On September 9, Apple announced iPhone smartphones 6 and iPhone 6 Plus, one of the features of which was the NFC chip and the Apple Pay technology based on it. In the presentation, the main emphasis was placed on the possibility of contactless payment for purchases using a smartphone, but in fact, the capabilities of NFC do not end there and have long been successfully used in Android smartphones to perform many different tasks, from paying for a trip on the subway to automating your smartphone.
Instead of introducing
NFC stands for Near Field Communication or “near contactless communication”, in Russian. At its core, it is a small chip that can be built into a smartphone for the purpose of transmitting data over very short distances at a very meager speed. NFC is very close to RFID technology, which has long been used to tag products in supermarkets, but is based on its more recent ISO/IEC 14443 (smart cards) standard and is designed for use in wearable electronics (read: smartphones) and performing secure transactions (read: payment for purchases).
As with the ISO/IEC 14443 standard, NFC has a range of only 5–10 cm, but the difference is that the NFC chip is capable of acting as both a tag and a reader at the same time. In other words, a smartphone equipped with NFC can be either a smart card (a metro card, for example), which just needs to be brought to the reader to pay, or the reader itself, which can be used, for example, to transfer funds between smartphone cards and turn real cards into with support for ISO/IEC 14443 standard in virtual.
But this is only “one of” and the most obvious application of NFC. Due to the fact that the NFC chip is capable of transmitting data in both directions and does not require device authentication, it can be used as a simple and more convenient replacement for Bluetooth. Using NFC, for example, you can share links, passwords, contacts and other data between smartphones by simply bringing them close to each other.
Introduced in Android 4.0, Beam technology further expands the scope of NFC, allowing you to quickly transfer entire files and folders between devices, which is achieved by pre-authenticating Bluetooth devices via NFC and then establishing a Bluetooth connection and sending files. As in the previous case, all that is required for the transfer is simply to bring the phones close to each other. IN Samsung firmware this function is called S-Beam and allows you to use not only bluetooth as a “transport channel,” but also Wi-Fi (one of the smartphones turns into an access point).
Another possibility is the use of passive NFC tags. These tags, in the form of small stickers, can be purchased for half a dollar each and reprogrammed using a smartphone. Each of them can contain 137 bytes of information (in the case of the most common and cheapest Mifire Ultralight C tag), to read which, again, you just need to bring your smartphone. In the tag you can write the password from home Wi-Fi and stick it on the router. Or a code word to which the smartphone will respond. You can organize the automatic launch of the navigator when you install the smartphone in the holder in the car, or enable silent and energy-saving modes when the phone is on the bedside table. A small shopping list of 137 bytes will also fit quite well.
In this article we will talk about all possible applications of NFC in practice, but since in our country payment for purchases using it has been implemented almost nowhere, we will talk mainly about automation based on tags.
Smartphone support
The first phone with integrated NFC support there was Nokia 6131, released back in 2006. At that time, the built-in NFC chip was just a toy to demonstrate the capabilities of the technology created two years ago. The smartphone was equipped with software for reading NFC tags, but due to their then high cost and almost zero popularity of the technology, it was not suitable for any serious use this feature I didn’t claim a smartphone.
After some lull, NFC began to popularize Google company, released in 2010 samsung smartphone Nexus S and Google app Wallet, which allowed you to pay with virtual credit cards using NFC. The following year, Google became a leading participant in the NFC Forum and introduced Android 4.0 and a smartphone based on it Samsung Galaxy Nexus, which now boasted the presence of that very Beam function. Later the Nexus 4 appeared, and other manufacturers finally began to catch up.
Today, almost all smartphones produced are equipped with NFC. Even ultra-low-cost Mediatek chips have a corresponding module, so most new Chinese smartphones costing 5,000 rubles are also equipped with it. In any case, the presence of an NFC chip can be easily checked by the presence of the item “ Wireless network-> NFC" in settings.
Playing with tags
Where can I get tags? As I said, the easiest option is to simply order them from China (dx.com, tinydeal.com, aliexpress.com). The cheapest tags, represented by Mifire Ultralight C with 137 bytes of memory, will cost about five dollars for ten pieces. You can also get branded tags from Sony (SmartTags), but in addition appearance and the prices, which will be three to five times higher, are no different. Another option: TecTile tags from Samsung with an even higher price tag, but also more memory (716 bytes). But here you need to be careful, the first version of the tags is only compatible with the NXP NFC controller, so they will not work with most smartphones.
