NFC-payments animated: from a plastic card to the cloud
To explain how contactless payments work we’ve animated the process of card issuance and payment in a store. See what it looks like for a plastic bank card, a phone with a special card-like chip and a phone enabled with a cloud-based payments technology.
MasterCard PayPass / Visa PayWave plastic bank cards
We are used to calling a standard-sized piece of plastic “a bank card” . In fact, a bank card is not a physical object. Inside a plastic card there are a microprocessor and an antenna. A microprocessor has an operating system with a payment application and client data (personalization data) — this application is actually the real “bank card”.
When a bank issues a plastic bank card for you, it passes personalization data to a card issuing company. That company prepares and writes data on the microprocessor in “a plastic shell” you get in the bank office.
When you insert a chip card in a bank POS terminal at the checkout (or touch a terminal with a contactless card), the microprocessor inside the plastic acquires enough power to operate and runs an installed payment application. Using the established rules and keys the payment application generates one-time payment data which is then transmitted to the bank terminal in a store, and then to the bank.
Contactless cards for city transport work in a similar way, with a small difference — they also store information about a card’s balance (money or trips left). This saves time on communication between a terminal and a “bank”. As a result, this helps passengers pass much faster.
Smartphones with NFC-antenna and a special Secure Element chip
Modern smartphones have a special embedded chip — Secure Element (SE). This chip is similar to the microprocessor in a plastic card. For example, it is present in the iPhone 6, Samsung S4, HTC One M8, etc. This chip allows to turn a phone into a payment card.
To issue a bank card into the phone with a Secure Element, a bank passes personalization data to a company performing a role of a Trusted Service Manager (TSM) — a trusted aggregator of service providers and Secure Elements in phones. TSM remotely writes data to the chip inside the phone and you receive a bank card within 5–10 minutes right into your phone.
NFC-antenna of the phone works under the same wireless standard as a plastic bank card (ISO 14443). Accordingly, NFC-antenna of the phone could be used as an interface between Secure Element and a bank POS terminal. When you hold the phone with a bank card near a POS terminal, NFC-antenna of the phone enters the field of the terminal and starts the payment application on the Secure Element microprocessor. The payment application generates a one-time payment data and transmits it to a terminal at the point of sale, and then to the bank.
Secure Element is suitable for both bank and city transport cards at the same time. With the TSM platform, payment cards could be issued at any time within several minutes.
Smartphones with NFC-antenna and Android 4.4 KitKat or higher
The Secure Element microchip is embedded in a limited number of smartphones. The absence of such a chip causes two problems: the inability to emulate a payment card at the hardware level and the lack of the safe place to store payment cards on the device.
The first problem was solved in OS Android 4.4 KitKat and higher. The operating system includes a Host Card Emulation technology (HCE), which allows to run payment card applications in the operating system and transmit the result to the NFC-antenna. The second problem could be solved by placing payment card data outside the phone on the server platform — “in the cloud”. This technology is called Cloud-Based Payments.
When a bank issues “a cloud card”, it passes personalization data to a company, which provides production and life cycle management of such cards throughout its validity period. The Cloud-Based Payments Platform (CBPP) is responsible for this process. Payment card data is stored in the cloud and phone receives only one-time payment data, which is encrypted using an additional PIN-code (Mobile PIN), known only by the user and never stored in the phone.
When you hold such a phone near a POS terminal, the NFC-antenna of the phone enters the field of the terminal, and due to HCE technology a one-time payment data downloaded from the cloud is transmitting to a terminal at the point of sale, and then to the bank.
One-time payment data items are stored in the phone in strictly limited quantities and are downloaded as needed through the Internet. In practice, this means that you might have difficulties trying to make a series of payments for your purchases in the mall with a poor cellular coverage or disabled Internet roaming. Unfortunately, this is not the only limitation of this technology: issuing of city transport cards without a hardware chip Secure Element in the phone is impossible. HCE technology does not allow to emulate cards such as MIFARE, which are used in the vast majority of fare collection systems.
A great advantage of cloud-based payments is its accessibility: any phone with an NFC-antenna and Android 4.4 or higher could be used as a bank card for payments by a touch of the phone.
Try contactless payments with the new CardsMobile Wallet app (available on Google Play only in Russia).
