The country’s largest Government bank State Bank of India (SBI) is planning to launch contact-less debit cards and ICICI Bank, the country’s largest private sector bank, announced the launch of the country’s first ‘contact-less’ debit and credit cards. which would enable customers to carry out some transactions without entering the pin number. These enable customers to make electronic payments by waving the cards near a merchant terminal instead of dipping or swiping these.
As for as State Bank of India, Once the regulation comes in, all its future debit cards would be near-field communication (NFC or contact-less) enabled, he added. The bank is currently doing a test-run of such contact- less cards at the Chennai and Mumbai metro stations.
ICICI Bank’s ‘Coral Contactless Credit Card’ and ‘Expressions Wave Debit Card’ are powered by ‘MasterCard contactless’ and ‘Visa payWave’ technologies, respectively.
These cards are based on the near-field communication technology, which provides customers improved speed to complete a transaction, and enhanced security as they remain under the control of the customer.
Contact-less payment :
Contact-less payment systems are credit cards and debit cards, key fobs, smartcards or other devices that use radio-frequency identification for making secure payments. The embedded chip and antenna enable consumers to wave their card or fob over a reader at the point of sale. Some suppliers claim that transactions can be almost twice as fast as a conventional cash, credit, or debit card purchase. Because no signature or PIN verification is typically required. Those unauthorized may still take advantage of contactless payment systems as no identification occurs before payment except for certain devices. However, owners may block transactions which may provide relatively short time frame, if any, for fraudulent activities to occur of any kind.
Research indicates that consumers are likely to spend more money due to the ease of small transactions. MasterCard Canada says it has seen “about 25 percent” higher spending by users of its PayPass-brand RFID credit cards.
Why Use Contactless Payments?
Just what are the advantages of contactless payments over other methods of payment–magnetic stripe cards and cash? Why are merchants moving to deploy this new form of payment? Why are consumers willing to change the way they pay? The answer is speed and convenience, as has been substantiated in the early implementations and in recent market research. Consumers no longer have to fumble with cash and change or worry about having enough cash for a purchase–they can place their contactless payment device in close proximity to a reader and go. In most cases, they do not even have to sign a receipt or enter a personal identification number (PIN).
As a result, merchants see sales volumes increase and transactions speed up. Chase has reported that time at the POS is reduced 30 to 40% and an American Express study found contactless transactions to be 63% faster than cash and 53% faster than using a traditional credit card. Research also shows that consumers generally spend more per transaction when they don’t use cash–with Chase reporting a 20 to 30% increase over cash purchases. Merchants also enjoy lower costs, as a result of fewer requirements to handle cash, improved operational efficiencies, and reduced maintenance required by contactless readers. In merchant segments where speed and convenience are key to merchandising and customer service, contactless payments also translate into improved customer acquisition and retention.
By issuing secure contactless payment devices, financial service providers are not only supplying consumers with a more convenient payment mechanism, they are also increasing transaction volumes by replacing cash. In addition, service providers can now differentiate themselves with innovative new form factors.
In the long term, contactless cards and tokens enable merchants and issuers to collaborate on lifestyle products that blend the features (e.g., security, convenience, special offers), packaging (e.g., cards, tokens, personal devices, mobile phones), and delivery of payment products into a variety of product types targeting different cardholder segments that have specific desires for their shopping experience.
A contactless smart card is a contactless 13.56-MHz credential whose dimensions are credit-card size. Its embedded integrated circuits can store and sometimes process data and communicate with a terminal via radio waves. There are two broad categories of contactless smart cards. Memory cards contain non-volatile memory storage components, and perhaps some specific security logic. Contactless smart cards do contain read-only RFID called CSN (Card Serial Number) or UID, and a re-writeable smart card microchip that can be transcribed via radio waves.The first contactless cards in the UK were issued by Barclaycard in 2008.
A contactless smart card is also characterized as follows:
1. Dimensions are normally credit card size. The ID-1 of ISO/IEC 7810 standard defines them as 85.60 × 53.98 × 0.76 mm (3.370 × 2.125 × 0.030 in).
2. Contains a security system which is different for every brand tamper-resistant properties (e.g. a secure cryptoprocessor, secure file system, human-readable features) and is capable of providing security services (e.g. confidentiality of information in the memory).
3. Asset managed by way of a various central administration systems, or applications, which receive or sometimes interchanges information and configuration settings with the card. The latter includes card hotlisting, updates for application data.
4. Card data is transferred via radio waves to the central administration system through card read write reader devices, such as access control mullion readers, ticket readers, ATMs, USB connected desktop readers or all devices embedding a contactless reader technology like printers, Time & attendance terminals, parking, lifts, point of sales, car sharing …
Contactless smart cards can be used for identification, authentication, and data storage. They also provide a means of effecting business transactions in a flexible, secure, standard way with minimal human intervention.
Contactless smart card readers use radio waves to communicate with, and both read and write data on a smart card. When used for electronic payment, they are commonly located near PIN pads, cash registers and other places of payment. When the readers are used for public transit they are commonly located on fare boxes, ticket machines, turnstiles, and station platforms as a standalone unit. When used for security, readers are usually located to the side of an entry door.
A contactless smart card is a card in which the chip communicates with the card reader through an induction technology similar to that of an RFID (at data rates of 106 to 848 kbit/s). These cards require only close proximity to an antenna to complete a transaction. They are often used when transactions must be processed quickly or hands-free, such as on mass transit systems, where a smart card can be used without even removing it from a wallet.
