Development of contactless EMV cards

The idea of using a chip that interacts with the outside world using electromagnetic waves, i.e. contactless, appeared in the first half of the 90s. Cards using such chips became known as contactless cards.
At first, contactless cards were exclusively memory cards. These cards were mainly used as a means of identifying an object (Radio Frequency ID, or RFID). For example, they were used to detect an object that fell into the reader’s working area (single-bit chips used in anti-theft systems), identify the object (in addition to detecting the object, it is determined what kind of object it is), and as a limited functionality tool for non-cash payments. With the development of chip manufacturing technologies and, as a result, cheaper microprocessors, it became possible to use contactless cards for authentication of applications placed in the chip. As a result, contactless cards were able to provide the necessary level of security for financial transactions carried out with their help and therefore began to be more actively used as a means for non-cash payments.
The first mass project using contactless payment cards, launched in 1997 — is the payment for car refueling at Exxon Mobil gas stations (USA). Now more than 7500 gas stations of this gas station network serve more than 12 million card holders, or rather holders of special SpeedPass tokens.
Another well — known project for using contactless cards is the Octopus project, launched in Hong Kong and currently serving more than 13 million cards. The original goal of the project was to provide payment for public transport. However, later cards were also used to pay for goods in fast food restaurants and convenience stores.

Finally, we should mention the project of the Moscow metro (1998), which uses contactless card technology, among other things, to pay for travel. This project deservedly went down in history as one of the pioneers in the development of contactless payments.

Reasons for interest in contactless cards
Interest in contactless cards is shown in connection with the desire to use them to occupy the following niches in the field of non cash payments:
new non-cash payment markets for which contact cards and cash are not suitable due to insufficient processing speed of transactions using these payment tools (payment for public transport and toll roads, fast food restaurants, e-tickets, Parking, payment for gas stations);
increasing card turnover by reducing the cost of processing operations and, as a result, capturing a niche of payments ranging from 5 to 15 euros.
Below are the main technical advantages of contactless cards that allow you to win the above niches:
ease of use (you do not need to pass the card to the cashier, correctly Orient and accurately insert it in the reader window, in some cases, the card may be in the wallet of its holder when paying);
higher speed of transaction authorization (the processing time on the card side is approximately 0.15-0.7 seconds, sometimes cardholder verification and card details analysis by the cashier are not applied during the operation);
high level of security of operations, typical for operations on microprocessor cards;
higher reliability of using cards and terminals: due to the absence of mechanical contact between the card and the terminal, a lower level of physical wear is provided. In addition, contactless terminals are protected from vandalism when the reader window is clogged with debris, which makes it impossible to use the card’s contact interface, for example, in self-service shopping terminals (vending machine);
a variety of form factors of card products — cards, key rings, bracelets, etc.;
wide range of temperature conditions (-20 to + 50 °C), protection from water and dirt.
The most important advantages of a contactless card are high speed of operation, ease of use of the card and low cost of operation on a contactless card.
The analysis shows that due to the fact that contactless payments usually:
the card is not passed to the store’s cashier (which means that external card details (such as holograms, microprints, etc.) are also not checked).
the card does not need to be inserted in the reader;
cardholder verification is not used;
the operation is performed offline;
the processing time for the operation on the card is about half the time for a contact microprocessor card,
the operation using a contactless card takes 4-6 seconds, which is 2.5-3 times faster than when paying in cash, and about 6 times faster than when using contact payments.
If, in addition, the customer is not issued a receipt for the operation they performed, such as when paying for a subway ride, the contactless payment may take less than a second to complete. This mode of using a contactless card (offline authorization, lack of verification of the cardholder and the buyer’s receipt) is commonly called “Tap and Go”.
The average processing time of transaction to, respectively the payment of a cash purchase, contact and contactless cards. Measurements were made between the moment when the cashier handed over the cash/card to pay for the purchase (hand-over to cashier) and the moment when the cashier returned the cash/card to the customer (hand-back of balance/card&receipt). Note that the measurement for a contactless card was performed on the condition that the receipt for the purchase is printed out and returned to the buyer.
The security of contactless card payments results from the fact that the card is a microprocessor-based one and supports the security and risk management mechanisms defined in the EMV standard and payment system specifications.

