Submitted by oatli t3_11d63c0 in explainlikeimfive
Are there any security risks? I mean I’m just curious about how does your money stay secure even though it’s contactless?
I’ve used apple google and Samsung pay over the years but I’ve always wanted to know. I read somewhere, something about NFCs but I’m still confused.
DiamondIceNS t1_ja795w8 wrote
To explain how the apps work, we need to understand how chips and contactless cards work.
Credit and debit cards are essentially just reusable check blanks. Written on them, you have the account number of the person trying to send money and the name of the account holder. When using the card to buy something at a shop, the payment computer has the account of the ones receiving the money (the shop) pre-programmed into it, and the employee at the till has punched in the amount to be sent. This is basically all the necessary components of a check. The payment computer phones up the bank with this info to request a transaction, and if the bank computer responds, "Looks great, we'll get that sorted!" the payment goes through and the terminal shows it as paid.
The magnetic strip on older cards is more or less just the info printed on the card, digitized, so the sale computer can read it quickly and mistake-free. Swiping a card is, for layman's purposes, hardly different than just punching in the data printed on the physical by hand, with a magic spellchecker that can tell if you typo'd it.
Now, if that's all a credit card actually was, just a name and account number, it'd be very easy to steal. So they have security built into them to make sure that only the rightful owner is using them. Basically, give the cardholder a test to prove it's actually them.
The oldest (and stupidest) form of this is the signature. The idea is that the card holder writes their signature on the physical card. Then, when making a sale, the cardholder also signs the receipt. The cashier should take the card and receipt, look at the two, and only allow the sale if the two match. The hope here is that A) your signature always looks the same every time you write it and B) only you can write it the way you do, no one could ever copy it. So if the signatures match, you must be the cardholder.
A much better solution is a PIN. It's basically just a tiny password that only the cardholder should know. If someone steals the card (or even just the numbers on the card), but do not know the tiny password, they can't use the card.
This idea is taken to the next level with a chip. In addition to giving you a PIN to memorize, the credit card company makes two identical copies of a tiny computer. One gets embedded into your card, and they keep the other. When you attach wires to this tiny computer and power it on (which is what inserting your chip into a chip reader actually does), you can send it some gibberish data, and it will answer back with more seemingly unrelated gibberish data. The key, though, is that every time you ask it the same gibberish question, it replies back with the same gibberish answer. So, when you insert the chip into a chip reader when making a sale, the card network can come up with a gibberish question, send it to your card's chip, and get the gibberish response back. It then asks the same gibberish question to the copy they have on hand. If the answers are the same, it must mean you have the chip, and by extension you must also have the physical card.
The beauty of the chip solution is that even if an eavesdropper somehow was listening to the conversation between the card company and the chip, and they overhear the gibberish question and answer, it's useless to them. That's because even if they technically know the "answer" to one of the gibberish questions, the card company will never ask that question again. All questions are single-use, and thus so are all answers. The only way to truly spoof the card is to be able to know every possible answer to every possible question. Or in other words, physically have the chip. So the chip effectively defends against people who know your numbers, but haven't physically stolen the card. A PIN is still required to defend against physical card theft.
Contactless tap is basically the same as chip, just done over radio waves instead of wires. This makes it easier to eavesdrop, but as we established already, eavesdropping on a chip payment isn't all that helpful to a thief, so we don't really care about that!
Now, finally, the payment apps. When you install a payment app and register a card to it, what you are essentially doing is turning your phone/watch/whatever into a credit card chip. The credit card company creates a secret program that works like a chip--takes a gibberish question in, gives a gibberish answer back--and installs a copy of it to your device. So when you tap your device to the reader, it gets asked a gibberish question, it creates a gibberish answer, and radios it back to the terminal, just like a chip. This proves that you have the physical device. It doesn't prove you have the physical card, but registering the card in the app in the first place did prove that you must have had it at some point, which is good enough.