Who Pays Whom? Anonymous EMV-Compliant Contactless Payments

EMV is the de-facto worldwide payment system used by Mastercard, Visa, American Express, and such. But despite its widespread adoption, in-shop EMV contactless payments are not anonymous or private: the payers’ long-term identification data leaks to merchants or even to observers.

This isn’t just a design oversight. Regulations like Anti-Money Laundering (AML), Know Your Customer (KYC), and Strong Customer Authentication (SCA) are essential for preventing fraud and illegal activity - but they also severely constrain how much privacy we can build into payments. Threading the tightrope of AML, KYC and SCA regulations, we provide two privacy-enhancing, EMV-compatible, law-abiding and practicable contactless-payments protocols: PrivBank and PrivProxy.

We do not use privacy-enhancing technology, like homomorphic encryption, that would break backwards-compatibility with current EMV, but rather we do privacy by engineering design, adhering to the existing EMV infrastructure, as is. So, PrivBank and PrivProxy provably achieve strong notions of payers and merchant privacy, anonymity and unlinkability as seen in e-cash or shopping vouchers, whilst being implementable in EMV as it stands.