Should I Use Contactless (NFC) Payment Cards?
This article was first published by Andrej Probst, an innovation manager, on Rozumy.sk, a technology blog covering innovation, management, banking and security.
Nowadays, almost all smartphones contain NFC (Near field communication) technology.
Contactless cards use this technology when they communicate with contactless payment terminals to exchange needed information and proceed with the transaction.
However, you can also do this by using your smartphone.
Let’s use an Android phone in our demonstration.
- First, we are going to install the Banking card reader NFC (EMV) from Google Play. (You may find many similar applications.)
- Next, Enable NFC on your phone and start the application.
- Then, place the card next to the phone and the phone will show us information in EMV format (Europay, Mastercard, Visa)
- Card Number
- Expiry date
- Card type - e.g. Master card, Visa card
- Type of application – For instance debit Mastercard
- Number of possible PIN retries
Details of the card
Last n transactions:
- Date of the transaction
Last n transactions of a card
The bank or the car manufacturer has the authority to decide what will be stored on the card. The data is usually regarding the latest translations. You use this data when you try to prove a claim.
How safe are contactless compared to contact cards?
Let’s look at how we use the contactless cards.
(We randomly chose $20 as the maximum amount allowed for PINless transaction.)
- Paying at a payment terminal by placing the card against the machine. If you want to access more than $20 will be required to enter your PIN.
- Withdrawing money from an ATM requires inserting the card into the machine and entering your PIN.
- Paying via the Internet requires your card number, expiry date and the CVV code.
Now, compare contact and the contactless cards in two scenarios.
Scenario 1: The thief has physical possession of your card
“Good” for him as he can pay up to $20 without needing to enter the PIN. Many banks set amount limits for PINless transactions. When you exceed this limit, you will be required to enter the PIN.
Without the PIN, the attacker can’t access your money via the ATM.
If the cardholder gets notified of this transaction, he can request to block the card.
Scenario 2: The thief accesses your card via NFC
In this scenario, the thief doesn’t have your card but scan it using NFC. (He will have to get really close.) He can get read your card number and the expiration date. Fortunately, doesn’t have CVV code, which is required for many online transactions.
The poor guy won't be able to access money from an ATM because he doesn’t have the PIN.
He might be able to know other information, for example, the time of the latest transactions. However, how is that information useful for a card thief?
What do you learn?
If you like and use classic contact cards, then you don’t need to be afraid of contactless cards. If someone manages to steal your card, you can lose the amount allowed for the transaction.
No worry If you're worried about people can copying your data via NFC, you can use a special casing which protects the card from electromagnetic signals. Even if someone manages to scan the info, he will still need the PIN number and/or CVV code. But please take note and contact and ask your bank to know the data left on your cards.
Did we answer your question? Please feel free to contact us and follow us on Twitter @TeskaLabs.
Photo credits: Depositphotos
Most Recent Articles
- From State Machine to Stateless Microservice
- Entangled ways of product development in the area of cybersecurity #3 - LogMan.io
- Entangled ways of product development in the area of cybersecurity #2 - BitSwan
- Entangled ways of product development in the area of cybersecurity #1 - Asynchronous or parallel?
- State machine miracle
You Might Be Interested in Reading These Articles
Want to Be a “Man in the Middle” of a Mobile Communication? It’s Easier Than You Think
Mobile are everywhere nowadays and a central part of almost everyone's lives. In fact, we are using them for everything - both for personal and business purposes. From streaming media entertains us on our way to work, to chatting with friends and family, to sending emails at work - mobiles are now effectively computers on the go. According to a study from Cisco, we are using mobile access more and more. And this trend will continue well into the future.
Published on October 25, 2016
Develop Secured Mobile Applications for Everything Going In & Out
Without a doubt, one of the biggest changes we are witnessing within the IT industry is that it has officially went mainstream. Whereas in the late 1990s and early 2000s, the idea of technology being so commonly and openly usable was simply a pipe dream, today just about anyone can jump onto a mobile application and get everything they need with a simple to use interface, and quick response to their queries and questions.
Published on April 28, 2015
5 Things You Need To Know About Securing Your Game App
The game industry is constantly evolving and growing on a rapid scale by each passing day. A significant part of this industry is mobile gaming. With huge advancements in mobile device technologies, gaming apps are on a high demand and so is their supply. One of the major reason behind this are the developers who are splurging millions of dollars in their time to market strategies. In all of this, the security of gaming apps takes a backseat, overlooked by developers in a haste a to launch their product before their respective competitors.
Published on November 08, 2016