Clever Geek Handbook
📜 ⬆️ ⬇️

MasterCard Contactless

Mastercard Contactless.png

MasterCard Contactless (formerly MasterCard PayPass [1] ) is an EMV compatible contactless payment technology based on the ISO / IEC 14443 standard , providing MasterCard and Maestro card holders with a method of making a payment by bringing a payment card or other payment tool, such as a phone or key ring, close to the reading terminal instead of holding it for reading or inserting to the terminal.

An analogue of MasterCard Contactless cards are Visa payWave cards and American Express cards - ExpressPay functionality. Technologies are compatible, and therefore payment with such cards is possible on the same terminals that support contactless payment.

History

Microchip PayPass, front view

In 2003, MasterCard conducted a nine-month test market use of PayPass technology in Orlando , Florida in conjunction with JPMorgan Chase , Citibank and MBNA . Over 16 thousand cardholders and over 60 retail locations took part in the test trials. In addition, MasterCard is working on technology with Nokia , AT & T Mobility and JPMorgan Chase to incorporate MasterCard PayPass into mobile phones using Near Field Communication technology in Dallas , Texas . As expected, PayPass will soon be built into mobile phones [2] .

In fact, PayPass technology is not 100% secure, as evidenced by numerous studies and articles [3] .

In 2005, MasterCard began to deploy PayPass in certain markets. According to MasterCard, as of March 2010, around 75 million cards and devices with PayPass were used by more than 230 thousand cash points all over the world [4] . In March 2011, there were already more than 92 million MasterCard PayPass cards and more than 311,000 cash units with the support of this technology [5] .

At the end of 2012, MasterCard Europe reported the results of the year, according to which the issue of cards with PayPass support increased by 50% compared with January of the same year and the technology became widespread in Europe [6] , and around the world PayPass cards are used around 550,000 outlets in 48 countries [7] .

As of September 2014, dozens of banks issue cards with PayPass in Russia [8] .

Use

MasterCards contain a special PayPass logo and, thanks to the presence of a radio chip, they allow you to make contactless payments up to a certain amount without authentication by the cardholder. In the eurozone countries, such operations are limited to 25 euros , 15 dollars in the United States , in the UK 20 pounds sterling (from September 2015 - 30), [9] 50 zlotys in Poland , and in Russia - 1000 rubles. In some issuing banks, at the request of the client, this amount may be reduced. With a PayPass transaction, it is possible to write off and amounts above the established limit, but in such cases after the operation, the cardholder may require authentication by signing a check or entering a PIN code - the method depends on the settings of a particular card set by the issuing bank. In some countries (for example, Germany , Austria , Russia) if the operation limit for PayPass is exceeded, it is possible to confirm the operation with a PIN code, in other regions this is not allowed - in this case, if the operation limit is exceeded, you can make payment using the usual contact method. Both credit and debit cards are issued with PayPass technology: MasterCard PayPass and Maestro PayPass.

When making a payment using PayPass, the transaction amount will either be debited from the account (if paid by credit card), or must be paid in advance (prepaid use) to the personal account, for example, of a mobile phone (if not paid by card). Since the connection between the card and the terminal does not have to be a contact, instead of the card, it can use something else: a key ring equipped with a sticker with an RFID tag, a mobile phone with NFC , etc.

The cardholder can pay at merchants with PayPass and PayWave logos. In this case, the terminal non-contact reads the necessary data and confirms the procedure for its part by sending an audible or visual signal. With this type of contactless cashless payment, the payer does not have to transfer his card into the wrong hands, or insert it into the terminal or confirm the payment by entering a PIN code, pressing the confirmation button or signing the check. It is enough that a person brings a wallet with a card inside to the terminal. However, the procedure will not work and payment will not occur if there are other cards containing radiochips, to which the reading terminal will also react. These include, in particular, new identity cards in Germany.

