Mobile Payments: What is NFC Card Emulation Mode?

What is NFC Card Emulation Mode?

An NFC enabled device can operate in three different modes – reader/writer mode, peer-to-peer mode and the all important card-emulation mode.

In Reader/Writer mode, an NFC device behaves as a reader for NFC tags, such as the contactless smart cards and RFID tags. It detects a tag immediately in close proximity by using collision avoidance mechanism. Once detected, it can either read data from or write data to the detected tag. Smart posters are an important application for this mode.

In Peer-to-Peer mode, two NFC enabled devices can exchange information between each other. This is the mode used by Android Beam technology. Exchanging photos, business cards and money transfer between friends are some of the applications for this mode.

In Card-emulation mode, an NFC device behaves like a contactless smart card. In this mode, the mobile phone does not generate its own RF field; the NFC reader creates this field instead. So, as long a mobile platform supports the emulation of protocols surrounding ISO/IEC 14443 that regular contactless cards use, we should be good. Both Android and Blackberry does that and can therefore be used to emulate contactless cards. In this mode, we can use our mobile phone in place of credit cards, debit cards, transit cards, access cards and so on.

Mobile Payments Blog Series

Welcome to the Mobile payments FAQ and not so FAQ series and you are on FAQ #13. The idea behind this series is to share and learn as much as possible about the field of mobile payments. If you like, you can read all of the FAQs on the Mobile Payments category or by visiting the Table of contents page.

Mobile Payments: What is EMV?

What is a EMV?

EMV is defined by EMVCo as, “a global standard for credit and debit payment cards based on chip card technology”. It was named after its original developers – Europay, MasterCard and Visa. EMVCo is the organization that manages, maintains and enhances the EMV specifications.  Today, EMVCo is owned by American Express, Discover, JCB, MasterCard, UnionPay, and Visa. Other organizations from the payments industry also participate as technical and business associates from time to time.

EMV chip cards contain embedded microprocessors that provide strong authentication, security and cryptography features not possible with traditional magnetic stripe cards. In addition to storing payment information in a secure chip rather than a magnetic stripe, using EMV improves the security of a payment transaction by adding 3 important features:

Card Authentication:

Card authentication protects the payment system against counterfeit cards. Card authentication methods are defined in the EMV specifications and the associated payment network chip specifications. Card authentication can take place online, offline or both.

Cardholder Verification:

Cardholder verification authenticates the cardholder. Use of a PIN is a common cardholder verification method (CVM) that authenticates the cardholder and protects against the use of lost or stolen card. EMV supports Online PIN, Offline PIN, Signature and No CVM as part of its specifications. As mobile payments grow new CVMs, in the form of finger-print, voice and device PIN may also get added to the list

Transaction Authorization:

For an online transaction authorization, EMV supports the notion of a dynamic transaction cryptogram. The presence of the dynamic component completely eliminates replay style attacks. EMV supports both online authorization and offline authorization based on rules and risk-parameters set by the Issuer

The Contact chip cards and Contactless chip cards that we discussed in earlier posts can comply to the EMV specification and reap its security advantages. In fact, all of the contact and contactless chip cards in Europe are created using the EMV specification. At present, contact chip cards are in very limited use in US, but the good news is that they are migrating towards it and they are using EMV as the underlying specification.

In contrast, many US banks did offer contactless chip cards over the last few years. These cards did not follow the EMV specification. They instead used a complementary Contactless MSD specification which is an equivalent to regular magenetic stripe data, but a bit more secure. They chose to use MSD because US does not have the EMV infrastructure setup yet. As and when the migration towards EMV matures, these existing contactless MSD cards will also be migrated to Contactless EMV cards or that is what I think.

Mobile Payments Blog Series

Welcome to the Mobile payments FAQ and not so FAQ series and you are on FAQ #9. The idea behind this series is to share and learn as much as possible about the field of mobile payments. If you like, you can read all of the FAQs on the Mobile Payments category or by visiting the Table of contents page.

Mobile Payments: What is Tap & Pay?

What is Tap & Pay?

 

When we use a Contactless Card to tap on the Contactless reader to make a payment, instead of swiping a magstripe card, we are essentially using Tap & Pay technology. The same goes for any NFC enabled mobile device that support Card Emulation Mode – like Android and Blackberry. Tap & Pay is just a marketing terminology. You may also see it referred to as Tap-n-Pay, Tap to Pay, Tap & Go, Wave & Pay and so on.

Mobile Payments Blog Series

Welcome to the Mobile payments FAQ and not so FAQ series and you are on FAQ #8. The idea behind this series is to share and learn as much as possible about the field of mobile payments. If you like, you can read all of the FAQs on the Mobile Payments category or by visiting the Table of contents page.

Mobile Payments: What is a Contactless Chip Card?

What is a Contactless Chip Card?

Contactless chip cards are standard credit cards with an embedded contactless chip. Optionally, a MagStripe is also provided for backwards compatibility. These cards require no physical contact with the point-of-sale (POS) terminal. To make a payment, the consumer holds the contactless card in close proximity (less than 2-4 inches) to the merchant POS terminal and the payment account information is communicated wirelessly via Radio Frequency (RF).

