Submitted:
22 January 2026
Posted:
23 January 2026
You are already at the latest version
Abstract
Adversaries can extend the communication distance of contactless systems with relays to make unauthorized transactions. Contactless payment systems are becoming increasingly vulnerable to relay attacks. We describe how attackers may use low-cost devices to conduct relay attacks and present a new application-layer software defense. Using Round Trip Time (RTT), our software defense detects relay attacks with 100% success in more than 10,000 trials; at the same time, it provides a false positive rate of less than 0.86%. Unlike many hardware-based defenses, our defense is easy to deploy and increases transaction time by no more than 0.22 seconds, so users will see little, if any, degradation in performance. Our results show there are serious vulnerabilities in the contactless payment systems and we provide a viable and practical way to prevent relay-based fraud.
Keywords:
contactless payments
; NFC security
; relay attacks
; EMV contactless
; application-layer security
; proximity authentication
Copyright: This open access article is published under a Creative Commons CC BY 4.0 license, which permit the free download, distribution, and reuse, provided that the author and preprint are cited in any reuse.
