E822acb0564c5632aae69fef35f85b3d

Software Engineer

Contactless Payment

Thiago Scalone,

Some customers have been asking about the use of NFC technologies and how it might impact merchants. So we have created this little introductory material that explains how the NFC technology works and what is currently supported by CloudWalk.

NFC

What is NFC?

NFC, or Near Field Communication, is a standards-based wireless communication technology that allows data to be exchanged between devices that are a few centimeters apart. NFC transmissions are short range and are used for more secure transactions – unlike radio frequency identification or RFID, which has a longer range and supports minimal security. An NFC-enabled phone is provisioned with a payment application and payment account information. That application and account information is encrypted and stored in a secure area in the phone. The phone then uses NFC technology to communicate with the merchant’s contactless payment-capable POS system. To pay, the consumer simply brings the phone to within a few centimeters of a contactless payment-capable POS system and the transaction occurs.

What is EMV and EMV Contactless?

EMV (Europay, MasterCard® and Visa®) is a global payment system that entails putting a microprocessor chip into credit, debit and prepaid cards, making them less vulnerable to fraud for in-person transactions. These chip, or smart, cards generate dynamic data for each transaction, which prevents the transaction data from being reused fraudulently. That’s unlike the traditional magnetic stripe, which holds static data that does not change. This technology can be used in three main forms: contact, contactless and mobile. An EMV chip uses cryptographic keys to generate a unique code for each transaction, making it harder to clone and steal data.

What MST, and about Samsung technology?

MST or Magnetic Secure Transmission technology generates an alternating current through an inductive loop of changing magnetic fields. The signal received from the device emulates the same magnetic field change as a magnetic stripe card when swiped across the same read head. MST works within a 3-inch distance from the read head.MST was patented by LoopPay, a mobile wallet solution that allows consumers to pay with their mobile devices and was recently acquired by Samsung. In order to keep the transaction secure, MST only exists during the transmission process. MST technology is not limited by form factor, making it a practical technology for mobile payments and is accepted by approximately 90% of merchants. MST does not require merchants to make changes to their existing payment systems.

What is tokenization?

Tokenization is a method for protecting card data by substituting a card’s Primary Account Number (PAN) with a unique, randomly generated sequence of numbers. This “token” can be reversed to its true associated PAN value at any time with the right decryption keys. There are different kinds of tokens and different ways to create them, and a token can be merchant specific, single-or multi-use; tokens can be stored and managed in the cloud, in a token vault, or at a merchant location; and, once a token has been created, it may be tied to a card on file, an individual transaction, a payment card, or a device.

How they work together?

The biggest players on the market are Apple Pay and Samsung Pay, both use a tokenization process to keep card numbers private and both support NFC to transfer the card details.However, Samsung takes it a step further by offering MST technology, which allows consumers to conduct transactions at merchants that only support magnetic card readers. The other difference between the two wallets is that Apple uses the secure element to store tokens and payment credentials while Samsung uses HCE so that the credentials can be hosted outside of the secure element - in an operating system or the cloud, for example.

What is supported by CloudWalk

EMV Contact (chip and pin) technology is adopted and certified by CloudWalk and Acquirer based in the process stipulated by EMVCo, version 4.3. However, EMV Contactless (NFC) technology is not yet available on production operation. CloudWalk has years of experience with EMV Contactless, but the technology is also required from the Acquirer, and not all Brazilians support it, or, has a well-defined certification process. Brazilian Acquirer Stone recently implemented the specification, and CloudWalk is in the process of adequacy and certification. Both Samsung Pay (not using MST) and Apple Pay, require the adoption of EMV Contactless for operation.

MST technology, which emits a magnetic signal that mimics the magnetic strip on a traditional payment card, is more comprehensive by using a structure (magnetic stripe) that is already available on the vast majority of devices. And as it emulates a magnetic stripe there is no way to block the operation unless all magnetic stripe are blocked. This is strongly not recommended by CloudWalk, since BACEN (Brazilian central bank) has a standard that applies the honor-all-cards concept, which, if not implemented, can lead to a fine. (BACEN, 2009, page 45).

References

BACEN, Relatório sobre a Indústria de Cartões de Pagamentos, 2009

Android Pay X SamsungPay

What is MST (Magnetic Secure Transmission)

EMV Contactless by EMVCo

About NFC

Token Management Service

Tokenization, EMV, NFC, HCE, MST – What does it all mean to me?

About the author

Scalone is responsible for transaction capture in CloudWalk. He has 12 years of career 10 of them with Ruby and 7 of them with C on payments. Ruby lover and active participant of Ruby language community.