EMV Relay Attacks

[Papa Carder]

What Are EMV Relay Attacks?​

EMV relay attacks, also known as NFC relay attacks or Mafia fraud, are a type of man-in-the-middle (MitM) exploit targeting contactless payment systems based on the EMV (Europay, Mastercard, and Visa) standard. These attacks exploit the assumption of physical proximity in contactless transactions, where cards or devices communicate via Near Field Communication (NFC) over short ranges (typically up to 10 cm, as per ISO/IEC 14443). In a relay attack, adversaries use proxy devices to intercept and forward signals between a victim's card (or mobile wallet) and a legitimate payment terminal, effectively extending the communication range — potentially across cities or countries — without the victim's knowledge. This allows unauthorized transactions, such as wireless pickpocketing, while bypassing security features like cryptograms (e.g., ARQC) that rely on direct interaction.

Unlike skimming (which copies static data) or replay attacks (which reuse captured data), relay attacks occur in real-time, relaying live protocol messages without altering them. They are particularly effective against contactless EMV because the protocol does not inherently measure or enforce strict timing or distance bounds in older implementations. Demonstrations have shown relays over long distances, like from New York to Birmingham, using off-the-shelf hardware like NFC-enabled phones and routers.

How EMV Relay Attacks Work​

A typical relay attack involves two attackers (often called "proxies" or "moles") and follows these steps:

1. Setup: Attacker A positions a rogue NFC reader near the victim's contactless card (e.g., in a pocket or wallet) without physical contact. Attacker B is at a legitimate point-of-sale (POS) terminal or ATM.
2. Interception and Relay: When Attacker B initiates a transaction at the terminal, signals are relayed in real-time via a communication channel (e.g., Bluetooth, Wi-Fi, or cellular data) to Attacker A's device. Attacker A's reader activates the victim's card, captures responses (e.g., EMV commands like SELECT AID or GENERATE AC), and forwards them back to the terminal.
3. Execution: The terminal processes the relayed data as if the card were physically present, generating cryptograms and completing the transaction. The victim remains unaware, as no PIN entry or approval is needed for low-value contactless payments.
4. Variants:
   • Ghost Tap Attacks: A subset where the relay mimics a "tap" on a mobile wallet, often targeting apps like Apple Pay.
   • Collusive Relay Attacks: The terminal (reader) colludes with the relayer, ignoring proximity checks — possible if the reader is compromised by malware.
   • Extended Range: Attacks can extend NFC range up to 50 cm using amplifiers, or further with digital relays.

These attacks exploit EMV's half-duplex communication and lack of robust distance verification in legacy systems, making them feasible with cheap hardware (under $100).

Vulnerabilities in EMV Systems​

• Proximity Assumption: Contactless EMV relies on short-range NFC, but relays bypass this without triggering errors.
• Timing Delays: Relayed messages introduce latency, but early EMV versions did not enforce strict round-trip time (RTT) limits.
• Weak Authentication Flows: Static data or predictable cryptograms can be relayed without detection, especially in offline modes.
• Target Systems: Common in public transport POS, ATMs, and retail terminals using EMV Contactless (e.g., Visa payWave, Mastercard Contactless).
• Real-World Impact: Attacks have been demonstrated on cars, passports, and payments, leading to fraud where victims are held liable if PIN is "used" (though relayed).

Mitigations and Countermeasures​

EMVCo, Visa, and Mastercard have introduced protections, though adoption varies. Key strategies include:

• Distance Bounding Protocols: Measure RTT to ensure the card is within proximity. Newer EMV specs (e.g., EMV Contactless Kernel) enforce tight timing bounds (e.g., <1 ms for responses) to detect relays.
• Relay-Resistant Protocols:
  • Visa Relay Protection: Uses application-level checks and dynamic data.
  • Mastercard Relay Protection: Similar, with proposals like L1RP (Layer 1 Relay Protection) for low-level timing verification.
  • Enhanced EMV Specs: Incorporate proximity-checking mechanisms, assuming honest readers, but extensions address collusive scenarios.
• Dynamic Data Authentication (DDA): Generates unique keys per transaction, making relayed static data useless.
• Real-Time Fraud Detection: Monitor metadata like device location, transaction velocity, or anomalies (e.g., mismatched geolocation) using rules engines.
• Hardware and User Measures:
  • RFID-blocking wallets or sleeves to prevent unintended activation.
  • Transaction limits for contactless payments (e.g., $50-100).
  • Malware-resistant terminals and secure elements in cards/devices.
  • Biometric authentication in mobile wallets (e.g., fingerprint for Apple Pay).

As of 2026, while relay attacks remain a threat, updated EMV standards (e.g., EMV 2nd Gen) and widespread adoption of timing-based protections have reduced vulnerabilities in compliant systems. For full security, combine protocol-level fixes with behavioral monitoring.