Rfid, Nfc And Smart Card, Who Is The Greatest Guarantee Of Information Security

By Author: Denis Zhang
Total Articles: 15
Comment this article

At the end of 2013, US retail giant Target (Target) was hacked and 70 million of its users' personal information and 40 million of its credit card data were stolen, involving private data such as user names, phone numbers and information card information. It is estimated that Target's losses currently amount to $148 million and could eventually reach $1 billion. Target's "money loss and disgrace" incident has made people realize that even the most powerful security systems can be attacked by hackers. Target's account is a model, multi-tiered system with defenses that exceed the already stringent security requirements of Visa and MasterCard. But the hackers invaded, prompting an immediate outcry about why credit card transactions in the US are not safe enough and calling for contactless credit cards that do not need to be physically "swiped" through a card reader. Thanks to this outcry, Visa, MasterCard and American Express have taken a firm stand: retailers must invest in card readers that can use smart cards by October 2015. For those who do not do so, the responsibility for fraudulent losses will rest entirely with them. After ...
... all, smart cards (which contain chips that contain encrypted information and secure processing capabilities, but still need to be contacted) have been widely used in developed countries since 1983, greatly reducing theft. In the US, fraud took so long to reach this point, and although it cost retailers and banks more than $12 billion in 2013, it is clearly much cheaper than the cost and complexity of updating the (POS) system at retail outlets. However, with the progress of technology, today's standard is contactless smart card for wireless communication, which does not require physical "swiping" between the card and the card reader, but is based on the near-field communication (NFC) technology of smart phones. However, Target has been breached a key fact that is rarely mentioned: the cards themselves are not the problem.

Who is going to carry the pot?

The gangster who carried out the target attack installed malware on the POS terminal of the target store and used the "memory crawl" tool to grab the data temporarily stored by the terminal during the transaction. However, the malware reaches the terminal through a company's target network server, through which hackers can access the company's terminal. Once comfortably placed on the terminal, it set up its own control server on Target's network and stored all stolen data in Target's own data repository until hackers took the time to uninstall it. It is reported that Target uses more than 40 antivirus tools to scan malware that traverses its network, but does not find a single malware, and even if it does, it is not considered malicious. The software, called BlackPOS, which can be purchased at cybercrime forums for about $2000, is designed to bypass firewalls and install at point-of-sale terminals. In short, when thieves enter from the "back end" rather than the front POS terminal, the company server rather than the POS terminal becomes the point of invasion. All POS terminals collect data, whether they require you to swipe your card or put it a few inches from the reader. So the question arises: what makes contactless credit cards more secure than regular credit cards? Will contactless credit cards make a big difference when it comes to credit card theft? In Target's case, maybe not, but this is certainly a major improvement to the current system, and most types of theft against the terminal itself are much more frequent. Let's review the current possible alternatives to magnetic stripes-smart cards, contactless cards, near-field communications, and RFID that are different from the three mentioned above.

What kind of smart cards do you have?

In the most common type of passive radio frequency identification system, the card reader sends a weak signal, which is captured by the ring antenna on the card and corrected. The small power generated is used to respond to the reader's query and personal identification. The control system matches the identity code with the information in the database for authentication. In this regard, RFID and contactless payments have two basic things in common: they use wireless technology to eliminate the physical connection between the POS reading device and the item being read, and contain an IC and memory to store data. With a few exceptions, however, these are the similarities.

Passive RFID tags are very cheap, usually less than a dime, so they are ideal for large-scale tracking of anything that can be placed or inserted into an RFID tag. However, active RFID tags contain a battery that can send burst messages, but they are much more expensive, so they are not widely used. RFID tags are not very "smart", while contact cards and contactless "smart" cards have significant security features, including secure microprocessors, memory and encryption capabilities. The RFID tag can be read from a distance of about 6 inches. The passive mode is more than 650 feet, while for security reasons, contactless cards can only be read from a distance of about 2 inches.

A RFID tag requires the least number of components, the largest of which is a loop antenna that captures faint signals from a reader. The advantages of RFID have been applied to many areas, including passports with personal avatars. In 2005, Wal-Mart required its top 100 suppliers to put RFID tags on boxes and pallets shipped to distribution centers, and the program was later extended to all suppliers. They say out-of-stock items marked with RFID can now be replenished more quickly. Many other companies have adopted the same approach, and today, passive radio frequency identification is widely used in many industries. In short, although RFID systems are ubiquitous in tracking applications, except for a few cases, their lack of intelligence and limited ability to provide security make them impossible to use in transaction processing.

Smart card.

If RFID is not smart, make a smart card. This is the first card designed for transaction processing to overcome the security restrictions of "dumb" magnetic stripe cards. Smart cards provide important security features, including active encryption authentication that uses symmetric DES (data encryption Standard), 3DES (tripleDES), or RSA public key encryption, and the key length is up to 1024 bits.

