Near-field communication (NFC) is a popular short-range communication protocol. It is a branch of radio frequency identification (RFID) that generally operates at 13.56MHz. It was designed as a method to allow two devices to establish a peer to peer communication network. NFC technology is currently being implemented in newer phones and credit cards. For phones, it provides quick sharing of information, such as pictures. In credit cards and phones, it enables “tap to pay,” basically a way to pay without having to slide or insert a card in a card reader.
Although meant to be more secure than the traditional magnetic stripes on cards, it is possible that this technology still has some flaws to its security. EMV technology was introduced as a more secure method for payment transactions. EMV stands for Europay, Mastercard and Visa, and involves integrating a small chip into credit cards. What makes this a more secure means of payment is that every time a transaction occurs the chip generates a unique code that cannot be used again. Whereas the magnetic stripe on credit cards contains data that will never change. The magnetic stripe enables hackers to use stolen credit card information to get cash.
It turns out that chip technology embedded into credit cards shares the same application protocol data unit (APDU) that NFC technology uses. What that means is that a card inherently supports near field communications whether it is intended to or not. This is demonstrated through Salvador Mendoza’s experiments using a Raspberry Pi and a PN532. The Raspberry Pi is employed as the device to initiate the commands and responses needed for the near field communication. On the other hand, the PN532 is a very popular NFC chip available from NXP. It is so popular in fact that it can be found in almost all products utilizing NFC. In addition, a very easy to use breakout board with an integrated PCB antenna is available from Adafruit for low-cost contactless experiments.
Using his test setup, Mendoza demonstrates how the EMV card can be detected and communication established. Basically, an EMV card is detected and a test communication connection is made. Next, APDU commands are sent from the raspberry pi to the PN532 board to interact with the EMV card. The commands will relay back and forth until the communication finishes. This was shown to be possible on EMV cards with and without marketed NFC capabilities.
With all that said, EMV cars have still proved to reduce credit card fraud. According to Mastercard and Visa, since EMV was introduced and began rolling out to consumers, stores that use chip-based payments saw a 58 percent drop in fraudulent transactions. That’s good to hear, however for those still concerned that someone may be trying to hack their credit card information, a metal wallet is always an option.