Radio frequency waves are the frequencies within the electromagnetic spectrum associated with radio wave propagation. Many wireless communications technologies are based on RF, including radio, television, mobile phones, wireless networks and now, contactless payment cards and devices. Don’t confuse this RF with RFID technologies used in manufacturing, shipping and object tracking. Those are designed to operate over long ranges (in the order of 25 feet) and typically don’t have built in security and privacy. On the other hand, the contactless cards that are used for payments are desgined to operate at a short range and come built-in with security and cryptography capabilities.

In the image above, the logo marked on the right hand side represents the universal contactless symbol. If you see this logo on your credit card, you can be sure that it supports contactless payments. Similarly, POS devices that support contactless payments prominently display the same logo to advertise their capability for the same.

Typically, when you make a payment with contactless cards, you are not required to enter a PIN or autograph your signature. This is intentional because, one of the most touted value-add features provided by a contactless card is fast checkout times. Consequently, they are sometimes also referred to as Tap & Go cards.

In the context of mobile payments, when you use a NFC mobile device (like Android or Blackberry) to Tap & Pay at the point of sale, you are actually using the same underlying technology as the Contactless Chip Card. The NFC controller chip inside the mobile device is put into card-emulation mode. In this mode, the NFC chip behaves like a Contactless chip card thereby transforming your mobile phone into a contactless credit card.

Since mobile phones are way more powerful than a plastic card, they can hold as many cards as you want and the NFC chip will be able to simulate any or all of them. This essentially turns your mobile phone into a virtual mobile wallet. Now you know where the concept of Mobile wallets origintated from.

Mobile Payments Blog Series

Welcome to the Mobile payments FAQ and not so FAQ series and you are on FAQ #7. The idea behind this series is to share and learn as much as possible about the field of mobile payments. If you like, you can read all of the FAQs on the Mobile Payments category or by visiting the Table of contents page.

Mobile Payments: What is a Contact Chip Card?

What is a Contact Chip Card?

Chip cards are standard bank cards that are embedded with a micro computer chip instead of or in addition to a Magstripe. It is an evolution in our payment system that will help increase security and reduce fraud in a card-present environment. A cardholder’s confidential account data is more secure on a chip-enabled payment card than on a MagStripe card, as the former supports dynamic authentication, while the latter does not. This prevents fraudsters from easily copying account information and creating counterfeit cards.

In United States, MagStripe cards are more common-place although a migration towards chip cards is currently underway from all major card networks and Issuing banks. In UK, Chip cards, more specifically the Chip-and-PIN variety is ubiquitous while MagStripe cards are almost extinct.

This post explicitly discusses contact chip cards, which requires direct contact with the reader to establish communication with each other during a payment transaction. There is also a contactless chip card variant that we will discuss in the next post.

Contact Chip cards may come as Chip-and-PIN or Chip-and-Signature cards. Chip-And-PIN cards are used to verify the cardholder by asking them to enter a PIN during transaction authorization whereas Chip-and-Signature cards use traditional signature for cardholder verification. PIN is generally considered a more secure method of cardholder verification than Signature. But, the credit card platform in United States is not built to support PIN. So, you would generally see only Chip-and-Signature cards in US.

Mobile Payments Blog Series

Welcome to the Mobile payments FAQ and not so FAQ series and you are on FAQ #6. The idea behind this series is to share and learn as much as possible about the field of mobile payments. If you like, you can read all of the FAQs on the Mobile Payments category or by visiting the Table of contents page.

Mobile Payments: What is a Magnetic Stripe Card?

What is a Magnetic Stripe Card?

The most commonly available type of credit and debit card in the United States is a Magnetic Stripe or MagStripe card. As shown below, the black band on the back of your card is the magnetic stripe. It stores information by modifying the magnetism of tiny iron-based magnetic particles. The stored data can be read by swiping past a magnetic reading head, which is what you do when you swipe your credit card in a point of sale terminal.

Credit_Card_Mag_Stripe

The MagStripe holds your account information encoded in the form of Tracks – Track 1 and Track 2. They both hold similar information. Given below are some details.

 Track 1 Data:

  • Primary Account Number (PAN) – This is your credit card number
  • Name
  • Expiration Date
  • Service Code
  • Discretionary data – Contains CVV code among other data

 Track 2 Data:

  • Primary Account Number – This is your credit card number
  • Expiration Date
  • Service Code
  • Discretionary data – Contains CVV code among other data

Other than the fact that Track 1 stores your name while Track 2 doesn’t, there are a few other technical details associated with each which is not important for our discussion. Point of sale card readers read either Track 1 or Track 2 or both depeding on how they are programmed. Rest assured, information in either one of the tracks is enough to complete a purchase transaction.

Mobile Payments Blog Series

Welcome to the Mobile payments FAQ and not so FAQ series and you are on FAQ #5. The idea behind this series is to share and learn as much as possible about the field of mobile payments. If you like, you can read all of the FAQs on the Mobile Payments category or by visiting the Table of contents page.