Security

 
POS-terminal MasterCard PayPass / Maestro PayPass / VISA

Contactless payment significantly saves time and is easier to use than all other everyday payment methods, including cash. As to the security of such a procedure, there is currently a concern, as the methods used potentially open up opportunities for leaking personal information, duplicating payments and unwanted copying of a bank card. [ten]

Due to the use of an RFID chip, it is theoretically possible to partially clone a card remotely, for example, in places with large concentrations of people. However, this distance is too small and for bank cards is usually about 2 cm, which calls into question the complete non-contact use, given that the card is usually stored in a place that provides such a distance - a purse, wallet, purse, etc. The PayPass technology prevents Direct reading of the contents of the RFID chip, including encryption keys. The chip does not contain the name of the cardholder, but you can consider the card number and its expiration date, which is usually not enough to conduct operations on the Internet when requesting an additional CVC2 code from the back of the card and the name of its holder. For each contactless payment operation based on the secret triple 112-bit keys stored in the protected area of ​​the chip using the DES encryption algorithm and card details, its chip dynamically generates a one-time code that confirms the payment transaction. [11] If an unauthorized person can read such a code before using it, it will allow you to create one clone of a card with a magnetic strip. In the case when the original card uses this code earlier, a new confirmation code will be generated and copied for the clone will already be invalid, in the case of the first use of the card clone, the transaction will be approved, and attempts to use the same code again in the original or cloned card will result to the fact that all operations on the card with such a number, both the original and the clone, will be blocked by security systems. Given the relatively low limits on contactless payment operations, the cloning of such cards for single use fraudulently is unprofitable.

A large number of wireless transactions are difficult to make directly from a mobile payment terminal, as in areas with a large population, information about such operations must be received by the processing and authorization center in a timely manner so that antifraud protection systems can react to unauthorized operations before an outsider gets the opportunity to spend . Such systems evaluate each received code for a transaction with PayPass and can react both to the repetition of the security code and to the omission of the code that should have been used by the creation algorithm. And each chip approved by PayPass for cards undergoes a comprehensive assessment system and testing for compliance with security parameters. [eleven]

An effective way to fully protect against unincorporated reading of data transmitted by a chip is to create shielding around the card — for example, carry it in a briefcase or simply wrap a card in foil and destroy, remove, or damage the RFID chip in it. [12]

See also

  • Near field communication
  • RFID
  • Tokenization

Notes

  1. ↑ ALERT: Contactless (formerly known as PayPass) documentation has been moved (Unsolved) . Mastercard (March 8, 2015). Archived March 9, 2015.
  2. ↑ Bilton, Nick . Frontier , The New York Times (May 27, 2011). The appeal date is May 31, 2011.
  3. ↑ Woodruf, Mandi . Italics How To Make It In Your Wallet , Business Insider (May 18, 2012). The appeal date is June 6, 2012.
  4. ↑ MasterCard PayPass Performance Insights , MasterCard.com . Archived May 24, 2010.
  5. ↑ MasterCard PayPass Performance Insights , MasterCard.com . Archived June 29, 2011.
  6. ↑ Contactless payments in Europe are growing with MasterCard PayPass News from 12/20/2012. (Verified May 31, 2015) Archival copy dated May 31, 2015 on Wayback Machine
  7. ↑ MasterCard Press Release, December 18, 2012 (English) (Verified February 16, 2013)
  8. ↑ Where to get MasterCard PayPass card MasterCard.com page (Verified February 16, 2013)
  9. ↑ Review of the market of retail payment services in the Russian Federation for 2011, p. 29. Archival copy of May 25, 2013 on the Wayback Machine Bank of Russia, 2012 on the Central Bank website ( PDF ) (Verified February 7, 2012)
  10. ↑ PayPass security over NFC. IT news for professionals. (him) (Verified February 7, 2012)
  11. ↑ 1 2 MasterCard PayPass Security Newsletter (English) (Verified February 16, 2013)
  12. ↑ Article about the attack on contactless payment cards in Poland (Polish) (Verified February 16, 2013)

Links

  • MasterCard Contactless Official Website
Source - https://ru.wikipedia.org/w/index.php?title=MasterCard_Contactless&oldid=98872177


More articles:

  • Rivoltella, Ardichio
  • List of peacekeeping missions and UN operations
  • USSR Championship in Modern Pentathlon among Women 1989
  • Potentially dangerous astronomical objects
  • Khaziev, Gadelgarey Zakirovich
  • An, Oscar
  • Chondrin
  • Inger, Grigory Bentsionovich
  • Petrushevsky, Sergey Nikolaevich
  • Egorov, Anatoly Ivanovich (football player, 1948)

All articles

Clever Geek | 2019