Visa payWave – contactless payment technology, what it is, how to use it, ways to connect

Why Apple Pay is safer than a regular card

This is an important point in this attack scenario, because in reality almost no one wears

in your pocket. In most cases, the card is stored in the wallet along with other contactless cards such as travel tickets or other bank cards.

Specifically, my Igenico iWL250 terminal, when more than one card with SAK denoting protocol support 14443-4 is found in the action field, returns an error: “present one card”.

But not all terminals do this. For example, VeriFone Sberbank POS terminals select a random card from several. Some terminals simply ignore all cards if there is more than one without showing any error messages.

Reading one particular card out of several is not an easy task at the physical level. To solve this problem, there is a mechanism of anticollisions. It allows you to select one card if a response was received from several cards at once. This is the very first step in establishing communication with a contactless card in the ISO-14443A protocol.

So, for example, the Troika card (Mifare standard) used in Moscow public transport has the value SAK=0x08 (b00001000), in which the sixth bit is equal to zero. While all bank cards in SAK responses have the sixth bit equal to 1, which means support for the ISO 14443-4 protocol.

Therefore, all that the terminal can do when it detects several cards at the same time is to exclude cards that do not support ISO 14443-4 and select one of those similar to a bank one. Support for the ISO 14443-4 protocol, by the way, does not guarantee that this card will be a bank card, but most likely there will be no other type of card in the wallet of an ordinary person that supports ISO 14443-4.

From personal experience: despite the presence of an anti-collision protocol, if there are at least three contactless cards in the wallet, it is EXTREMELY difficult to successfully read the desired card. Most attempts end in read errors. It is all the more difficult to do this on the run, clinging to other people’s pockets and bags.

However, we will assume that our scammer is very lucky, and this restriction does not bother him.

• Apple Pay requires authorization (fingerprint or password) for each transaction. A regular card does not allow you to control the number of signed transactions when presented to a POS terminal. In theory, an “evil” terminal with modified firmware can make one transaction, and while the client is holding the card near the reader, request several signatures, but not immediately, but later, when the client leaves. With Apple Pay, this is not possible, after the transaction, the user sees the icon of a successful operation and the application closes, a new request will require re-entering the fingerprint.
• Does not allow reading data before authorization – when a phone with Apple Pay enters the reader’s field of action (13.56 MHz), the user is prompted to authorize, and only after successful authorization does the phone begin to be detected as a contactless card. Up to this point, the reader does not see anything. That is why data from Apple Pay cannot be discreetly read from your pocket, unlike a regular card.
• Intercepted data cannot be used to pay on the Internet – a regular card can be used for Card not present (CNP) transactions, that is, for paying on the Internet, by phone, etc. Data from an Apple Pay virtual card cannot be used in this way.
• Doesn’t reveal cardholder details – regular contactless cards can transmit cardholder name and recent purchase history. By card number, in some cases, you can set the name of the owner. You can’t do anything like that with Apple Pay.

Payment instruments

Contactless is supported not only by classic plastic cards. Theoretically, an NFC chip fits into any device, making it a full-fledged payment instrument (smartphone, ring, key chain, bracelet, smart watch, etc.), and helps pay for small everyday purchases.

Visa card

A number of banks supplement cards with a special transport application that allows you to pay for public transport with one touch.

Visa PayWave debit or credit card can be of the following types:

• Classical;
• Gold;
• Platinum;
• Black;
• Signature;
• Infinite;
• Virtual.

They differ in credit limit and a set of additional privileges, but all allow you to pay with one touch.

Smartphone

An Android phone (4.4 and above) supporting Host Card Emulation can easily replace a card. Most new models (not older than two years) of the middle class and above support contactless (equipped with an NFC chip).

Special free programs NFCCheck, NFC Check will help to check its availability.

Offline vs Online transactions

Intimidating news stories tell about scammers with POS terminals in subway cars, who deduct money from your pockets right on the way. These stories do not mention how the scammer got the mobile Internet in the subway car. Perhaps his terminal supports offline transactions?

EMV specifications allow offline transactions. In this mode, debiting occurs without online confirmation from the issuing bank. This works, for example, in public transport in Moscow and St. Petersburg. In order not to queue at the entrance to the bus, while the terminal completes the online confirmation, you are let through immediately, without checking whether you have enough money in your account to pay the fare.

