Today Hannes Ametsreiter (CEO A1 Telekom Austria), Alexander Sperl (CCO A1 Telekom Austria), Bernd Hartweger (CEO Paybox Bank AG), Michael Franek (CEO Merkur) and Andreas Schmidlechner (Marketing Direktor McDonalds Austria) presented a new way to pay in their shops and restaurants. Paybox NFC is a product of A1 Telekom’s daughter company Paybox, which has been dealing with m-commerce for almost 15 years. Customers who have already a Paybox account can apply for a contactless sticker to pay at POS of Merkur and McDonalds for amounts up to 25 EURs. The daily spending is limited 50 EURs.

The Terminals are not off-the-self and have been adopted to meet the requirements of merchants as well as the MNO. Also the payment schema itself has been uniquely development in order to overcome the security issues or contactless creditcards. After a transaction the customer immediately receives an SMS as payment confirmation and can check transactions in an App that is available for iPhone and Android. In the beginning the pilot will start with 5.000 customers from all MNOs.

The processing of the transactions is performed by Paybox Bank, which allows customers of all operators in Austria (T-Mobile/Orange/Hutchison) to participate in the system, which works on a post-paid base. “Our Goal was to build a system with a unique user experience for customers and merchants. Paybox NFC is the product launch of the year 2012.” Alexander Sperl explained. Therefore a lot of customer experience and field studies have been performed.

Although Firstdata rolled out the paypass terminals in August 2011 in Austria, currently a very little amount is proceed thru the system. Thus it pays of not be the first, but offer a clever balanced system which offers a benefit for the customers.

During the press conference there was also mentioned, that other services like parking, loyalty, ticketing and access will be NFC enabled soon.

Links

A1 NFC Services

Probebetrieb für Handygeldbörse (orf.at)

A1, Merkur und McDonald’s starten Bezahlen per Handy (webstandard)

Startschuss für Handy statt Bankomatkarte in Österreich (Die Presse)

Austrian Telco to Launch Own NFC Payment Brand, Snubbing payWave and PayPass (NFCtimes)

Mobiles Bezahlen: A1 startet NFC-Testprojekt (futurezone)

Neue Impulse für Handy-Shopping (Wirtschaftsblatt)

Yet it is not clear why the terminals have not been rollout. Here is a list of Merchants, which are possible locations for the vpay POS Terminals:
Trafik Anita Ludwig
Börserie
Jindrak
Nordsee

Update 16. April 2012: the launch will be somewhen in the 2nd Quarter of 2012 accoding the feedback from the Raiffeisen CardService.

Researchers from viaForensic showed an Android app that allows reading of the creditcard credentials using an NFC Android phone. In order to read the data from the card the Android applications sends four APDUs commands to the cards. A very detailed tutorial on how to structure APDUs for reading creditcards can be found here.

The EMV chip on the card stores the same information as it is on the mag stripe of a card. Both MasterCard (with m/chip) and Visa have a specification on how this data can be read from the chip of the card. Here is a relevant patent for decoding the information from the records read in order to process the CVC and ATC information correctly.

So no breaking of keys or “magic” is required to get the data — just follow the spec. You don’t even need a secure reader or a reader with a SAM (Secure Access Module). A plain ISO14443 reader or an NFC enable phone will do the job.

The chips stored the information from Track 1 and Track 2 thus the following information can be read from the card that is also printed on the front side of the card:

• Creditcard Number
• Firstname, Lastname
• Experation Date
• Transaction Counter
• Service Number

The CVV/CVC/CardID is NOT stored on chip in the card. Instead the card generates a dynamic CVC (2 x 2 Bytes + 1 x Byte Application Counter). The information given by Kristin Paget, that the dynamic CVCs can be used for payment is not correct. Using 2 Bytes one could have a CVC up to 65535, which is different than the 3-digit CVCs given on the card.

Having exactly the same information on the chip as on the mag strip has a one huge advantage for the whole payment industry: no additional investments cost for the POS system, when new readers are used. Copying the information read from the RFID cards can be stored on a mag strip card. Then a payment at the POS can be performed.

