Contactless credit cards are cards that use radio-frequency identification (RFID) for making secure payments. Contactless payment technology in credit cards such as MasterCard’s PayPass and Visa’s payWave uses RFID, and allows cardholders to wave their cards in front of contactless payment terminals to complete transactions.
Contactless payment cards all use the same protocol – EMV Contactless Communication Protocol Specifications (EMV CCPS) for communicating with Near Field Communication (NFC) enabled devices. Note, however, that EMV CCPS is used for the physical card-to-terminal communication, and is different from the proprietary payment transaction protocol.
Contactless payment technology allows transactions without requiring physical contact between the card and the terminal. The system uses Radio Frequency Identification (RFID), which allows the cardholder to wave the RFID card in front of a contactless payment terminal to complete a transaction.
The RFID chip in the credit card is not powered and relies on radio frequency (RF) energy transferred from the powered contactless payment terminal to the card in order to power the chip-on-card. Because contactless purchases do not require a signature or PIN entry, banks set a maximum purchase limit per transaction, typically $50.
Contactless payment cards do not use a universal protocol for payment transactions. Instead, each card brand defines their own proprietary protocol based on EMV principles. Meaning, a MasterCard PayPass reader cannot process transactions for Visa payWave cards. However, with the growing popularity of contactless payment cards, hybrid card readers have been developed.
Compared to chip-and-signature credit cards, contactless RFID cards are faster, more convenient, and more secure. They have the same protection as chip-and-PIN payments. When specifically tied to a smart phone, cardholders can use features such as payment history, virtual card provisioning, remote deactivation, and user-configured pin-protection. In addition, its tap-to-pay method allows for quick and convenient transactions, which is especially useful in transit venues.
Most smartphones today feature NFC capabilities and have apps that can read the data stored in contactless cards. There are open source software libraries for reading and extracting data from contactless cards, which can be used to build custom NFC apps. This availability and ease of use can be used against the cardholder. Armed with either a NFC enabled smartphone (and an app that reads contactless card data) or a dedicated RFID reader, attackers can brush against potential victims in crowded public spaces and wirelessly steal their credit card data—dubbed as "electronic pickpocketing."
The simple solution to prevent electronic pickpocketing is to put contactless cards in shielded sleeves that will block the RF energy required to power the chip on the card, but having to remove the card from the sleeve for quick transactions would negate the ease of use and contactless convenience that the technology promises.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.