At the end of the day, when the Internet appears on the terminal, the signed transactions are sent to the issuing bank. If it turns out that at this moment you do not have money to pay for the fare, the card will be added to the stop list at all terminals in the city. The debt can be repaid through your personal account using the card number. Learn more about paying for bus fares in St. Petersburg.

Personally, I did not manage to get a POS terminal that supports such a function, so in a scenario with a regular “civilian” POS terminal, we will not consider the possibility of offline charges. This does not change anything, except that the attacker will need to have the Internet on the terminal, so the attack, for example, in the subway, is much more complicated.

There are models of terminals that support WiFi, and in theory our scammer could use WiFi in the metro, after taking care to buy access without ads for the MAC address of his POS terminal, so that he would not need to authenticate through the captive portal, so as it is impossible to do this at the POS-terminal.

How to use

It is very easy to use gadgets from a PayWave card for payments and cash withdrawals.

Payment for purchases

With the card we act as follows:

• we find a special icon on the terminal, confirming the possibility of contactless payment;
• check the amount on the screen;
• bring plastic, smartphone or other device with a chip to the reader;
• we are waiting for the sound signal;
• we receive a payment receipt.

When using Android Pay, you just need to “wake up” the gadget and attach it to the reader. 3 payments are allowed without unlocking, then you will need to maintain a PIN code. If there was an unlock between them, then the counter is reset to zero. Google does not use information about maps connected to the service. A virtual copy is created in the system, information about the real card remains on the servers.

When using a mobile application, you should log in (enter a password), if necessary, select the desired card, attach your smartphone to the reader and confirm the payment.

Cash withdrawal

Large Russian banks are actively implementing contactless cash withdrawal technology. This can be done at all Tinkoff ATMs now, Sberbank plans to equip all terminals with special readers by the end of 2019. You need to act as follows:

• bring the card or smartphone to the reader;
• enter PIN;
• withdraw cash in the usual way.

The technology protects against capture of the ATM card, there is no risk of accidentally forgetting it in the device.

The technology is being actively introduced, but it does not work everywhere yet. A number of trade and service enterprises are in no hurry to install new payment terminals in order to save money.

Sometimes the signal does not pass due to technical reasons. All cards retain the usual chip and magnetic stripe. There will be no difficulties with the transaction. The main thing is to remember the PIN code.

For the trouble-free use of NFC cards, it is advisable to follow a number of simple rules:

• do not bend or overheat;
• avoid getting moisture and liquid on the chip;
• do not wear in places easily accessible for reading by fraudulent devices, use special cases;
• in case of loss, immediately block.

Calculate the profit

In our scenario, the cost of the attack was 100,000 rubles. This means that in order to at least return the investment, our hero needs to complete at least 100 transactions of 1 thousand rubles each. Imagine that he was quite nimble and ran around the city all day, clinging to everyone in a row, so that by the end of the day he had made 120 successful write-offs. We will not take into account the acquiring commission (on average 2%), the commission for cashing out (4-10%) and other commissions.

Can he successfully withdraw money using a card linked to a current account?

In reality, not everything is so simple. Money will be credited to the scammer’s account only after a few days! During this time, our scammer must hope that none of the one hundred and twenty victims dispute the transaction, which is extremely unlikely. Therefore, in reality, the fraudster’s account will be blocked even before the money is credited to it.

Pros and cons

PayWave has a number of advantages:

• quick settlements, resulting in significant time savings in stores, gas stations, etc.;
• high level of security, data will not get to scammers;
• reduction in the degree of wear of the plastic carrier (the probability of paid reissue due to mechanical damage is reduced);
• no risk of card capture by an ATM;
• standard cost of plastic;
• the ability to transfer the card to a child or relative without fear that large amounts will be withdrawn (a PIN code is required).

There are also disadvantages:

• low limit of transactions without using a PIN (some banks allow you to set this amount yourself);
• the name of the cardholder is not printed on the check, in case of unauthorized debiting, it is difficult to dispute the transaction;
• terminals that support contactless payment and ATMs that allow withdrawing cash in this way are not installed everywhere;
• work with devices based on Android only.

Conclusion

The cost of the attack in our scenario is 100,000 rubles. In reality, it will be several times higher, so the fraudster will need much more effort in order to make a profit.

In our scenario, the fraudster always writes off 999.99 rubles, which, most likely, will trigger the anti-fraud system on the side of the acquiring bank. In reality, the fraudster will need to write off smaller amounts.