The transaction is still “save”, as long as the person at the point of sale checks the signature on the card with the signature from the card holder (which is done rarely — at least in Europe).

But anyway, there is still the possibility to read the credentials form the card, which is a problem for the creditcard industry as well as huge privacy issue, as user can be tracked easily and the Name of the persons is exposed to attackers. Additionally payment transactions where no CVC is required can be performed. In the following video a transaction in Amazon’s online store is shown, with the creditcard information read from the card.

Here is a quick trace of a paypass card, which was read with a contactless reader according to the specifications above. We cannot provide the source in order to avoid legal interferences with the credit card companies

There is a python Script that allows you to use a VivoTech reader to read the contacltess MSD information of a card.

[Step 1] Select 2PAY.SYS.DDF01 to get the PSE directory
IN : 00a404000e325041592e5359532e444446303100
OUT: 6f2f840e325041592e5359532e4444463031a51dbf0c1a61184f07a0000000041010500a4d6173746572436172648701019000
real DF Name on Card: 2PAY.SYS.DDF01
ADF-Name (AID): a0000000041010
Priortity Tag: 01
Application name: MasterCard
-------------------------------------------------------
[Step 2] Select CC Applet
IN : 00a4040007a000000004101000
OUT: 6f1a8407a0000000041010a50f500a4d6173746572436172648701019000
real AID on Card: a0000000041010
FCI Issuer Discretionary Data  present!
Priortity Tag: 01
Application name: MasterCard
-------------------------------------------------------
[Step 3] Send GET PROCESSING OPTIONS command
pdol:8300
IN : 80a8000002830000
OUT: 770a820200009404080101009000
AIP: 0000
AFL: 08010100
-------------------------------------------------------
[Step 4] Send READ RECORD going thru every record; Current: #1 of 1
IN : 00b2010c00
OUT: 70819e9f6c0200019f62060000000001c09f6306000000007e00564c4235323637353034xxxxxxxxxxxxxxxx5e535550504c4945442f4e4f5420202020202020202020202020205e313330343232313030303030303030303030303030303030303030303030309f6401039f6502000e9f660203f09f6b1352675041xxxxxxxxd13042210000000000000f9f6701039f680e0000000000000000000000001f039000
Mag Stripe Application Version Number (Card): 0001
Track 1 Bit Map for CVC3 (PCVC3TRACK1): 0000000001c0
Track 1 Bit Map for UN and ATC (PUNATCTRACK1): 000000007e00
Track 1 Nr of ATC Digits (NATCTRACK1): 03
Track 2 Bit Map for CVC3 (PCVC3TRACK2): 000e
Track 2 Bit Map for UN and ATC (PUNATCTRACK2): 03f0
Track 2 Data var up to 19: 52675041xxxxxxxxd13042210000000000000f
Track 2 Nr of ATC Digits (NATCTRACK2): 03
Mag Stripe CVM List var up to 32: 0000000000000000000000001f03

Decoded Information from Mag-Stripe:
Name: SUPPLIED/NOT
Number: 5267504xxxxxxxx
ExpYear: 2013
ExpMonth: 04
Firstname: SUPPLIED
LastName: NOT
CardType: MasterCard
Valid Checksum: true
-------------------------------------------------------
[Step 5] Cryptogramm
IN : 802a8e80040000000100
OUT: 770f9f61023ce39f6002a4189f360200c49000
TAG_CVC3TRACK2: 3ce3
ACT: 00c4
TAG_CVC3TRACK1: a418

The readers at the POS are ordinary Omnikey 5321 readers with are connected through an USB port with the POS system. In case there is enough space on the counter, the reader is lying next to the Maestro Payment terminal, in other branches the reader is hidden below the counter and given to the customer on request. The reader itself has no display and just indicated is a card was found. From a user point of view, there is no clear indicate if the card was detected and scanned successfully or not.

