Portable electronic devices, such as smart phones, tablets, and laptop computers, are ubiquitous. These devices often support multiple means of wireless communication, including near-field communication (NFC) involving data communications established within a short-range communication field.
Europay, Mastercard, and Visa (“EMV”) standard-based cards are smart cards that store information on magnetic strips (for backwards compatibility with older machines) and additionally on integrated circuits. EMV cards are smart cards, and are also called chip cards or IC cards. These include cards that must be physically inserted into a reader. These also include contactless cards that can be read over a short distance using near-field communication (NFC) technology. EMV is a payment method based upon a technical standard for smart payment cards and for payment terminals and automated teller machines that can accept them.
A typical credit card is configured with a contactless chip which allows for a credit card transaction to occur without a user swiping or otherwise physically engaging his or her credit card with a credit card reader. A contactless chip allows for wireless and contactless communication with an appropriate device for easily using a credit card. For example, NFC can be used to allow for a payment to be made wirelessly.
However, many credit cards are configured to allow access to the encoded credit card information by any suitable receiving device. This can lead to security problems, particularly in the context of a mobile device capable of reading data from a contactless chip. Mobile devices configured with, for example, an NFC reader are capable of reading credit card information from a card chip. This can allow the mobile device to read the information on the card whenever the credit card is within the range of the NFC field of the mobile device.
Malicious software exists that can be installed on a mobile device without the user of the mobile device being aware of the presence of the malicious software. This malicious software can be used to access the information on the smartcard. This software can even be part of other legitimate applications as pieces of code that have been integrated therein. In this case, whenever the credit card is in close proximity (purposely or inadvertently) to the mobile device, the malicious software may cause the mobile device to read the information from the credit card. On certain mobile device operating systems, such as the Android operating system, particular applications may be initiated or opened in the presence of an NFC field generated by specific cards, such as for example, smart cards, bank cards, identity cards, membership cards, credit cards, debit cards, and gift cards. For example, upon the Android operating system detecting an NFC field, an application can take advantage of the detection of the field to cause itself to launch (in the background or otherwise unknown to the user) and communicate with the card to retrieve certain information. Thus, sensitive user credit card information can be stolen by malicious software that is configured to listen and wait for any NFC field generated by a specific smart card and take the information from the credit card (or other device). Once stolen, this information can be stored by the malicious software on the user device. This information can then be sent by the malicious software, unknown to the user, to a server where it can be used for fraudulent purposes such as to conduct fraudulent and unauthorized transactions.
Thus, it can be beneficial to provide exemplary system, method, and computer-accessible medium, which prevents malicious applications from conducting EMV transactions.