The standard for contactless smart card communications is ISO/IEC 14443. It defines two types of contactless cards (“A” and “B”) and allows for communications at distances up to 10 cm (3.9 in). There had been proposals for ISO/IEC 14443 types C, D, E, F and G that have been rejected by the International Organization for Standardization. An alternative standard for contactless smart cards is ISO/IEC 15693, which allows communications at distances up to 50 cm (1.6 ft).
A related contactless technology is RFID (radio frequency identification). In certain cases, it can be used for applications similar to those of contactless smart cards, such as for electronic toll collection. RFID devices usually do not include writeable memory or microcontroller processing capability as contactless smart cards often do.
There are dual-interface cards that implement contactless and contact interfaces on a single card with some shared storage and processing. An example is Porto’s multi-application transport card, called Andante, that uses a chip in contact and contactless (ISO/IEC 14443 type B) mode.
Like smart cards with contacts, contactless cards do not have a battery. Instead, they use a built-in inductor, using the principle of resonant inductive coupling, to capture some of the incident electromagnetic signal, rectify it, and use it to power the card’s electronics.
Security In contactless Payment:
As with all payment devices, contactless cards have a number of security features. Contactless runs over the same chip and PIN network as normal credit and debit card transactions, there is a payment limit on single transactions and some contactless cards can only be used a certain number of times before customers are asked for their PIN. Contactless debit and credit transactions are protected by the same fraud guarantee as standard transactions. In order to check that a contactless card has been delivered to the authorised card holder, the contactless part of the card will not function until a standard chip and PIN transaction has been executed.
Security in contactless smartcard:
Smart cards have been advertised as suitable for personal identification tasks, because they are engineered to be tamper resistant. The embedded chip of a smart card usually implements some cryptographic algorithm. There are, however, several methods of recovering some of the algorithm’s internal state.
1. Differential power analysis : Differential power analysis involves measuring the precise time and electrical current[dubious – discuss] required for certain encryption or decryption operations. This is most often used against public key algorithms such as RSA in order to deduce the on-chip private key, although some implementations of symmetric ciphers can be vulnerable to timing or power attacks as well.
2. Physical disassembly : Smart cards can be physically disassembled by using acid, abrasives, or some other technique to obtain direct, unrestricted access to the on-board microprocessor. Although such techniques obviously involve a fairly high risk of permanent damage to the chip, they permit much more detailed information (e.g. photomicrographs of encryption hardware) to be extracted.
Transportation : In a number of cases these cards carry an electronic wallet as well as fare products, and can be used for low-value payments.
Contactless bank cards : Starting around 2005, a major application of the technology has been contactless payment credit and debit cards. Some major examples include:
ExpressPay – American Express
PayPass – MasterCard
Zip – Discover
payWave – Visa
In general there are two classes of contactless bank cards: magnetic stripe data (MSD) and contactless EMV.
Contactless MSD cards are similar to magnetic stripe cards in terms of the data they share across the contactless interface. They are only distributed in the U.S. Payment occurs in a similar fashion to mag-stripe, without a PIN and often in off-line mode (depending on parameters of the terminal). The security level of such a transaction is better than a mag-stripe card, as the chip cryptographically generates a code which can be verified by the card issuer’s systems.
Contactless EMV cards have two interfaces (contact and contactless) and work as a normal EMV card via their contact interface. The contactless interface provides similar data to a contact EMV transaction, but usually a subset of the capabilities (e.g. usually issuers will not allow balances to be increased via the contactless interface, instead requiring the card to be inserted into a device which uses the contact interface). EMV cards may carry an “offline balance” stored in their chip, similar to the electronic wallet or “purse” that users of transit smart cards are used to.
Identification : A quickly growing application is in digital identification cards. In this application, the cards are used for authentication of identity. The most common example is in conjunction with a PKI. The smart card will store an encrypted digital certificate issued from the PKI along with any other relevant or needed information about the card holder. Examples include the U.S. Department of Defense (DoD) Common Access Card (CAC), and the use of various smart cards by many governments as identification cards for their citizens. When combined with biometrics, smart cards can provide two- or three-factor authentication. Smart cards are not always a privacy-enhancing technology, for the subject carries possibly incriminating information about him all the time. By employing contactless smart cards, that can be read without having to remove the card from the wallet or even the garment it is in, one can add even more authentication value to the human carrier of the cards.
Other : The Malaysian government uses smart card technology in the identity cards carried by all Malaysian citizens and resident non-citizens. The personal information inside the smart card (called MyKad) can be read using special APDU commands.
The plastic card in which the chip is embedded is fairly flexible, and the larger the chip, the higher the probability of breaking. Smart cards are often carried in wallets or pockets — a fairly harsh environment for a chip. However, for large banking systems, the failure-management cost can be more than offset by the fraud reduction. A card enclosure may be used as an alternative to help prevent the smart card from failing.
Using a smart card for mass transit presents a risk for privacy, because such a system enables the mass transit operator (and the authorities) to track the movement of individuals.
Theft and fraud:
Contactless technology does not necessarily prevent use of a PIN for authentication of the user, but it is common for low value transactions (bank credit or debit card purchase, or public transport fare payment) not to require a PIN. This may make such cards more likely to be stolen, or used fraudulently by the finder of someone else’s lost card.
Inland data networks quickly convey information between terminals and central banking systems, such that contactless payment limits may be monitored and managed. This may not be possible with use of such cards when abroad.
Multiple cards detection:
When two or more contactless cards are in close proximity the system may have difficulty determining which card is intended to be used. The card-reader may charge the incorrect card or reject both.