It is quite possible to use tokens and subway cards as a tag for multiple trips. Often, part of the memory in them remains free for writing, so you can put any information there. But even if this is not the case, the tag can still be used as an action trigger, simply by setting the smartphone to react to the unique ID of the tag.
Without additional software, mobile operating systems have only limited support for “communication” with tags. The same Android does not offer any tools for working with them at all. All you can do is simply bring the tag to your smartphone so that the latter can read it. Depending on the type of data recorded in the tag, the smartphone can display this data on the screen (text type or not supported), open a web page (URI type), launch an application (special type android.com:pkg, supported only in Android) , open the dialer with the specified number (URI type "tel://") and perform some other actions.
There are no means in Android to change the tags themselves or the behavior of the smartphone in response to their detection, so we will have to acquire additional software. The three applications we will use are:
- NFC TagInfo - a tag reader that allows you to obtain the most complete information about the tag and the data recorded in it;
- NFC TagWriter is a proprietary application from leading tag manufacturer NXP Semiconductors;
- Trigger - allows you to independently determine the reaction to a tag with the ability to transfer control to Tasker.
NFC TagInfo
First, let's figure out what kind of tags we got. The Chinese usually don’t provide any details on this matter, and I’m generally silent about subway maps. Launch NFC TagInfo and bring your smartphone to the tag. Next, tap on the Tag Information item and see (screenshot “Reading the NFC tag”) what we have:
- UID - unique identificator tag;
- RF Technology is a standard supported by the tag. In this case, it is ISO/IEC 14443 Type A, that is, a regular RFID tag with support for the first version of the data exchange protocol (Type A);
- Tag Type - the type (or better said, “model”) of the tag. In this case, NTAG203 is Mifare Ultralight C, the cheapest on this moment tag. The letter C means support for data encryption. There is also Topaz 512, which holds 450 bytes of information, and Mifare Classic 1K (716 bytes), used in TecTile tags and often in metro maps;
- Manufacturer - tag manufacturer. NXP Semiconductors - 90% of all NFC tags are made by them (Mifare family).
Now we go back and go to the NDEF information menu. NDEF is one of the NFC standards that describes the format for storing information in the tag memory and transmitting it to the reader. A tag can contain multiple NDEF messages, each with its own ID and type, which the smartphone can use to determine how to interpret the data it contains. The type is specified in the format URI, MIME, or domain:service, if we are talking about some type specific to the reader (for example, the same android.com:pkg).
In the NDEF information menu, we are primarily interested in the lines Maximum message size (useful tag size), Is tag writable (write support) and Can tag be write-protected (write protection support). The last option allows you to block tag recording for all devices except ours. In addition, a tag can be permanently locked so that it can never be written down again. In this case, the penultimate option will indicate no.
What's inside the tag?
From a technical point of view, an NFC tag is a microcomputer like those found inside SIM and bank cards. It has its own processor, RAM and permanent memory, but there is no traditional power source. Electricity it receives through electromagnetic induction that occurs between the reader and tag antennas, just as it happens in wireless chargers and passive radio receivers. Thanks to the ultra-low level of energy consumption, the power of such a “transformer” is quite sufficient for the normal functioning of the microcomputer.
The antenna occupies about 99% of the tag area and transmits data at a frequency of 13.56 MHz at a speed of 106, 212, or 424 Kbps. The NFC standards define several data transfer protocols, including several implementations of the data exchange protocol (they are designated by the letters A, B, and so on), which can be supplemented by the manufacturer of the tag itself. For example, the Mifare family of tags implement a number of extensions over the standard protocol, which is why it is possible to catch incompatibilities between applications and the tag (but this is rare).
Data security is ensured in several ways:
- Short range. Ten centimeters is a very private zone.
- Anti-cloning protection with a unique serial number.
- Possibility of overwrite protection and password protection of data.
- Optional data encryption in memory and during transmission.
