Do you feel unsafe with less contact?


contactloos_betalen_ing_312_01

In the last few months, you might have experienced it when you ordered a cup of coffee. The checkout display shows the price, 2.95 euro and the cashier lovely asks you to pay. You reach in your pocket for a bankcard and just when you want to stick the card into the cardholder, the cashier suddenly tells you to gently tap the card on top of the payment device. The screen displays that the transaction is done and you can take your coffee with you.

How does it work?

The new bankcards consist of a chip that is a few millimetres big and can save dozens kilobytes of data. These chips communicate via the radio-frequency identification (RFID) technique. When a payment occurs, the device will make contact via RFID with the card chip to send out data. This data contains information about the transaction, like the price for example. Then the card chip will encrypt this data by an unique code. The encrypted data will be sent back to the payment device to be checked by the bank. When the bank gives permission for the payment, the transaction is completed. All will happen within seconds.

Threats and weaknesses

This kind of payment is similar to the public transport card (OV-card) that is used in the Netherlands. A while ago, scientists found out that the cryptography of the transport card was cracked. Assumptions about the unsafe cryptography of the bankcards were quickly made. Another weakness is that the bankcard does not necessarily need to be taken out anymore. You could complete the payment without taking the bankcard out of your wallet and your pocket. This makes the non-contact method vulnerable for relay-attacks. Modern mobile devices are equipped with near field communication (NFC). When a relay attack occurs, two mobile devices will create a gate between the payment terminal and the bankcard. NFC will provide the communication with the terminals and the chips. Although it seems tempting for thieves, they can only acquire a maximum of 50 euros per card, the daily limit of non-contact payment. This can be seen as a benefit too.

Opportunities and strengths

Firstly, losing your bankcard could cost you a maximum of 50 euros. It is not less safe than having 50 euros cash with you. In the beginning, banks will also be understanding and compensate your possible losses. Furthermore, this new form of payment is more profitable for banks. They do not have to install ATMs for instance and money transport will be less needed. Lastly, non-contact payment is so much faster than the classic payments. This will reduce waiting lines and improve the customer satisfaction.

The rise of technology brings us new products, new information and new methods. Cash payments made room for digital payments. Nowadays, even non-contact payments are possible and it struck me. Do you feel unsafe with less contact?

Radar.nl (2014). Contactloos betalen. Accessed: October 4, 2015, from: http://www.radartv.nl/uploads/pics/contactloos_betalen_ing_312_01.jpg

Heijden, van der R. (2015, February 4). Digitaal zakkenrollen met contactloos betalen. Accessed: October 4, 2015, from: http://www.kennislink.nl/publicaties/digitaal-zakkenrollen-met-contactloos-betalen

Francis, Lishoy et al. (2011). Practical Relay Attack on Contactless Transactions by Using NFC Mobile Phones. Accessed: October 4, 2015, from: https://eprint.iacr.org/2011/618.pdf

Wetenschap.infonu.nl (2009). Wat is RFID technologie? Accessed: October 4, 2015, from: http://wetenschap.infonu.nl/techniek/47062-wat-is-rfid-technologie.html

Advertisements

One response to “Do you feel unsafe with less contact?”

  1. 442000fa says :

    Even though my bank had provided me with a new card to use for wireless NFC payments months ago, I only recently started using it for making wireless payments. At first I was not sure how to use it and did not want to look like an idiot at the register for waving my card against the cardholder, only for it to not register the payment. Recently I took the plunge after a friend had instructed me how it works, and to my surprise it actually worked beyond my expectations.

    As you also mentioned in your blog post, security was definitely one of my concerns. The payment process almost felt like it was too easy. This made me think about how the system works and whether the authentication methods were safe enough. With my limited knowledge of the entire process I could not make an accurate judgment of the security of the system. I do have some trust in banks and government as to whether the system should have been implemented in the first place. The daily limit of 50 euros is what gives me a better sense of safety regarding the system. If my card would fall into the wrong hands, this amount of risk is a small trade-off for the benefits that the system offers. I do have to say that ever since having discovered wireless payments I am making a lot more small purchases, mostly due to the convenience.

    While the wireless payment system does not make me feel unsafe, it does feel less safe than the traditional method. However, I feel that this is simply a trade-off that is inherent to this kind of development. The risk of a relay attack exists, but I feel that if users are alert they can minimize falling victim to these man-in-the-middle attacks. No payment method is completely safe, and in the future we can only hope that authentication and security methods keep improving to make it safer for every party involved.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: