I became interested in card payment technology during my time Japan, when my fiancée gave me a PASMO card. PASMO is a contactless card that uses RFID technology. I will talk more about that in a bit. I found these cards to be interesting for a few different reasons. First being that we still do not have them in America. Second, because they are very convenient and can save you a lot time when it comes to buying train tickets and other things. Third, because I found it to be somewhat ironic that this replacement method for paper tickets is now slowly being replaced by smartphones using NFC technology.
So, how these cards work is that they have a RFID or radio frequency identification chip and an antenna inside them, which emits radio waves. During the payment process, these chips interact with point-of-sale (PoS) terminals called RFID readers. The readers receive a signal from the card, which contains the credentials that is needed to verify that funds are available and so on with the rest of the payment process…
So when it comes to RFID security, many people worry about RFID skimming, which is where someone walks around with a RFID reader to receive the signals that are emitted from the cards and use that stolen information to make fraudulent purchases. Take what I am about to say with a gain of salt, but I have not been able to find any official reports from law enforcement about RFID skimming. But if you are worried about it, there are special sleeves and wallets that you can buy that will suppress the signals, which prevents the cards from being able to communicate with readers.
In America, most people are familiar with magstripe debit and credit cards. Magstripe, also known as magnetic stripe cards, use modified iron-based magnetic particles to store data that is necessary for completing transactions. The issue with magstripe cards is the lack of security. It mainly relies on the magnetic stripe on the back on the card for security, which was pretty easy for thieves to exploit by attaching card skimmers to ATMs, gas station pumps, and other unattended point-of-sale terminals. Another flaw with magstripe is that they are extremely easy to clone/duplicate stolen credit and debit cards.
But now, most if not all credit and debit cards within the United States use EMV chips. EMV stands for Europay, Mastercard, and Visa, which are the companies that developed both the hardware and software for the cards and terminals. EMV is the new standard in card payment technology and defines what kind of hardware, software, and security protocols can be used.
Here’s why EMV is more secure than magstripe. First off, EMV addressed the counterfeit issue that plagued magstripe cards by making it close to impossible to clone/duplicate it. This is achieved by using cryptographic card authentication during the payment process that protects the merchant and issuer from accepting counterfeit cards.
And then we have encryption. So, during the payment process, EMV chips create a new encrypted code that contains the credentials necessary to complete the transaction. This is sent to the terminal, decrypted, and so on with the transaction. What makes this a massive improvement over the magstripe’s process is that even if someone was able intercept the encrypted code, that code is useless for anything other than that one transaction. Whereas with magstripe, the information sent during the transaction process is the always same every time.
Now let’s look at NFC technology, also known as Near-Field Communication, and how it works with smartphones to make a payment. At the beginning, I had mentioned how NFC technology was slowly replacing the RFID contactless cards in Japan. This is due to convenience more than anything else. Like when it comes to buying a train ticket, you still need to access a terminal in order to add funds to your IC card. But you can avoid time consuming and mindless task by using your smartphone and linking SUICA, which is another IC card, to Apple Pay.
So, what NFC does is that it allows two devices to communication when they come in contact with each other. So, when it comes to making a purchase with your smartphone or smartwatch, the process might vary depending on the application that is being used because each company, Apple, Google, Samsung, etc. has their own way to handle security that allows you to make a purchase. Once you enable your device, all you need to do is tap your smartphone or smartwatch to the point-of-sale terminal.