The leading manufacturer of NFC tags is NXP Semiconductors. They produce tags from the Mifare family, which have become so popular that compatibility with them is ensured not only by other tag manufacturers, but also by manufacturers of NFC chips for smartphones (at the tag emulation level). The family includes several different models, starting from the simplest Mifare Ultralight C and ending with Mifare DESFire EV1, which have a built-in file system with cryptography support and flexible access rights.
Go to the NDEF message menu. If the tag contains any data, it will all be displayed here, broken down into messages. The remaining NFC TagInfo options allow you to view information about the tag's memory: actual volume, dump in HEX and ASCII formats, access rights to memory pages, and so on. I recommend returning to these options after writing to the data tag.
Writing data
We will use NFC TagWriter to record data. Using the application is quite simple. Launch it, tap on Create, write and store, select New, then select the type of data to be written. The most useful types: contact, plain text, phone number, Bluetooth connection data, URI and application. The list even includes a web browser bookmark and an email message, but what they are needed for is not entirely clear.
Next, fill in the required fields (for example, the website address in the case of URI), click Next and get to the options screen (screenshot “NFC TagWriter: message options”). Here you can specify the application that will be launched after reading the label (Add launch application) and set protection against overwriting by a third-party device (Apply Soft Protection). The application will also take care to inform us about tag models that can accommodate this data (in this case everything is OK, NTAG203 is in the list).
Click Next again and bring the smartphone to the tag. Voila, our data is in it. Now they can be read by any NFC-enabled smartphone. But what does this ultimately give?
Use cases
In fact, there are a lot of scenarios for using tags. For example, I use tags for storing passwords and home automation, others for automatically unlocking a smartphone and automatically starting a navigator in a car. Tags can be glued to a table, on a laptop, on a keychain, inside a book, on a business card, or sewn under clothing. Therefore, the range of their application is huge, and ultimately everything depends only on your imagination.
Home automation
The simplest and most obvious way to use tags is to simply stick them around the house in order to create some kind of automation system. There are many different options here. I will give you the most interesting and useful ones.
- Home Wi-Fi password. We put a tag on the router and write the password into it using the InstaWifi application. It will be useful not only for those who often receive guests, but also for those who like to experiment with firmware.
- Launch auto-sync or an application for exchanging data with a PC. The tag can be glued to a laptop or system unit and configured to launch an application for data synchronization (AirDroid, WiFi ADB and others).
- Enable the access point. Again, we glue the tag on the laptop, then install the Trigger application. In it we add a new task, select NFC as a trigger, skip the selection of restrictions, select “Wireless and local networks-> Wifi zone”, skip the next screen (adding a switch) and on the last screen bring it to the NFC tag.
- Turn on airplane mode at night. We glue the mark somewhere closer to the bed. Launch Trigger, new task -> trigger: NFC -> action: “Experimental -> Airplane mode”. Alternatively, instead of turning on airplane mode, you can set the data and Wi-Fi to be turned off by adding the appropriate actions to the task.
Automotive Automation
NFC tags will be very useful for those who use a smartphone as car navigator. Just stick the tag on the smartphone holder and write down instructions for launching the navigator in it - and voila. Everything has become much easier. However, I would recommend going a slightly different route and complicating the setup by adding automatic switching on Bluetooth (for headset), GPS and turning off Wi-Fi.
To do this, we again need Trigger. Launch it, add a task, select NFC as a trigger. Add the action “Bluetooth -> Bluetooth On/Off -> Enable”. Add one more action: “Wireless and local networks -> GPS On/Off -> Enable”. And one more thing: “Wireless and local networks -> WiFi On/Off -> Turn off.” Finally, add the action “Application and shortcuts -> Open application -> select application”. We skip the screen for adding switches, on the next screen we bring the smartphone to the tag.
Now, after installing the smartphone in the holder, we will receive a smartphone fully configured for use in the car.
Unlocking your smartphone
Motorola has a pretty interesting smartphone accessory called the Motorola Skip. This is a clothing clip for quickly unlocking your smartphone without having to enter a PIN code or graphic key. The accessory is quite useful in some cases, but it only works with smartphones from the same company. Fortunately, a similar contraption can be assembled on your knee.
