VIRTUALIZATION OF CONTACTLESS PAYMENT VIA NFC

VIRTUALIZATION OF CONTACTLESS PAYMENT VIA NFC

INTRODUCTION

Money have been remarkable for all the society in the different cultures , [1] it is not clear when or where exactly is the foundation of this activity. Even though ,there are some clues about 4000 years ago, which tell us, the use of some valuable object in order to trade goods ;and today ,we still using it word wide with some differences .

Differences based in technology , innovations that make some activity faster and easier than before; and furthermore , with the rapid growth of internet that gave us a different perspective of communication. Massive databases , supported by powerful hardware , software and infrastructure have been increasing the development of new services, such as e-commerce or online payments . However , the technology keep working to improve activities related to payments and easy way to manage amounts of money in a really secure and efficient way .

In the 80s and 90s, the world became familiar with credit and debit cards ; people accepted because it was easy to use , usually secure and very practical. But right now we are facing a new step in the evolution of this area . Engineers and developers are introducing a contactless cards in order to make even faster any transaction based in radio frequency technology , and last but not least, is the virtualization of the physical card to the server and as a interface for it , the daily smartphone used for all of us today.

TABLE OF CONTENTS

INTRODUCTION
1. DESCRIPTION
1.1 RFID
1.2 NFC
2. APPLICATION
2.1 CONTACTLESS
3. SECURITY
4.IMPACT
4.1 ETHICAL
4.2 LEGAL
4.3 ENVIRONMENTAL
4.4 ETHICAL DILEMA
5.CONCLUSION
6.REFERENCES

1. DESCRIPTION

The virtualization of contactless payment had started with the manipulation of the radio frequency in order to monitoring packages in a line production system .

1.1 RFID:

RFID stands for as Radio Frequency Identification , in other words uses radio waves to communicate and identify objects [2] . This technology is based in two points , a reader and the tag . Usually the tag is passive , due this , the power supply is given by the reader using electromagnetic induction . When the chip of the device is energized by the radio wave , the system transmit a signal with an identifier , an specific and unique number and some other information related to the object and processed by the system .

This wireless technology has a multiple application . It started just as a control in a manufacture process line and storage ; but nowadays ,RFID is going further than this, for instance :

• Students or employees identification .
• Transportation cards (Oyster cards).
• Human Implants chips
• Animals Identification(lost pets identification – tracking migration)
• Credit / debit cards
• Libraries books control
• Warehouse storage control
• Manufacture control
• Marketing

1.2 NFC:

Mobile technology has been improved dramatically , process capabilities , new functions and stronger security services . Applications focused in a friendly and easy environment , faster , practical and secure [4].Characteristics that NFC provides .

Near Field Communication (NFC) is a short range protocol for mobile devices, based in radio frequency communication (13.56MHZ – 424 Kbps) triggering the event to users for starting any application locally or online .There are three possible services[5] : reproduce capabilities of a card (emulation) , RFID reading device , and P2P mode communication(peer to peer).

nfc_2Fig 1 NFC categories [5]

Also here are a lot of applications in the market , massively focused in payment and banking (touch and go) , tickets for events (touch and confirm) , RFID or access control , connectivity (touch and explore) , marketing with loyalty vouchers or download links (touch and connect).

Table 1 [5] shows the differences between RFID and NFC , that in the basis are the same but for final user and application is quit different. However, NFC has been established as a connector between user and the applications , with some advantages , such as : similar interface for all mobile devices , no setup needed , no drivers installation and massive compatibility and possibilities .

nfc_3

Table 1: Differences RFID vs NFC

2.APPLICATIONS

2.1 CONTACTLESS:
Recently developers have been developed a card emulation as new banking path, available for mobile devices , emulating the contactless card payment process .The system pretend to use the RFID technology to mask the information of the credit or debit card , and make a safe , fast and easy transaction directly with the server via 3G/4G mobile data.

Currently some companies such as VISA, has their own applications . However, Apple with “IPay” and Google with “Google Wallet” are leading because they let user store more than one credit card information .