From a technology point it is clear with system is used: either a proprietary Mifare system or a JavaCard based one. The SD-Cards as well as the stickers are provided by G&D. On issue with booth NFC mediums is that, they cannot be managed over the air. Secondly, the SD-Card only works with specially tested handset, as the antenna inside the SD-Card is very small and therefore a specially designed booster sticker is required. Another issue with the SD-Cards is, that the memory provide for data storage is very limited (eg: 1 GB). A problem with the NFC stickers, that they don’t stick on an iPhone as the surface of the device is so smooth. There were no cards handed to the customers.

Yet it is not clear, what will happen after the pilot.

NXP: NXP presented it PN547. It is the successor of the most famous PN544. The new version is smaller and more energy efficient. There will also be a variant with an embedded secure element, similar to the PN65.

Secondly there is the CLRC663 reader chip for ISO14443 + Felica, ISO15693 and ISO18000-3 and ISO18092 (NFC). The chip is extremely energy efficient. The chip also provides an interface for the communication with a SAM. Thus it is likely that we will see this chip in the next generation payment terminals and desktop readers.

Texas Instruments WiLink 8.0: As the first combo chip family to embed a complete NFC controller solution, WiLink 8.0 devices make NFC integration possible – and more simplified – on any mobile device. The WiLink 8.0 combo chip with integrated NFC yields a more then 50 percent size reduction as compared to non-combo solutions, and is paired with a secure element solution for highly protected transactions. The WiLink 8.0 comes with NFC in the variants WL189x and WL185x.

Samsung: Samsung was present at the MWC with first samples of the S3FHRN2 and SENHRN2. There are no devices jet that come with this chips.

Inside Secure: Inside Secure promoted the partnership with Intel using the SecuRead and MicroRead as well as knowhow and the software stacks in its chips. From Intel side there was no comment or chip shown with NFC functionality.

STMicrolectronics: Also STM showed a demo with the ST21NFCA. The Chip was integrated into a Nexus S and showed Single Wire Protocol (SWP) functions.

The NFC medium is a microSD card which is plugged into a so called iCaisse from device fidelity. The iCaisse communicates through the accessory port with the iPhone to exchange information as such as the unlock command as well as transaction information.

Device Fidelity is cooperating with MasterCard in the US. At Moneto.me the iCaisse with a micro SDCard comes for USD 79,95 including USD 10,00 paypass credit. When integrating the micro SDCard into other devices such as Android devices, a so-called “booster” sticker is required (due to the very small magnetic field of a NFC enabled microSD card). The installation process of such a sticker is shown in the following video:

In the beginning hobex — Raiffeisens own acquirer — will be the only company accepting both types of payments (vpay and cardis). Gerald Kubu, head of card services, claims that there are plans to cooperate with other acquirers. The service provider for processing is SIX Card Solutions. Currently only FirstData has installed some Vivotech NFC readers at Zielpunkt in Vienna and Schlecker. Hobex Verifone readers have only be spottet in the cantina of Raiffeissen. From a devices point of view, Raiffeisen currently is focusing on iOS devices. Android, Blackberry or Windows Mobile Phones will not be supported in the beginning.

The rollout is planned to start on April 1st 2012.

Press Release Raiffeisen

Press Release SIX Card

In Turkey there are already lots of acceptances points for MasterCard paypass, thus more and more bank also allow customers to put their payment application onto the UICC of the mobile network operator. The TSM infrastructure for Turkcell is provided by SmartSoft.

The following video shows two payment process with NFC:

Note that the reader in the first case is mounted very low and it is not clear for the customer whether the payment was successful or not (2:49). In this case a Vivotech reader is used.

In the second case there are 4 (four!) different payment terminals on the counter for accepting different card payments (4:00). During the second process the phone covers the whole terminal display and LEDs and thus the user cannot see whether the payment was successful or not. Only the “beep” tell the user that something has happened.