I won’t tell you how to make the clip itself - here everyone is free to show their imagination, you can stick an NFC tag on your hand - but instead I’ll tell you how to set up the smartphone to unlock when you touch it. There are several ways, but the simplest and most effective is the Xposed NFC LockScreenOff Enabler module. The module, like Xposed itself, requires root, but in addition to effectively solving the problem, it includes a super function - activating NFC when the screen is off.
The fact is that for security reasons, Android prohibits the use of NFC until the screen is unlocked (not just turned on, but unlocked), which negates many effective techniques for using it. NFC LockScreenOff Enabler solves this problem.
Business card
NFC tags can be used in combination with business cards. There are several companies on the market that produce them, but their price tags are such that it’s easier to stick tags on ordinary business cards yourself, and still have a lot of money in your pocket. You can write any information into a tag, including contact information (TagWriter supports this format), website address, or even the geographic coordinates of your office (the smartphone will automatically open maps to show the location). And the most important thing is that you don’t have to give the business card to the person, it’s enough for him to scan it.
Turning on the computer
This is a kind of development of the idea of tags on a system unit and a laptop. The idea is to create a setting that will allow you to turn on your computer using an NFC tag without taking into account where the tag itself is located. For example, you can stick it in the hallway, so you can turn on the car even before you take off your shoes. The method is based on the WoL function, which allows you to turn on the computer by sending packets to the Ethernet port, and the Android application Wol Wake on Lan Wan, which does this via the Internet.
How to setup? First, open the router control panel and configure forwarding of ports 7 and 9 (WoL ports) to our home machine. It is very important to specify the MAC address instead of the IP, since the latter may be given to another device. Next, go to noip.com, register and receive free domain, which we will use to reach the router from the outside. If you have a static IP, you can skip this step.
Next, install Wol Wake on Lan Wan on your smartphone, click the Add New button and enter an arbitrary name, the computer’s MAC address and the previously obtained domain in the window that opens, and click Save. Just in case, we check the settings. Next, install Tasker, go to the Tasks tab, create a new task, select Plugin -> Wol Wake on Lan Wan as an action and select the previously created WoL profile. Let's save.
Now we need to link this task to NFC. To do this, launch Trigger, add a task, select NFC as a trigger, and “Scheduler -> Scheduler Task” as an action (the developers translated Tasker as “Scheduler”), then select the task created in the previous step in Tasker, skip creating switches and At the last stage of setup, we bring the smartphone to the NFC tag.
This is all. If everything is configured correctly, then when a tag is detected, Android will give control to Trigger, it, in turn, will launch a Tasker task, which will activate the profile we need in the Wol Wake on Lan Wan application, it will send the WoL packet to the router, and it will redirect it to MAC address of the computer, LAN card which... Oh well. In general, everything should just work :).
conclusions
NFC technology has a lot of applications, and I'm sure that within five years NFC tags and payment terminals will be everywhere, from advertising posters to supermarkets. And I hope that at least this time Russia will not lag behind the rest of the world by fifty years.
Today, a very large number of people use contactless passes: at enterprises, in hostels, etc.
Such a pass is also called a “tag”. Some of the most common RFID badges have an operating frequency of 125 kHz. The internal structure consists of a wire coil and a microchip.
Such a pass is of course not large in size, but it is still not so convenient to carry it with you every day. Moreover, if you forget, it’s not very pleasant to return home to get your pass.
I'll show you a way to embed a pass card into cellular telephone.
So, take the pass and soak it in acetone for 1 hour. The main thing is not to overdo it so that the acetone only corrodes the plastic and not the coil with the chip. Take care of ventilation, as acetone is very toxic. Keep the pass in acetone in a container that is closed so that excess vapor does not evaporate. And be sure to ventilate the room.
After an hour, carefully blue the plastic. And Gently separate the separated layers. Take out the reel with the chip.
The little black dot on the microboard is a chip with information.
Next, take a cell phone. Remove the back cover.
Place the reel with the chip on the back wall. Apply nail polish. Waiting for it to dry. Several layers can be applied.
All. Close the phone cover and check.
In principle, there is nothing complicated here. The main thing is not to overdo it with acetone soaking and not to break the wire when transporting from one place to another.