Basically the system [6]starts purchasing a product or service in a store with a mobile device previously configured .The store provides the NFC contactless service (reader) for make the transaction ; then , the device should be close enough to the reader to confirm the payment , after that, the transaction protocol is the same for traditional type of payments , retrieving information of the card and user and wait to confirm the transaction.

nfc_4Figure 2 : Contactless system [6]

3. SECURITY

Due NFC technology is wireless and contactless is quite vulnerable , in other words any RFID tag is designed for send the information inside the chip , no matter who is the source .
Based in this , contactless card of some banks in United Kingdom have been attacked , [7] in 2012 , channel 4 exposed a massive failure in the system for Barclays contactless Cards , it was possible with a reader close enough (mobile with NFC technology App) , to steal all the sensible information of the card , (for instance : Name , card number , expiration date ) . Also they used successfully this information for purchase some items in Amazon without the security code behind the card. So the information could be stolen and the customer will not be realize when it happened.

The BBC [8] stated, some vulnerability about the distance for reading the tag , it supposed to be less than 10 cm but they could read the credit card information in approximately 45 cm. Even though the landscape is blur , the companies feel comfortable due the small proportion of fraud of this kind , less than £14.000 in 2012.

Visa have been encourage to guarantee safe transaction worldwide [9] ; one of the changes were security improvements with unique cryptograms ,as well as a maximum of £20 per transaction in case of fraud, However , engineers of New Castle University founded before criminals , a flaw of the system , if the change the currency for instance American dollar , they can make transaction with bigger amounts of money .

There are a big concern for Londoners who use TFL Oyster Card , because the transportation card use the same technology and now is possible to pay with contactless card in the TFL system as well ; sometimes the system take the payment in both cards without asking the customer to choose [11].

IN summary contactless payment still growing up , last year 5.4 million contactless transaction in the UK with more than 232000 reader across , but people don’t feel 100% comfortable and secure using it .

4. IMPACT OF NFC IN CONTACTLESS PAYMENT

4.1 ETHICAL
Since the global uses of RFID , there are several concerns about privacy ; some authors like Liz McIntyre with the book “Spychips: How Major Corporations and Government Plan to Track Your Every Purchase and Watch Your Every Move” , stated ,that is possible track people without their concern. So, in our context is easy to find tags (rfid) in the majority of items we have at home , but some of them we use in a daily basis . If this tags are designed to be read , it is possible to be tracked when some reader is close , because every tag has a unique number and should be associated with your details when you purchased . Is quite easy to predict that you are using something that you buy it .

Recently RFID card are used to track people attendance at universities , [12] schools and jobs ; in some cases to track all the behavior of the tag : such as time and place in the premises, for example in a Texas School .,student Andrea Hernandez denied to were the badge because she felt threatened because she can not turn it off as a smartphone and also due some religions beliefs, she said she was wearing the “mark of the beast “.

Another ethical approach is based in how professional address some fault of the NFC and contactless technology , as mention; some Engineers in New Castle discover an important flaw in VISA app contactless payment, but they sent some notification to the company and the media as well in order to be professional and ethic , a good example of this is [16] Mythbusters ,a Tv show that wanted to dedicate a episode to uncover the vulnerability of RFID and contactless , but for “some reason” companies like Visa and American Express influenced Discovery Channel to ban the episode . Instead of this , some other professional or hackers keep the secret and use for themselves; they create antennas , readers and software to break the encryption to clone cards, for instance transits card for travel free inside a the system, or create mobile apps to read the contactless information of contactless card .

4.2 LEGAL:

There is a big issue about location and privacy concern of sensible data for application using NFC and contactless payment . Apple has been developed a secure way to make transactions over the mobile device (Iphone , Ipad , Apple watch) ; the company based the security , locating all data in a dedicated chip , with encrypted information related to the transaction, and this data wont be stored in Apple servers. Beside this , every transaction data will not be shared with third parties companies [13].

4.3 ENVIRONMENTAL :
In my opinion in a short term all the cards will be virtualized inside the mobile device , so the manufacture of cards around the world will decrease dramatically the production of pvc , material used for contactless cards , including banking , transportation and identification cards. Due the health effects in humans and complex ways to dispose and recycle would be a positive impact if NFC technology eliminate the uses of Polyvinyl Chloride (PVC)[14].

