RFID in Contactless payment Systems

In the fifth article in my RFID Mini-Series, we will look at how we all use RFID almost every day without even knowing it. RFID tags that we carry around with us wherever we go and a technology that has become so mainstream we do not even notice its convenience as it simply works, that is contactless payments.

If you of a certain age like me, cast your mind back to the 1980’s, paying on plastic was mainstream, but very much a manual process, a print of your card was taken or a record of a magnetic strip and you were asked to sign your name on the docket. In simple terms, those were used as a pseudo cheque, your card details and your signature used as a guarantee of the transfer of funds.

In 1986 the French bank Carte Bancaire issued cards with a chip, and so started chip and pin cards, technology still in use today, the chip is read by the card machine, you enter your pin which is matched securely through a connection to the payment processing systems. Of course, this made life much easier, no more signing your name, simply enter your pin.

During this time, RFID technology was still very much in its infancy, however, it was developing rapidly. In 2004 banks in the USA started to integrate RFID technology into bank cards making contactless payments possible through a tap of your card. In 2007 Barclaycard in the UK introduced the technology into their credit cards, and in 2008 Visa, Mastercard and American Express adopted it in all cards and so the spread of contactless payments started.

We now take this for granted, the ease of tap and go payments, especially with the limits being gradually increased overtime as the banks trust the technology.

What is the RFID technology in contactless payment cards?

The RFID technology used in contactless payments is a form of High Frequency RFID commonly known as NFC, there is nothing really special about it. The NFC tag is of the same technology as any other high frequency tag. My card from Natwest uses Mifare Plus, a high frequency RFID with the NFC layer adding memory to the tag. Fields are created in this memory to store the data needed to make the electronic transaction.

How to Read your own debit card

Download NFC Tools to your mobile from the app store. Interestingly the Apple version of the app and all other NFC apps available appear to block the reading of debit cards. However, this process works on Android and all other NFC readers.

Tap your card

The NFC reader in your phone will read the details (redacted in this image) from the tag and show all the fields in its memory. These will be read and shown on screen.

Can I make my own copy of a card with this method?

It is a very common question; can I simply copy the NFC tag of my card onto another NTC tag and use it as a payment method. Clearly the question really is, can one clone someone else’s card onto a tag and use it.

The answer is somewhat complex, in simple terms, yes of course you can, you can read the field names on the tag, you can read the data in the fields, therefore you can copy it from one tag to another. However, these type of NFC tags are not as simple as that and the data you are seeing is part of a cryptographic algorithm used for authentication, and as such unless you know that algorithm, the cryptography used and any keys you can copy the data but not create a working clone.

The biggest ‘danger’ with contactless payments is known as ‘skimming’ where criminals make an apparent authorised contactless payment by holding a portable payment terminal close to a card in your pocket while in a crowd. With the contactless limit in the UK now up to £100 per transaction, it is more common than you may think, but there are ways in which you can protect yourself. Simple things like don’t keep your card in your back pocket where you can’t see it, but using an RFID blocking wallet, which puts your card into a faraday cage and thus preventing reading is the most reliable way to beat the fraudsters.

Why is NFC technology is important?

We all know that contactless payments have not stopped at us tapping our plastic on a card reader in stores. In 2011 Google introduced Android Pay followed by Apple introducing Apple Pay in 2014 starting the full introduction of RFID technology in smartphones.

Those RFID readers in Smart Phones, and actually the NFC technology allows the hardware in your phone to be both a ‘tag’ and a reader, hence you can read the details from your card, but also ‘broadcast’ details to a card reader using your Google or Apple pay. The NFC protocol allowing small amounts of data to be transferred between two devices.

This technology adds a layer of protection since biometrics are required to make a payment and is likely to be the future of all debit and credit card payments in the future, with physical plastic cards being phased out.

This is enabled by RFID. Unknowingly we all carry a High Frequency RFID reader around in our pockets every day, and many RFID tags in our wallets through debit cards, bus passes, tube passes and access identity cards.

The introduction of High Frequency technology in payment systems and the adoption of it by the main smartphone manufacturers is the single biggest move forward for RFID technology.

With those readers commonly in the hands of millions of users we can adopt the same technology to do many other things without the need to purchase thousands of pounds worth of RFID Readers and software, from asset management systems to inspections and delivery of interactive smart products.

Stay tuned over the coming weeks and months, as we will be looking at more real-world applications for RFID technology, giving some case studies where it has been both successfully, and indeed, unsuccessfully used.

If you would like to discuss how RFID technology can directly lead to productivity and efficiency improvements, providing a positive return on investment to your business, please do reach out to me and send DM, I welcome discussions with anyone on the subject and will offer help and advice where I can.