Now you don't need to carry your pass with you, and your phone will always be with you.
We remind you that attempts to repeat the author’s actions may lead to loss of warranty on the equipment and even to its failure. The material is provided for informational purposes only. If you are going to reproduce the steps described below, we strongly advise you to carefully read the article to the end at least once. The editors of 3DNews do not bear any responsibility for any possible consequences.
To scan smart cards regardless of where they are used, be it transport or a passage to a gold vault, you can use, as the developers themselves put it, the “Swiss Army knife program” NFC TagInfo, written by NXP Semiconductors. Indeed, it allows you to find out quite a lot about smart cards, right down to the memory dump. Just for fun, try scanning the cards you have. For example, we discovered an NFC chip in a bank card we just received.
This is how a metro ticket is determined
Example of a transport and bank card
A companion to the reader is a program for recording NFC tags from the same manufacturer. Using this utility, you can write contact information, text, SMS or URL onto a tag. True, for it, like for most other utilities, you need to buy these same tags or cards. For example, like this or like this. They cost from 50 rubles apiece and are available in various form factors. For more or less professional use, of course, you need completely different equipment. You can also read data from smart cards using the NFC TagInfo utility.
The NFC ReTAG FREE product is much more interesting. With its help, in theory, you can rewrite NFC tags received somewhere and already used - temporary passes, price tags, and so on - if, of course, you can get them somewhere in Russia. However, much more useful property This program has a completely different character. It can not only read any tags, but also remember their IDs and simultaneously assign some action. Most other programs that can do this kind of thing usually make NDEF records (analogous to MIME) in the label, which they then read and trigger the action.
Well, with the help of this utility we can use the same used metro tickets as a payload. The list of available actions, although limited, is not so small - adjusting the volume, turning on and off wireless interfaces, emulate multimedia keys, launch an application, show a pop-up message, and so on. You can assign several actions to one label at once. For example, when you come home and touch your smartphone to the “ticket”, you will automatically turn off Bluetooth, turn on Wi-Fi and put it in quiet mode.
The ToothTag program has slightly less capabilities - it only allows you to play a melody, turn on vibration, make a mark on the map, check in on Foursquare, open mail or Google Voice. Any set of these actions can be tied not only to an existing tag (tickets), but also to the presence of certain Bluetooth or Wi-Fi devices in the field of view. Actions are configured both for entering the zone and for leaving it.
Well, if you do get NFC tags, you can try the following programs: NFC Profile, NFC Quick Actions Free and NFC Tag Launcher. They can also launch applications and change some settings of the smartphone or control it. There are also more exotic utilities like Touchanote, which, when you touch a tag, opens a specific entry in Evernote. Or WifiTap WiFi NFC, which allows you to write connection parameters to the card Wi-Fi networks. The point is that guests who come to you will not ask you for your password and point name, but will simply touch their smartphone to the card and connect immediately.
To close the issue with tags, let’s mention NFC Classic Tag Reader Writer. This program is for reading and writing smart cards, but it differs in that it can save information from the cards and then emulate them. Naturally, not all types of cards are supported, so do not try to organize an “eternal” transport pass for yourself. Firstly, not everything is so simple there, and the access control system is sufficiently protected, although it is not without some flaws. Secondly, such actions are naturally prosecuted under the Criminal Code of the Russian Federation. In principle, some smart cards can be successfully cloned, and relatively quietly and quickly. So we can advise the paranoid to make... no, not a hat, but a cover for their cards out of foil. Taking into account the prevalence of contactless systems and not always due concern for safety, the advice does not seem so divorced from real life.
Smartphone using NFC. But NFC has others useful features. Today we’ll try one more in practice: “program” the smartphone to perform certain actions when recognizing an NFC tag. Why is this needed? It's simple.
For example, if you have Wi-Fi at home, every time you come home from work, you need to switch to your network from mobile internet. Very often, when you get into a car, a navigator becomes necessary, and at work you have to turn on silent mode. All this can be automated so as not to point fingers and swipe in vain. What will you need for this?