Contactless card.

The contactless card retains the previously mentioned smart card components and security features, but the electronic contacts of the former are replaced by radio frequency parts similar to those used in the RFID, and physical contact with the POS card reader is eliminated. You do not need to enter a password in each transaction, but at a certain amount, the card reader will ask for a password to ensure security.

The amount of each transaction is also limited. Contactless cards were first used for e-ticketing in South Korea in 1995, and many Americans may remember ExxonMobil's Speedpass system, which is still used at many ExxonMobil gas stations in the late 1990s. Since then, contactless technology has been adopted by MasterCard, Citibank, JPMorgan Chase, American Express and many other organizations.

Near field communication (NFC).

NFC is a new way to enter the wireless "contactless" field. It is a set of communication protocols, data exchange formats and standards for mobile phones, tablets, and laptops to share data with other NFC-enabled devices, similar to contactless cards, but without cards. NFC is developed with the support of the NFC Forum created by NXP, Sony and Nokia in 2004. It has been accepted by GSMA and refines the architecture of the GSMANFC standard for the carrier wireless world. NFC allows two-way communication in a manner that does not involve any wireless connection such as Wi-Fi, 3G, LTE, and so on. NFC is derived from radio frequency identification (RFID) technology, so it also uses radio waves, but its communication distance is limited to about 10 centimeters. This is largely seen as a security advantage and helps to increase the popularity of NFC. One of the main uses of NFC is dynamically encrypted secure payments such as Apple pay, Android pay and Samsung pay. With the continuous development of technology and standards. Google has added its host card emulation (HCE), to Android4.4 (KitKat) but does not follow the GSMA standard. In 2011, the first smartphones with PayPass or payWave features were introduced, and more smartphones have been added since then. To advance the technology, MasterCard announced in February a joint venture between EE, TelefAnicaUK and Vodafone UK to make contactless payments a common platform in Europe.

NFC shares a basic method with other contactless technologies, including RFID, because it uses magnetic induction between ring antennas. When the antennas are close to each other, the antennas produce a virtual transformer and a voltage. The NFC operates in the unlicensed industrial science and medical (ISM) band at a frequency of 13.56MHz and works at a distance of 8 inches in theory, but only 2 inches or less in practice.

With NFC technology, a connection can be established immediately when another device that supports NFC is within the valid range of the current device. After the contactless transaction begins, NFC card readers and devices pass encrypted messages back and forth and complete the transaction in seconds. In this way, it not only realizes the simplicity, but also makes the transaction speed much faster than the traditional payment technology and data transmission technology. In addition to secure payment, NFC technology can also be used for other purposes. NFC can be used to transfer large amounts of other data between NFC-enabled devices, including sending phone numbers, pictures or documents, sharing traffic routes, launching applications on other phones, and connecting through NFC tags, a small physical tag with NFC chips.

NFCvs contactless smart card NFC differs from contactless smart card in that it allows communication with card readers, is not limited by the size of credit cards, and has the huge processing, security and encryption capabilities of smartphones. Google AndroidBeam enables Bluetooth on the phone to launch NFC, and allow point-of-sale readers to pair Bluetooth, as well as disable Bluetooth until the transaction or file transfer is complete. Samsung uses another variant called S-Beam in its Galaxy range, similar to AndroidBeam, which uses NFC to share MAC and IP addresses and WiFiDirect to share files and documents. It is much faster than Bluetooth, and the data transfer rate is as high as 300mbmp / s, which makes it faster to share large files.

PayPal decided to go its own way, abandoning NFC technology altogether, calling it a technology that "cannot be adopted on a large scale". Instead, PayPal announced the use of Bluetooth low-power technology in a service called Beacon. Beacon allows customers to pay without a smartphone or credit card. Retailers need to plug a USB adapter into their point-of-sale system, and when customers have a Beacon application on their phone, they are prompted whether to choose PayPal as the payment source.

PayPal's beacon reader is plugged into a wall Jack, and the $100 device is connected to the POS terminal via USB.

The app does not need to be opened on the phone, nor does it require a signal or GPS. This allows customers to selectively store beacon-compatible retailers in their mobile phones, so that payment is basically unnecessary. It goes beyond the company's current payment system, which requires customers to open PayPal apps on their phones and check with retailers on each payment. NFC applies not only to payments, but also to loyalty programs, transit cards and other applications. For example, Google's HCE allows any setting that runs in support of Android4.4

President of China IC Card Industry Association Global 100,000+ Hotel Key Card Suppliers Guangzhou Zhanfeng Smart Card Technology Co., Ltd., is one of the largest smart card manufacturers in the world. It has a production base of 3,000 square meters, more than 200 employees, 20 R&D technicians, and a monthly output of 18 million pieces. Introducing the world's most advanced smart card production equipment. All our products passed EU's CE and REACH certification.