4.4 SOCIAL IMPACT
Fingerprint are unique for each human being , due this, Google (Android) and Apple are using it as identity check before confirm a transaction . However,[15] there is a concern about security and privacy of this sensible information . It is not possible to know , if companies will address some marketing campaigns for our profiles wit all data collected in every transaction .
NFC applied for contactless payment is quit recent ,people don’t feel safe enough for use it for every transaction.

4.5 ETHICAL DILEMA
The main question for final users is always to trust or not to trust in providers such as Apple or Google. Give them sensible data , let them control all of our finance information and all data behind transactions ,is not easy .Indeed, is quite daunting to realize that, in this century all of our activities are related to new technology applications and more and more complex every day controlled by few , and stored in some unknown places.

In the other hand , people use to be concerned about privacy using items with RFID because it could be read and tracked without notice ,but nowadays , all smartphones are tracking us usually after accept some terms and conditions of the app . So , the dilemma is accept terms and conditions of the provider or don’t use the technology .

5. CONCLUSION

The virtualization of contactless payment , is a technology growing up and still adapting to new challenges of security . New ways for encryption ,fingerprint identification and dedicated chip to store sensible information is a good beginning in a long way to show to the people a secure , easy to use and fast way to do transactions.

6. REFERENCES :

1. BBC News Business , “A brief history of money”.Internet: http://www.bbc.co.uk/news/business-18827269.18 July 2012
2. A Novel Scheme for Mobile Payment using RFID-enabled Smart SIMcard
3. RFID Based Mobiles: Next Generation Applications ,
4. 1. W. Chen, G.P. Hancke, K. E. Mayes, Y. Lien, J.-H. Chiu “Using 3G Network Components to Enable NFC Mobile Transactions and Authentication” , International Workshop on Near Field Communication 2010.
5. “NFC is the double-click in the internet of the things”, 3rd Workshop on RFID Systems and Technologies
6. Khalid Mohammad , ” Payment or other transaction trhough mobiledevice using NFC to access a contactless transaction card “,United States Patent Application Publication , May 22 , 2014.
7. Channel 4 News , “Millions of Barclays card users exposed to fraud”. Internet: http://www.channel4.com/news/millions-of-barclays-card-users-exposed-to-fraud . 23 MARCH 2012.
8. BBC News , “Contactless payment data can be picked up at a distance” .Internet: http://www.bbc.co.uk/news/technology-24743920, 30 October 2013 .
9. VISA EUROPE , “Visa Contactless FAQs” Internet: http://www.visa.co.uk/products/visa-contactless/faqs , 2014.
10. BBC News , http://www.bbc.co.uk/news/business-29861514. Internet : http://www.bbc.co.uk/news/business-29861514 , 1 November 2014.
11. BEN ELLERY “How 30million ‘wi-fi’ credit cards can be plundered by cyber identity thieves exploiting contactless payment technolog”, Daily Mail News . Internet: http://www.dailymail.co.uk/news/article-2334468/How-30million-wi-fi-credit-cards-plundered-cyber-identity-thieves-exploiting-contactless-payment-technology.html , June 2013.

12. BBC News , “Pupil Hernandez, who refused to wear RFID, loses appeal” .Internet: http://www.bbc.co.uk/news/technology-20957587. January 2013.
13. Apple Pay , “Your wallet.
Without the wallet” Internet:https://www.apple.com/apple-pay/.2013.
14. European Commision . “Polyvinyl Chloride (PVC)”. Internet: http://ec.europa.eu/environment/waste/pvc/ .October 2014.
15. Leala Padmanabhan , “Biometrics in smartphones need more control – ex-GCHQ boss” BBC News Politics .Internet : http://www.bbc.co.uk/news/uk-politics-30211238 . November 2014.
16. cIickNEXT’s channel ,Dec 26, 2011,”Mythbusters Banned From Talking About RFID By Visa and Mastercard / TPTB”

retrived from : https://www.youtube.com/watch?v=Y8TZc_gALVw.

Mauricio Silva

Leave a Reply