- smartphone with NFC
- NFC tag (you can use an old transport ticket with a chip)
- 3-4 minutes of free time
Marking the territory
So, our action plan: teach the smartphone to react in a certain way to a certain NFC tag. Each tag has an identifier. The gadget must recognize it and perform “programmed” actions. To link actions to a tag ID, we will need one of the suitable applications - for example, NFC ReTag Free.
STEP 1. Download from the store and launch. We present our mark - in this case, a transport card. The application recognizes it and tells us the ID.
STEP 2. Let's give the label a clearer designation. Click on the green “Actions” button and see a list of actions that we can attach to this label.
There are a lot of interesting things here - launching applications, turning on Wi-Fi, changing the signal volume, calling a specific number...
STEP 3. For example, we choose to launch Yandex.Navigator.
STEP 4. We are waiting for the OK button - in fact, everything is ready. Let's check the result. We bring the unlocked smartphone to the transport map, and voila: the navigator starts automatically. We took the most “affordable” NFC tag, but you can also buy a more practical one, in the form of a sticker. This can be stuck, for example, on a smartphone holder in a car - install the gadget in it, and the navigator will load automatically.
I have a Beeline card - a regular debit MasterCard, which can be obtained for free at any Beeline salon. Annual subscription fee There is no charge for servicing my card. The card works like a regular MC all over the world, only when making purchases, 1.5% of the amount spent is returned to the account in the form of bonuses. Accumulated bonuses can be used when paying for services mobile communications, my wired internet, various products in partner stores.
Card emulation on a smartphone
Essentially, HCE technology makes it possible to emulate contactless smart cards in a phone. In our case, the virtual card is additional function physical carrier - plastic card "Beeline". The owner of such a card, who is also the owner of a smartphone running Android KitKat OS equipped with an NFC module, installs the Beeline card mobile application on it. When logging into the mobile application, to activate the contactless payment function, just enter the EAN card and your password. The application checks the presence/availability of HCE on the device, and if everything is in order, the user is prompted to enable the functionality.
If the user confirms his consent to connect to the service by responding to the received SMS by entering a one-time password, then a virtual card is issued - the data necessary to make NFC payments is loaded into the mobile application from the processing center. Actually, that’s all – the phone has become a contactless payment tool.
H.C.E.(Host-based Card Emulation) is a technology that makes it possible to write software that does not require a dedicated crypto processor for execution in order to provide a communication session with a payment terminal. The application runs on the main processor mobile device, surrounded by the phone's operating system.
What you need to use the service in Russia
In order to use the contactless payment service, you must obtain a free prepaid Beeline card at any Beeline office. Next – download to Google Play mobile application of the Beeline card and activate the contactless payment function. Hardware and software limitations: operating system Android, version no lower than 4.4, the presence of an NFC module in the phone.
What other features are there?
For example, if a user has not one, but several phones running Android 4.4, then the contactless payment service linked to his main card can be installed on all devices of the owner of this card. This is convenient, for example, for using the service with a family. In this case, only one virtual card can exist on one phone.
When paying, when the phone is brought to the terminal, the purchase amount and information about the success of the payment are displayed on the screen.
Payment is only made when the screen is unlocked, so it is important that the phone is password protected. In this case, the application itself may be closed. When you delete the application from your phone, the virtual card is blocked. When you restore the application, the card is emulated again, so you will have to go through the process of setting up contactless payment from scratch. Re-activation of the service will also be required if you disable the contactless payment service in the application. However, it is not at all necessary to delete the application or disable the service - to temporarily block it, you can use the “Pause contactless payment” function.
What is the profit?
So, what does the contactless payment service give us using mobile phone? You can forget your wallet at home, leave your passport or even your driver’s license in the apartment, but with almost 100% probability you will have your smartphone with you. And if this phone has an application for contactless payment installed, then you are always with money.
An NFC transaction is an instant payment. Even in order to pay with a plastic card, you first need to remove it from your wallet, and before that, the wallet from your pocket or bag. When paying in cash, the moment of recalculation, transfer of money, receipt and verification of change, etc. is added. Transactions up to 1000 rubles made using NFC and HCE do not even require entering a PIN code, and the calculation, without any exaggeration, occurs in one moment and with one touch.
After completing the transaction, an SMS message is sent to your phone about the completed transaction and the account balance, i.e. you are always aware of the status of your electronic wallet.