In order to at least recoup the investment, the fraudster will need to process several hundred victims. Even if a dozen of them contact the issuing bank and dispute the transaction, the fraudster’s account is likely to be blocked. A scenario in which the acquiring bank is in cahoots with a fraudster is unlikely, as the license to operate the IMS costs far more than any potential profits from this type of fraud.

Of the 20 subjects, only three managed to withdraw money from the card, which is 15% of the success of all attempts. These were those artificial cases when there was only one card in the pocket. In cases with a wallet and several cards, the terminal returned an error. In a scenario with a terminal that uses a modified firmware and implements an anti-collision mechanism, the percentage of successful write-offs may be higher.

Contactless payment systems are quite well protected. Despite the theoretical possibility of fraud, in practice it turns out to be unprofitable and extremely difficult to implement. There is no reason to be afraid of contactless cards or to try

Other things being equal, Apple Pay will be safer than a regular plastic card. For greater security, you can block CNP transactions (payment on the Internet) on the main contactless card, and get a second card for online payments only.

Analysis of reviews

Contactless Visa cardholders generally respond positively to them. The use is simple, additional gadgets are connected easily, one-touch payments occur almost instantly, saving a lot of time.

I am not satisfied with the lack of a full-fledged infrastructure, especially in small settlements. Modern reading devices are not used everywhere. Often there are difficulties with signal transmission, you have to use the classic payment method. Despite the assurances of the developers about the absolute security of payments, sometimes unauthorized debits occur within the established limits, which are difficult to dispute.

Not all ATMs dispense cash in a contactless way, even if stated to do so. At this stage in the development of technology, it is impossible to completely refuse to wear plastic, you have to carry it with you just in case.

Scenario 1 – regular POS terminal

The most popular plot of fraud is in the minds of the townsfolk: a scammer with the terminal turned on cuddles up to them in the crowd and writes off money. We will try to reproduce this scenario in reality.

The conditions are as follows:

• The fraudster has a fully functional ordinary POS-terminal connected to the acquiring bank, the same as in stores and couriers. The terminal firmware has not been modified. In our case, Ingenico iWL250. This is a portable POS terminal with a GPRS modem that supports contactless payment, is battery operated and is fully mobile.
• The fraudster does not use any additional technical means, only a POS terminal
• The debited funds are credited to the fraudster’s settlement account, according to all the rules of banking systems

Legal entity

To begin with, we need a legal entity with a current account and connected acquiring. We, like real scammers, will not draw up anything in our name, but will try to buy a ready-made legal entity. face on the site for the same scammers. To do this, let’s look at ads from the first page of Google for the query “buy ip” and “buy LLC”.

Offers for the sale of ready-made companies from scammers (clickable)

The price of a company on the black market with a current account ranges from 20,000 to 300,000 rubles. I managed to find several offers of LLC with a POS-terminal from 200 thousand rubles. Such companies are registered as nominees, and the buyer receives the entire package of documents, along with a “cash card” – this is a bank card linked to the current account of the shell company. With such a card, a fraudster can cash out money at an ATM.

Let’s say our scammer works at the checkout in a store or as a courier with a mobile POS terminal. In this case, he has the opportunity to catch card data, which, in some cases, may be enough to pay on the Internet.

First, let’s figure out exactly how a contactless transaction looks like and what data the card exchanges with the POS terminal. Since we are too lazy to read thousands of pages of EMV Contactless Specifications documentation, we will simply intercept the exchange at the physical level using the HydraNFC sniffer.

There is some difference between the EMV specification for MasterCard PayPass and Visa payWave. This is the difference in signature format and some data. But for us it is irrelevant.

Conclusion

Visa payment system offers a simple and secure way to pay for everyday purchases, saving time. It takes a few seconds to complete a transaction in Visa Payment. It is enough just to attach a card, smartphone or other gadget equipped with an NFC chip to the reader and wait for a beep. PayWave technology is thought out to the smallest detail, applicable to all types of cards from Classic to premium.

It is impossible for the card data to fall into the wrong hands, double debiting is technically impossible. It is easy to turn a smartphone, smart watch, NFC ring or a special keychain into a full-fledged means of payment, it is not necessary to carry plastic with you.

Most domestic banks plan not only to support the new technology, but also to install ATMs with the possibility of contactless cash withdrawal. The leaders are Tinkoff Bank, Sberbank and Alfa-Bank. PayPass, PayWave, and Apple Pay are essentially the same.

