Contactless payment methods employ devices such as credit cards and debit cards, key fobs, smart cards, smartphones, and similar devices that use wireless communication, such as radio-frequency identification (RFID) or near field communication (NFC), for making secure payments. Contactless payment devices include an embedded chip including an antenna that enable users to wave their card, fob, or handheld device in the vicinity of, but not touching, a reader at a point of sale terminal, such as terminal compatible with ISO 14443. Contactless payments devices generally require close physical proximity with the sale terminal.
Contactless payment devices have advantages over traditional payment devices that require inserting or swiping. For example, while traditional payment devices require a user to remove the device from the user's purse or wallet, contactless payment devices allow users to quickly perform transactions without such removal. In addition, contactless payment devices are less prone to physical degradation after prolonged use. For example, with regular credit cards a magnetic stripe may be damaged due to friction after prolonged use, requiring periodic replacement of the card. With contactless payment devices, however, there is no such degradation because there is no need to insert and remove the devices from a reader. These advantages of contactless payment devices have resulted in wide adoption of contactless payment methods to complete transactions.
However, contactless devices may be more vulnerable than traditional payment devices to wireless attacks that attempt to capture user or account information. Contactless payment devices normally rely on passive electronic circuitry to interact with payment terminals. Such device circuitry is powered and activated by the wireless circuitry within the payment terminal. After the passive electronic circuit is activated, it interacts with the payment terminal to exchange information and conduct the transaction. Using passive electronic circuitry in contactless payment devices is convenient because it avoids the requirement of embedded power sources.
However, such passive circuitry may create security challenges. The passive circuitry may be activated by an attacker mimicking a payment terminal, enabling the attacker to capture the confidential user information. In current contactless payment devices, the passive electronic circuitry does not have any method to authenticate activation signals and, therefore, the contactless payment device could be exposed to “spoofing” signals from an attacker.
Protocols such as NFC attempt to minimize risk of exposure by requiring close proximity between the contactless payment device and the payment terminal. However, an attack circuitry can modify payment terminal circuitry to expand the range of terminal range and attempt to broadcast signals to gather information. These attacks may be particularly effective in crowded areas such as trains, elevators, and large social events.
Special wallets, purses, and slip cases are now commercially available that block electromagnetic radiation and are designed to prevent these wireless attacks. Although such blocking devices are somewhat effective against the wireless attacks while the contactless payment device is stored, they are also inconvenient and undermine some of the key advantages of contactless payment methods. For instance, use of a blocking storage device requires a user to remove the contactless payment device from the storage device before engaging with the payment terminal. This added removal step undermines the functionality of a contactless payment device because a user is no longer able to quickly pay by merely approaching the payment terminal. Therefore, to improve security of the contactless payment methods while maintaining key advantages of these methods, it is necessary to create new security methods.
The disclosed systems and methods address one or more of these and other problems in the prior art.