Can RF technology effectively prevent credit card fraud?

Near Field Communication (NFC)

NFC is another entry into the wireless "non-contact" combination. It is a set of communication protocols, data exchange formats and standards. Designed for smartphones and tablets, similar to contactless cards, but it doesn't have a card. NFC was sponsored by the NFC Forum created by NXP, Sony and Nokia in 2004 and has been accepted by the GSMA. The GSMA has defined an architecture for the GSMA NFC standard for the carrier's wireless world and is still improving.

Technology and standards are constantly evolving. Google (Google) added Host Card Emulation (HCE) functionality to Android 4.4 (KitKat), but did not follow the GSMA standard. In 2011, the first smartphones including PayPass or PayWave went on sale, and more smartphones including PayPass or payWave were launched. In February of this year, MasterCard announced a joint venture with EE, Telefónica UK and Vodafone UK to promote the development of this technology and make contactless payment a common platform in Europe.

NFC uses the same basic method as other non-contact technologies (including RFID), namely magnetic induction between loop antennas. When the antennas are close to each other, they form a virtual transformer that generates voltage. NFC operates at 13.56 MHz in the unlicensed Industrial, Scientific, and Medical (ISM) band, with a theoretical working distance of 8 inches, but in practice typically does not exceed 2 inches.

NFC is also different from contactless smart cards, because NFC allows two-way communication with the card reader, and has the advantages of high-volume processing, security and encryption functions brought by the smartphone. After all, it is not limited to the size of the credit card. Google's Android Beam opens the phone's Bluetooth function via NFC, enabling the POS to pair with it and turn off the previously turned on Bluetooth feature when the transaction or file transfer is complete. Samsung uses another variant, S-Beam, in its Galaxy line of products, which, although similar to Android Beam, uses NFC to share MAC and IP addresses and share files and documents using WiFi Direct. It's much faster than Bluetooth and has a data rate of up to 300 Mb/s, which makes sharing large files much faster.

PayPal decided to take its own path and completely abandon NFC technology. President David Marcus said in his blog last year that NFC technology will “not be able to get large-scale applications” and will “slow slowly in 2013”. However, this prediction has now proved to be wrong. PayPal used Bluetooth low energy (BLE) technology in its Beacon service announced last September. Beacon allows customers to pay without having to use a smartphone or credit card. Retailers need to plug a $100 USB adapter into their POS system. If the customer's phone has a Beacon app, they will be prompted if the customer chooses to pay with PayPal.

                                              
Paypal's Beacon reader plugs into a wall socket, and the adapter connects to the POS terminal via USB

There is no need to open the app on the phone, nor do you need signal or GPS location information. The app allows customers to choose to store Beacon-compatible retailers in their phones, so that they don't need manual operation at the time of payment, saving a lot of hassle. It's actually better than PayPal's current payment system, which requires customers to open the PayPal app on their phone and confirm it with the retailer every time.

Not only can NFC be used for payments, but it can also be used for customer loyalty programs, transit passes, and other applications. For example, Google's HCE allows any application running on an Android 4.4 device to emulate a smart card, and the user simply opens the app and launches the transaction. This opens up almost unlimited possibilities, from social networks to shared contacts, photos, big data files or videos, and multiplayer mobile games.

NFC has gained recognition and its many potential uses make it attractive. AT&T, Verizon and T-Mobile jointly created a joint venture called "ISIS" in 2011 with the mission of creating an architecture that allows customers to use the NFC specification for mobile payments on this architecture. Its primary goal is to allow NFC-enabled smartphones and other wireless devices to act as credit cards, completely eliminating contactless cards. But in the end it is more likely that NFC and non-contact cards coexist, because not everyone is willing to give up the physical card, the mobile phone as a full payment device.

to sum up

In the United States, it is possible to partially replace a magnetic stripe card with some form of contactless payment system, but it will never be completely replaced. Smart cards, contactless cards, and mobile-based NFCs have clear advantages in terms of security and are almost certainly capable of reducing theft. However, Target's intrusion incident fully demonstrates that as long as a criminal-minded hacker can completely skip the POS terminal and enter directly from the company level, there is no panacea that can completely eliminate fraud.

As contactless payment systems become more popular, hackers will certainly turn their attention to finding and exploiting vulnerabilities in contactless payment systems, just as they do on networks and PCs. Even so, once the cost of updating the system is amortized over time, consumers will benefit from banks, credit card companies and retailers.