This work addresses critical security vulnerabilities in the Visa/Mastercard open-loop EMV contactless payment systems. We systematically identify and empirically validate seven distinct attack vectors spanning the application selection, cardholder verification, and transaction authorization phases. Leveraging protocol reverse engineering, NFC side-channel analysis, compliance verification against ISO/IEC 14443 and EMV specifications, and a custom-built near-field experimental platform, we conduct the first cross-protocol security comparison of these two major international payment standards and establish a structured attack taxonomy. All attacks are confirmed feasible on commercially deployed terminals, revealing multiple previously undisclosed protocol flaws. Our findings provide empirical evidence to inform EMV standard evolution and terminal security hardening. We further propose a layered, implementable defense framework grounded in our experimental results.

The widespread adoption of EMV (Europay, Mastercard, and Visa) contactless payment systems has greatly improved convenience for both users and merchants. However, this growth has also exposed significant security challenges. This SoK provides a comprehensive analysis of security vulnerabilities in EMV contactless payments, particularly within the open-loop systems used by Visa and Mastercard. We categorize attacks into seven attack vectors across three key areas: application selection, cardholder authentication, and transaction authorization. We replicate the attacks on Visa and Mastercard protocols using our experimental platform to determine their practical feasibility and offer insights into the current security landscape of contactless payments. Our study also includes a detailed evaluation of the underlying protocols, along with a comparative analysis of Visa and Mastercard, highlighting vulnerabilities and recommending countermeasures.