The wrong side of payment technology based on NFC and MST

Given the popularity and prevalence of NFC-based payment technologies and the simulation of a magnetic signal - MST, we, in the team of the payment provider Fondy , publish a post that describes the mechanism of these solutions: from point A (interaction with the payment terminal) to point B (transaction execution )

According to the results of Yandex, the main question for users on the topic of NFC is "What is NFC and how to learn how to use it?". This contrasts strongly with the same Google, where the question is already different. What is NFC, they already know there - NFC is in every household there. The question is how to apply what is given? What can I do using NFC? What should a regular non-advanced user do with near field technology?

To get started, here is a list of several NFC-compatible smart devices:Nexus 6 , the Sony the Xperia Z3 , the iPhone 6 /7, the Samsung Galaxy the Note 4 , the LG G3 , the HTC the One the M9 . For fans of the study and comparison of devices, here is a complete list .

Very soon, NFC chips will be built into smartphones of all manufacturers, and even fitness trackers will work based on NFC. Apple uses this technology in the Apple Watch, and now you can pay for goods through Apple Pay with a wave of your hand.

This is how reading a card with an EMV chip looks like:





What was the excursion to EMV made for? To clearly demonstrate that with the advent of NFC, almost all of the previous steps (actions) had to be somehow repeated, replicated, transferred to a telephone or other contactless device.

Further we will talk about what TSM and SecureElement are, which make NFC transactions more secure. After all, if the card is not emulated in the phone using HCE (HostCardEmulation), then the data needs to be stored somewhere. SecureElement is just busy solving this problem.



OTA - Remote Security Management

TSM - TrustedServiceManager - a unique intermediary that owns keys. This is a hardware-software complex that provides technological relations between telecom operators and service providers.

Trusted third party key services include secure download and security element content management performed in conjunction with mobile service providers. These can be banks, transport companies, suppliers and aggregators of services. Remote application management, usually performed using wireless cellular technology (over-the-air, OTA), includes the installation and personalization of applications in the security element of a mobile phone, as well as further maintenance of installed applications throughout their life cycle, as well as service support. Read more about the role and place of TSM in the NFC ecosystem here .

SecureElement - a secure element in an NFC device - data stored in the device’s wallet. This is a separate microprocessor responsible for the safe storage and operation of Mastercard Mobile PayPass / VisaPayWave payment applications. Either it is made built-in (installed on the phone’s motherboard), or it is located on a detachable module: UICC SIM card / SD memory card.



For a better understanding of the daily use of the TSM platform, we quote an excerpt from the MTS press release of March 03, 2014:

“With the advent of the TSM platform, the last infrastructural limitation on the path of mass development of NFC services in Russia has been removed - we will get a link in the NFC ecosystem, a single“ entry point ”for quickly connecting a wide range of service providers ... For our user, our new technical complex enables fast and secure download “by air” directly to the SIM card of the electronic image of bank and transport cards, travel tickets, loyalty cards, passes. Soon, it will be sufficient for the MTS subscriber to receive an NFC-enabled SIM card in the MTS salon in order to later issue duplicate plastic bank cards without a visit to the bank or buy travel tickets, receive discount coupons without contacting points of sale.

Now you can check the clock and see how the plans came true. Technologically, they were very justified. They managed to realize a lot.



NFC-chips are already so much heard that even the news of their subcutaneous implantation in humans is no longer news.

Before Yevgeny Chereshnev (2 years ago, a Russian implanted an NFC biochip in his hand, “which will allow you to open doors, store data, pay in cafes and much more”) was Martin Wiesmeyer, known as MrBitcoin. He implanted two NFC chips to store cryptocurrency. Moscow engineer Vlad Zaitsev sewed a chip for himself from the Moscow Troika transport card: now, with the help of his hand, he pays for travel in transport, and also opens the door to the office.