In the third case different payment stickers are shown (5:00). All the information such as creditcard number, CVC and date are fully visible! The Stickers are issued by Badenwürthenbergische Bank and processed by ATOS. Just help yourself and try online: https://www.kreditkartenbanking.de/bwbank/. Maybe it is not a good idea to put all the sensitive information on a sticker …

For a user experience point of view there is still a lot of work to do.

The card itself will not provide customer information to the merchant. The payment schema explicitly was designed for fast payments with out PIN or a signature. Therefore the amount to be paid is limited to 20 EUR. This is similar to the credit card products PayWave (Visa) and PayPass (MasterCard).

Heise.de

On the other side the LBB (Federal Bank of Berlin) is the frist Visa PayWave Issuer in German.

What can you do?

As a developer you won’t have the keys to the embedded secure element. Therefore you cannot load, delete or modify applications in the secure element (so called applets). According to Google, First Data holds these keys securely. But in the code of Google Wallet there as two AIDs of applets given.

At first there is the card Manager A000000003000000 and secondly the AID of the wallet itself: A000000476201000. You can try selecting them and get some data of the wallet applet using 80CA9F7F00 or 80CA004200.

OTA Management included

Google’s Wallet also includes the OTA Management client acting as the proxy application between the embedded secure element as well as the backend system. The wallet contains URLs such as “https://oma.skcctsm.com/mcp/was/dynamic/url” or
“https://uat.skcctsm.com/mcp/was/dynamic/url” which indicate that the TSM Service of SK C&C is contacted. Also the email-address gtec.skcc@gmail.com is used for Google’s Cloud to Device Messaging (C2DM).

During startup of the wallet, the server is contacted and the log output looks the following (x-ed out the TID, the IMEI and the Device ID). It seems that this information is sent to the backend server.

E/TelephonyManager(  556): Original: com.google.android.apps.walletnfcrel, new:
com.google.android.apps.walletnfcrel
D/OTA     (  556): PseudoIMEI = xxxxxxxxxxxxxxxxxxxxx
D/OTA     (  556): deviceID = xxxxxxxxxxxxxxxxxxxxx
D/OTA     (  556): MSISDN =
D/OTA     (  556): RADIO TYPE = GSM
D/OTA     (  556): MNO =
D/OTA     (  556): intentAction = com.skcc.gtec.otaproxy.SCREEN_UNLOCK
D/OTA     (  556): onStartCommand act = StoreRegID
D/OTA     (  556): onStartCommand serviceID = null
D/OTA     (  556): onStartCommand tid = xxxxxxxxxxxxxxxxxxxxx
D/OTA     (  556): onStartCommand instance_seq = null
D/OTA     (  556): onStartCommand mode = pull
D/OTA     (  556): onStartCommand appletAID = null
D/OTA     (  556): onStartCommand instanceAID = null
D/OTA     (  556): onStartCommand appletVersion = null
D/OTA     (  556): getIsConnect netFlag = false
D/OTA     (  556): act = StoreRegID

A detail security analysis by viaForensic can be found here.

MNOs, the SIM and SEEK

Currently Google Wallet is only available to customers of Sprint. What’s important here is, that Sprint runs a CDMA network, where no SIM card is required. So the only secure element in the device is the embedded secure element from Google. To say it the other way around: Sprint needs the embedded secure element of Google for NFC payments. Therefore Google did a good deal to enter the market, as the other MNOs — such as Verizone — want the SIM card be the secure element (the only!) in the device.

Yet there is no API in the devices for accessing the SIM cards. Additionally also a secure layer is needed in order to manage the access to the applets on the UICC and/or the embedded secure element. The GSMA and the SIMAlliance already agreed on a method (which was proposed by Gemalto). This method is already implemented in the most current version of SEEK, which can be directly integrated into Android.

NFC enabled Android devices without an embedded secure element can be manufactured with a PN544 (without embedded secure element, only SWP support) instead of the PN65n. This is possible as both chips have the identical PINs. There are already models of the Samsung Galaxy S II without embedded secure element.

At the point of sale, Terminals from Point AB are used. Point AB is the largest acquirer in northern Europe and was acquired by Verifone in November 2011.