Contactless payments are a convenient and secure way to pay for goods and services. The only drawback of the system is that not all mobile devices support this technology. However, given current trends, almost all mobile device manufacturers integrate such modules into all smartphones: elite and budget lines.

NFC sniffer

is a fully open source standalone ISO-14443A sniffer that saves captured APDU commands to an SD card. The sniffer antenna is placed between the terminal and the card, and passively captures all transmitted information.

→ Site about HydraBus and HydraNFC shield→ Firmware sources

Looking ahead, I must say that at this level, payment by phone and a regular plastic card is no different. For a POS terminal, this is a regular VISA card. However, paying by phone is much safer than paying with a physical card, and we’ll see why later.

Parsing the EMV protocol

Raw data received from the sniffer (open spoiler)

Cash receipt and slip from the transaction (clickable)

R (READER) — POS-English
T (TAG) — Language (in the South African)
R{amp}gt;{amp}gt; 52
R{amp}gt;{amp}gt; 52
R{amp}gt;{amp}gt; 52
R{amp}gt;{amp}gt; 52
R{amp}gt;{amp}gt; 52
R{amp}gt;{amp}gt; 52
R{amp}gt;{amp}gt; 52
T{amp}lt;{amp}lt; 04 00
R{amp}gt;{amp}gt; 93 20
T{amp}lt;{amp}lt; 08 fee e4 ec fee
R{amp}gt;{amp}gt; 93 70 08 fe e4 ec fe dd 6e
T{amp}lt;{amp}lt; 20 fc 70
R{amp}gt;{amp}gt; 50 00 57 cd
R{amp}gt;{amp}gt; 26
R{amp}gt;{amp}gt; 52
T{amp}lt;{amp}lt; 04 00
R{amp}gt;{amp}gt; 93 70 08 fe e4 ec fe dd 6e
T{amp}lt;{amp}lt; 20 fc 70
R{amp}gt;{amp}gt; e0 80 31 73
T{amp}lt;{amp}lt; 05 78 80 70 02 a5 46
R{amp}gt;{amp}gt; 02 00 a4 04 00 0e 32 50 41 59 2e 53 59 53 2e 44 44 46 30 31 00 e0 42
T{amp}lt;{amp}lt; 02 6f 23 84 0e 32 50 41 59 2e 53 59 53 2e 44 44 46 30 31 a5 11 bf 0c 0e 61 0c 4f 07 a0 00 00 00 03 10 10 87 01 01 90 00 44 b3) (♀

R{amp}gt;{amp}gt; 03 00 a4 04 00 07 a0 00 00 00 03 10 10 00 bc 41
T{amp}lt;{amp}lt; 03 6f 31 84 07 a0 00 00 00 03 10 10 a5 26 9f 38 18 9f 66 04 9f 02 06 9f 03 06 9f 1a 02 95 05 5f 2a 02 9a 03 9c 01 9f 37 0 0 50 bf 0 90f 06 43 90 00 1d 66
R{amp}gt;{amp}gt; 02 80 a8 00 00 23 83 21 36 a0 40 00 00 00 00 01 42 98 00 00 00 00 00 00 06 43 00 00 00 00 00 06 43 18 09 18 00 e0 11 01 03 1 4 ) (0 f9

T{amp}lt;{amp}lt; 02 77 62 82 02 00 40 94 04 18 01 01 00 9f 36 02 02 06 9f 26 08 d6 f5 6b 8a be d7 8f 23 9f 10 20 1f 4a ff 32 a0 00 00 00 00 00 00 00 00 00 00 00 00 00 9f 02 02 00 80 57 13 13 00 01 80 90 00 of c8
R{amp}gt;{amp}gt; 03 00 b2 01 1c 00 c9 05
T{amp}lt;{amp}lt; 03 70 5f 28 02 06 43 93 93 07 02 C0 00 9f 19 04 04 00 00 03 02 73 73 01 00 00 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 39 36 31 36 37 36 32 35 90 00 a7 7b


Let’s analyze each line of the line from the intercepted dump separately.

R{amp}gt;{amp}gt; — data sent by the POS terminal T{amp}gt;{amp}gt; — data sent by the card (in our case, a phone with Apple Pay)

14443-A Select

At the beginning of the exchange, the terminal establishes a connection with the card at the link level. For those who are familiar with networks and the OSI model, it will be convenient to think of this as the L2 layer, and the UID (Unique Identifier) ​​of the card as the MAC address of the host.