A very important purpose of contactless cards from the point of view of payment systems and banks is to replace cash payments using them. For example, in 2006, 80% of all personal payments in Europe (180 billion transactions per year) were made in cash, while only 6% of payments were made using a plastic card.
Traditionally, it is believed that a debit card is more profitable than cash for transactions of more than €15. However, if you reduce transaction costs (due to the offline nature of the authorization transactions, the lack of verification of the card holder and issuing a receipt), which is achieved by use of contactless cards, it appears that the threshold size of transaction in the contactless card, wherein the payment card remains profitable cash payment can be lowered to €5!
At the same time, 25% of all personal payments in Europe have a size from
€5 to €15. If we assume that 40% of these transactions can be transferred to cards, the increase in the number of card transactions will amount to 18 billion per year and increase the share of card transactions in Europe from 6 to 14%!
Due to the fact that contactless cards are an effective tool for fighting cash, payment systems pay increased attention to contactless card technology. Contactless payment projects launched by leading payment systems are listed below:
VISA payWave (MSD, qVSDC, full VSDC, VISA Wave in Asia Pacific);
MasterCard PayPass (PayPass MagStripe, PayPass M/Chip, PayPass M/ Chip Flex);
Amex ExpressPay;
JCB DualCard (FeliCa), QUICPay (cards with only contactless interface or phones that support the FeliCa Protocol are used) and J/Speedy (used outside Japan, based on ISO 14443 and EMV cards, VISA Wave terminals are used).

The leader in the promotion of contactless cards is the MasterCard payment system. At the beginning of the first quarter of 2009, banks of this payment system issued approximately 55 million contactless MasterCard PayPass cards, which can be used in 146,000 terminals located in 25 countries.
The main payment applications for contactless cards are listed below:
payment for transport (metro, trains, buses, taxis);
payment for car refueling at a gas station where payment terminals are integrated with a filling machine (outdoor terminals);
payments at fast food restaurants and convenience stores at gas stations, bus stations, and metro stations (convenience shop).
payment for car Parking;
payments via self-service terminals (vending machines);
access to the stadium and payment for food in the stadium’s canteen.

Basis of technology
We will briefly discuss the physical basis of contactless card technology — the phenomena of electromagnetic induction and resonance.
The meaning of the law of electromagnetic induction, discovered and mathematically described by M. Faraday, is that in a closed conducting circuit placed in an alternating magnetic field, an alternating electric current is formed. In this case, if the magnetic field changes by sinusoidal law with frequency, and AC current changes by the same law (up to a phase) and with the same frequency. Well, if the conducting circuit is a resonant LC-circuit with a natural frequency that coincides with the frequency of the external alternating magnetic field, then in this case the current in the circuit increases in accordance with the phenomenon of resonance. In this case, the current gain (the scale of the current increase) is determined by the q-factor of the resonant circuit.
In the Appendix to cards, the case looks like this. The card contains an antenna that serves as an inductor of the oscillating circuit (the antenna is from 3 to 10 turns (usually 4 turns) of wire or conducting ink, usually placed along the perimeter of the card). In turn, the coil is connected in series with the capacitor. The parameters of inductance and capacitance such that the corresponding natural frequency of the oscillating circuit of the card close to the oscillation frequency of the external magnetic field.
For example, if you use 4 turns of wire along the perimeter of the card (the area of the turn S = 75 mm × 43 mm) , the inductance of the antenna will be approximately L = 4 mcg. The characteristic value of the capacitance of the capacitor, which can be implemented in the chip, is C = 30-100 PCF. Hence we get that the natural frequency of the oscillatory circuit at
L = 4 mcg and C = 30 PCF according to the Thompson formula is equal to = 14.5 MHz.
Moreover, according to Faraday’s law, the EMF of induction that occurs in the vibrational contour of the card U(t) is determined by the equality:
where w = 2pn;
B(t) = m0mH(t) ≈ m0H(t);
B(t) – the magnetic induction vector of the magnetic field (measured in Tesla);
H(t) — magnetic field strength (A / m);
m is the magnetic permeability of the medium, which in our case has a value close to 1;
m0 = 4p · 10-7 GN/m;
n = 4 — the number of turns of wire in the oscillating circuit; S = 75 mm × 43 mm — the area of one turn of the antenna.
Then the maximum value of the EMF induction is equal to Umax = NSwB0 = 2pm0NSH0 = 5.8 V, and the value of the voltage supplied to the chip after rectification is equal to V, which is very close to the characteristic values of the voltage supplied to the chip of the microprocessor card (1.8 V, 3 V, 5 V).
The external magnetic field, in turn, is created by the resonant LC circuit of the reader, whose input is supplied with an alternating voltage. The frequency of external voltage fluctuations, the natural frequency of the reader’s resonant circuit, and the natural frequency of the card’s resonant circuit take similar values.
As a result, when an external AC voltage is applied to the reader circuit, an alternating current occurs in the resonant circuit of the card. This current charges a special capacitor connected in parallel to the resonant circuit of the card. The energy stored in the capacitor is used to perform various operations by the card chip. In this case, it turns out that in order for the card energy to be sufficient for the implementation of various functions of the EMV Protocol, it is necessary that the amplitude of the magnetic field strength in the chip area is 1.5–7.5 A/m. In this case, the energy consumed by the card to perform its functions is replenished with the energy of the reader’s magnetic field.
According to research by Gemalto specialists, the most energy-intensive procedures are those for processing the INTERNAL AUTHENTICATE command and the VERIFY command with an encrypted PIN-code value, which require RSA algorithm execution on a long exponent for their implementation. During the execution of these commands, the card consumes about 30 mW of power on average. The GENERATE AC command, which requires the 3DES algorithm to be executed, is the second most energy-efficient command

