Do you feel unsafe with less contact?
In the last few months, you might have experienced it when you ordered a cup of coffee. The checkout display shows the price, 2.95 euro and the cashier lovely asks you to pay. You reach in your pocket for a bankcard and just when you want to stick the card into the cardholder, the cashier suddenly tells you to gently tap the card on top of the payment device. The screen displays that the transaction is done and you can take your coffee with you.
How does it work?
The new bankcards consist of a chip that is a few millimetres big and can save dozens kilobytes of data. These chips communicate via the radio-frequency identification (RFID) technique. When a payment occurs, the device will make contact via RFID with the card chip to send out data. This data contains information about the transaction, like the price for example. Then the card chip will encrypt this data by an unique code. The encrypted data will be sent back to the payment device to be checked by the bank. When the bank gives permission for the payment, the transaction is completed. All will happen within seconds.
Threats and weaknesses
This kind of payment is similar to the public transport card (OV-card) that is used in the Netherlands. A while ago, scientists found out that the cryptography of the transport card was cracked. Assumptions about the unsafe cryptography of the bankcards were quickly made. Another weakness is that the bankcard does not necessarily need to be taken out anymore. You could complete the payment without taking the bankcard out of your wallet and your pocket. This makes the non-contact method vulnerable for relay-attacks. Modern mobile devices are equipped with near field communication (NFC). When a relay attack occurs, two mobile devices will create a gate between the payment terminal and the bankcard. NFC will provide the communication with the terminals and the chips. Although it seems tempting for thieves, they can only acquire a maximum of 50 euros per card, the daily limit of non-contact payment. This can be seen as a benefit too.
Opportunities and strengths
Firstly, losing your bankcard could cost you a maximum of 50 euros. It is not less safe than having 50 euros cash with you. In the beginning, banks will also be understanding and compensate your possible losses. Furthermore, this new form of payment is more profitable for banks. They do not have to install ATMs for instance and money transport will be less needed. Lastly, non-contact payment is so much faster than the classic payments. This will reduce waiting lines and improve the customer satisfaction.
The rise of technology brings us new products, new information and new methods. Cash payments made room for digital payments. Nowadays, even non-contact payments are possible and it struck me. Do you feel unsafe with less contact?
Radar.nl (2014). Contactloos betalen. Accessed: October 4, 2015, from: http://www.radartv.nl/uploads/pics/contactloos_betalen_ing_312_01.jpg
Heijden, van der R. (2015, February 4). Digitaal zakkenrollen met contactloos betalen. Accessed: October 4, 2015, from: http://www.kennislink.nl/publicaties/digitaal-zakkenrollen-met-contactloos-betalen
Francis, Lishoy et al. (2011). Practical Relay Attack on Contactless Transactions by Using NFC Mobile Phones. Accessed: October 4, 2015, from: https://eprint.iacr.org/2011/618.pdf
Wetenschap.infonu.nl (2009). Wat is RFID technologie? Accessed: October 4, 2015, from: http://wetenschap.infonu.nl/techniek/47062-wat-is-rfid-technologie.html