An important difference between a regular payment card and Apple Pay is that the card is always available for reading and does not allow you to control the reading process in any way. It can be uncontrollably read through clothing, while the phone, getting into the field of action of the reader, prompts the user to activate the virtual card. Until the user confirms, the phone does not transmit any data, and the reader does not even know that there is a virtual card nearby.

 R{amp}gt;{amp}gt; 52 // DEATH (wake up)
R{amp}gt;{amp}gt; 52 // WUPA
R{amp}gt;{amp}gt; 52 // WUPA
R{amp}gt;{amp}gt; 52 // WUPA
R{amp}gt;{amp}gt; 52 // WUPA
R{amp}gt;{amp}gt; 52 // WUPA
R{amp}gt;{amp}gt; 52 // WUPA
T{ampl}lt;{ampl}lt; 04 00 // ATQA (Answer To Request type A)
R{amp}gt;{amp}gt; 93 20 // Select cascade 1 (Anti Collision CL1 SEL) .
T{ampl}lt;{ampl}lt; 08 fe e4 ec fe // UID (4 bytes) BCC (Bit Count Check)
R{amp}gt;{amp}gt; 93 70 08 fe e4 ec fe dd 6e // SEL (select tag 0x9370) UID CRC16
T{ampl}lt;{ampl}lt; 20 fc 70 // SAK ( Select Acknowledge 0x20 ) CRC16
R{amp}gt;{amp}gt; 50 00 57 cd // HALT (Disable communication 0x5000) CRC16
R{amp}gt;{amp}gt; 26 // REQUIREMENTS
R{amp}gt;{amp}gt; 52 // WUPA
T{ampl}lt;{ampl}lt; 04 00 // ATTACK
R{amp}gt;{amp}gt; 93 70 08 fe e4 ec fe dd 6e // SELECT
T{ampl}lt;{ampl}lt; 20 fc 70 // SACK
R{amp}gt;{amp}gt; e0 80 31 73 // RATS (Request Reply to Select 0xE080) CRC16
T{ampl}lt;{ampl}lt; 05 78 80 70 02 a5 46 // ATS (Answer to select response) 

The terminal constantly sends a command

Wake-up (WUPA), and as soon as the card appears in the action field, it responds with the Answer To Request type A (ATQA) command, in our case this is

. The ATQA response may vary depending on the chip manufacturers.

Upon receiving the ATQA response, the terminal starts a collision detection procedure to determine if there is more than one card in the action field. The 0x93 0x20 Select cascade level 1 (SEL CL1) command prompts all cards in the action field to report the first part of their UIDs.

The card responds with 0x08 0xFE 0xE4 0xEC 0xFE, the first four bytes are the UID of the Apple Pay virtual card and the 0xFE Bit Count Check (BCC) at the end.

Having received card identifiers, the reader accesses a specific card with the 0x93 0x70 (SELECT) command. The command is followed by the UID of the card 0x08 0xfe 0xe4 0xec 0xfe BCC 0xdd 0x6e CRC16.

The card responds with 0x20 Select Acknowledge (SAK) 0xfc 0x70 CRC16.

If multiple SAK responses are received at this step, the reader may decrease the length of the UID in the SELECT command until a single card responds. However, as shown above, some POS terminals refuse to continue if collisions are detected at this stage, that is, the presence of several cards at the same time.

Reader sends a command

HALT

CRC16. This is the end command.

Then the procedure is repeated again, the reader wakes up the card again (WUPA), but without checking for collisions, SELECT is immediately performed. Why this is done – I don’t know, perhaps this is some more reliable way to determine collisions.

The second time the reader is already sending the command 0xE0 0x80 Request Answer to Select (RATS) 0x31 0x73 CRC16.

Card responds 0x05 0x78 0x80 0x70 0x02 Answer to select response (ATS) 0xA5 0x46 CRC16.

Answer to select – similar answer to Answer To Reset (ATR) for contact cards. It contains information about the maximum frame size and link layer parameters.

At this stage, the “link” level is completed, then the exchange begins on a higher level protocol, depending on the application contained on the card. The SELECT operation is the same for all ISO 14443A contactless cards, including NFC tags, public transport tickets, etc.