaction details at the time of the transaction in our solution (not few days later).
|United States Of America||Issued Patent||9,443,240||09/13/2016||2011-299|