The NFC chips in the photo are sewn into the hands. But there are other NFC devices, such as a payment ring: medical titanium, a wired chip (read mode, support for writing, transferring business cards), a key fob, a sticker attached to a gadget, a smartphone cover, NFC watches - all these devices will support data transfer provided that an NFC device embedded in them is used to transmit financial or other information data.



Previously, to protect cards and transactions, they relied on encryption of data on the magnetic strip of the card, and then all hopes were connected with the applets of the chip itself, now security of payment transactions is connected with tokenization. As NFC technology has strengthened and at the same time simplified the method of data transfer, tokenization through NFC greatly enhanced the security of card transactions.

Evgeny Chereshnev, who visited TED in New York, published his thoughts on the topic of modern biochips (and the NFC chip, sewn in subcutaneously, is the essence of the biochip) on Facebook.

A person who has successfully lived with a biochip under his skin for more than two years, based on his experience, introduces the new term “digital DNA”. Against this background, would the familiar NFC not seem to us a relic and a technological vestige? However, this is still far away.

While it is important to continue working on security in the field of financial transactions, including NFC transactions. Tokenization is an indispensable companion of NFC transactions here.

Tokenization is a method of protecting the data of your card, in which the card number (PAN) is replaced by a virtual (token), a unique and randomly generated set of numbers. Tokens themselves can be either disposable or reusable. This technology derives from NFC technology. Tokenization allowed the user to link their cards to mobile wallets, while not telling the Internet merchants the real card number, but replacing it with tokenized ones. Thus, sending transactions from the phone or paying for a purchase using the phone, with the use of tokenization, it becomes safe.





Replacing payment card details with randomly selected symbols / numbers (tokens), which will be stored in the database of stores where the user makes payment, is convenient for further purchases - with just the touch of a finger you make a payment. Moreover, for each online store can be formed by its own set of characters. For example, the VISAToken service initially worked only on iOS devices (Apple Pay became the first experimental platform), but tokenization began to be supported on other NFC devices in the future.

How is data exchanged when using a token?



And here is what the authorization request looks like:



A tokenized payment gateway, for example, Rambus , has already been developedBell id It is a software platform that manages all transactions made through tokens (keys) between issuers and multi-channel providers of tokenized services through a single payment gateway. To replace PSP (payment service providers) come TSP (tokenized service providers).

VISA payment system introduced the Visa Token Service for European banks. The main platform on which VTS will operate will be Apple Pay. Nevertheless, all devices with an NFC chip will be able to support this system. In 2015, Mastercard launched the Digital Enablement Express platform.(Express) to accelerate the provision of millions of customers with additional opportunities to make secure electronic payments. Express service accelerates the process of digital conversion and tokenization on Mastercard cards through the Mastercard Digital Enablement Service (MDES) platform. This technology will turn any accessory, gadget or household appliance item into a device with a payment function.

Apple Pay uses NFC. Samsung, building its payment system, relies on both NFC technology and MST (Magnetic Secure Transmission) technology - magnetically safe transmission. If the first receiving devices must be equipped with an NFC receiver, then the MST simulates the transmitted magnetic field using an induction loop built into the device, which creates a magnetic field that can be easily read by the MAG terminal, as if an ordinary card transaction had been completed.

According to market information, both technologies suffer from inattention of users. If NFC transactions suffer from the fact that only 10% of the terminals are equipped with the receiver of the same name, then with MST the picture is better, but it is also strange: it is likely that up to 10% of the receiving devices will not be able to read MST transactions. Meanwhile, both the first and second technologies are quite reliable: both use tokenization and protect the card number from prying eyes, both support NFC to transmit information on the card. Samsung took the lead by offering MST, but the user is too lazy and conservative to appreciate it now.

Contactless payments were called "cash 2.0", but meanwhile, everyone from Bank 2.0 has long rushed to Bank 3.0. “The bank today is not where you go, but what you do.” Brett King writes fast, but news from the world of financial technology is becoming obsolete and becoming a commonplace even faster. When the next King’s masterpiece is published, most likely tokenization, MST, NFC, RFID tags - all this will become the classic place-name of Bank 3.0.