Power consumed by the chip when executing various commands

Command power consumption (mW)
SELECT 12
GET PROCESSING OPTIONS 19
READ RECORD 21
GET DATA 21
VERIFY 30
INTERNAL AUTHENTICATE 30
1ST GENERATE AC 24
2ND GENERATE AC 24

Made for a dual-interface card with the following parameters: RAM = 4.5 KB, EEPROM = 32 KB, ROM = 136 KB, processor clock speed is 10 MHz. The card supports Java Card 2.1, the ISO 14443 Type B radio interface, has an RSA coprocessor and 3DES accelerator, and implements the Dynamic Data Authentication method.
It is important to understand the following: despite the fact that the resonant contour of the reader emits electromagnetic waves, at the characteristic distances between the card and the reader (in the applicable standards, this distance is no more than 4-6 cm and certainly does not exceed 10 cm) at the used frequencies (13.56 MHz), the “wave” effect is not felt. In the close environment of the reader (in the so-called Fresnel zone, the radius of which in our case is approximately 3.53 m), the electromagnetic wave is equivalent to an alternating magnetic field with sufficient accuracy. In other words, we can assume that the resonant contours of the card and reader create a common alternating magnetic field around them.
In this case, the amplitude of the magnetic field intensity falls inversely proportional to the cube of the distance from the center of the reader contour (the Biosavar-Laplace law), and therefore, the energy of the magnetic field created by the reader falls as the sixth power of the distance from the center of the reader contour. This rapid reduction in magnetic field strength is an important element of contactless payment technology. It allows you to achieve a situation when a single card is located in the reader’s work area (the area where the magnetic field strength is high enough to initialize the card operation) at the time of the operation (there will not be several cards competing for the right to work with the reader). Obviously, the reader’s magnetic field is not only used to” energize ” the card. Information is exchanged between the card and the reader using the same magnetic field. For this purpose, pre-defined standards for signal interfaces are used, which define the method of modulation of a discrete signal (using amplitude and phase modulation) and the method of encoding a bit with a discrete signal (widely used modified Miller code, Manchester code,
NRZ encoding).
Obviously, there are many ways to transfer information (bits “0” and “1”) from the reader to the card. To do this, the reader must only change the parameters of the alternating magnetic field (modulate the signal) in one of the pre-defined ways. How do I transfer information from a passive card to a reader?
For this purpose, the so-called load modulation is used. In the resonant circuit of the card, either the capacitance value of the capacitor changes, or the load resistance is connected to it. As a result, the natural frequency of the contour changes, and, as a result, the current strength in the card contour decreases (the frequency of the external field does not change in any way). Changing the current strength in the card contour leads to a decrease in the magnetic field created by it in the area of the reader contour. As a result, the voltage on the reader’s antenna changes. It changes slightly — only by 10 mV at a voltage on the antenna of the order of 100 V (such a high voltage on the antenna is caused by the phenomenon of resonance). Detecting such a weak signal (the signal-to-noise ratio in our case is about -80 dB) requires implementing a fairly complex scheme on the reader side that uses side bands of the signal (in the reverse channel, the signal is first modulated by the subcarrier).
The methods used for signal modulation and encoding are described in more detail in the next section.