By the way, an interesting detail - the Beeline card application implements the technology of a single PIN for several cards, in this case - for the main Beeline card and a card emulated by the mobile application. That is, both when paying with a plastic card and using the contactless payment service, you enter the same password.
The service is free, no fees are charged for NFC transactions.
Where can I pay?
Of course, the development of the infrastructure for accepting contactless payments depends on the specific region, but today about 5% of payment terminals are already equipped with the NFC function. Across Russia, this is, according to expert estimates, about 30 thousand devices. The market leaders in the production of POS terminals - VenFone and Ingenico - have been equipping their devices with NFC support as a basic standard feature for several years now.
When paying, you should look for an icon on the POS terminal indicating that the device is equipped with contactless functionality.
If we talk about specific points, these are chains, large stores, fast foods, gas stations. McDonald's, Starbucks, Subway, Auchan, O'KEY, Magnit, Aeroexpress hypermarkets, large mobile retail chains, stores of global cosmetics and perfume manufacturers, fashionable leisure venues.
Safety
The most obvious weak point of HCE technology today is security. The data necessary and sufficient to make NFC payments is stored directly in the smartphone’s memory. However for mobile application Beeline cards use a set of measures that minimize the likelihood of hacking. We held an internal competition for hacking the system, with a very good reward, code analysis.
Let's look at some aspects information security HCE technologies implemented for the Beeline card mobile application.
Operations on a locked phone are not possible. In this sense, the HCE solution is better protected than a regular plastic card with a contactless interface - in order to make a payment transaction, an attacker must unlock the phone. When regular card– just get the card itself. When using the Beeline card mobile application, for example, a scenario where on the subway in a dense stream of people money is quietly written off from a virtual card by placing a reader in your pocket is impossible.
The product is protected from hacking and cloning both at the application level and at the processing level. All data is encrypted, the application itself monitors hacking attempts and, if such an attempt is detected, clears all critical data. In this case, the application periodically reports its state to the processing; during all operations, the host checks the expected state and compares it with the actually received one. If there is a mismatch, which may be caused by a cloning attempt, the card is blocked. In addition, the processing center has set up special rules for issuer fraud monitoring, which control the number of non-pin transactions and block the card if suspicious activity is detected.
Transactions worth over 1,000 rubles are protected by an online PIN code, which is entered into the terminal’s pinpad. It is impossible to intercept a PIN code by hacking an application - simply because the PIN code is never entered on the phone.
If you lose your phone, the procedure is practically no different from the standard steps taken when you lose a regular bank card: call the contact center, block the Beeline card via EAN, get a new card at the phone shop. On new map All cash balances, bonuses, etc. will be transferred. In this case, naturally, the card number will change, and the attacker will have a phone in his hands in which the old map, operations on which can no longer be completed because it is blocked.
By the way, we should pay attention to one more nuance related to the security of NFC technology in general. There is an idea that the data transfer session itself from the smartphone to the POS terminal is vulnerable. In fact, each transaction is protected by a unique cryptogram, without which authorization is impossible. From the data transmitted over the radio channel, it is almost impossible to extract any information that would help attackers steal funds from the account by signing other transactions.
Will this service work on the iOS platform?
Apple took the phone-based route and uses the built-in Secure Element, where no one except Apple can upload card keys. Therefore, the only realistic option at present is integration with new technology Visa Token Service (generation of temporary keys for payment), on the basis of which Apple Pay actually works.
Forecasts
It can be predicted that the NFC payment market in Russia is moving from its formation stage to a phase of active growth. The number of phones supporting NFC technology is growing, and integration projects are emerging, implemented jointly by vendors, payment systems and retailers.
In the first half of 2014, 1.2 million smartphones supporting NFC technology were sold in Russia. This is 21% more than in the same period last year. NFC smartphones accounted for 14% of all smartphone sales in the country. It is clear that rapid growth can only be due to the convenience of using contactless technologies, and a powerful driver can give the service mass appeal. Such, for example, as contactless payment for travel on public transport, especially in the metro.
If we talk about the capacity of the NFC payment market in Russia, then experts put the figure at about 15 billion rubles (estimated by the J’son & Partners agency).
