Why Tap-to-Pay Is Safer Than a Credit Card Swipe

[TELUGU]

US was very slow to adapt this tech. COVID really pushed the era of digitization for our society

What people don't get about magstripe is that all your data is recorded on the stripe (like music on a cassette tape) and easy to read. To clone a credit card's magstripe, you just have to read the stripe and write it to another card. You get a perfect copy. But with chip and pin (and tap and pay - although the mechanism is a bit different) on the chip, there's a section of memory called "write-only memory" where a cryptographic key (half of a pair) is stored. It's called "write only" because you can write to it, but only the processor inside the chip can read it and even then, not directly. There's no reasonable way for a cloner to get the data back out short of decapping the chip (removing the top of it, also known as delidding) and using microprobes to trace the circuits while making a request.

The write only memory is attached to a dedicated crypto processor which cannot be asked for the key, rather you give it data and it either encrypts or decrypts using the key in write only memory and then returns the result. Because of how PKI (the system for the keys) work, there are two half keys - A and B and because of the maths involved, if you encrypt a message with A, ONLY B can decode it and if you encode it with B, ONLY A can decode it. If you have either A or B, it's extremely difficult to figure out the other key (it would take hundreds of years minimum even with the most powerful computer, although quantum computers may change that).

Your card has one of the two keys assigned to the card (A) - the bank has the other (B) - so when you tap, the terminal picks a random number, asks your card to encrypt it with A, then sends that encrypted message to the bank which then decrypts the message using your B key. It then re-encrypts the message using your B key and sends that back.

Remember, if you encrypt with A ONLY B can decrypt, and if you encrypt with B, ONLY A can decrypt. So if the card is valid, the card encrypts it with A which the bank can decrypt with your B. It never looks at the content - it just re-encrypts it with the B key and sends that back. ONLY your A key - the one on the card can decrypt it. And that results in the original random number that was sent. If they match, it's valid.

There are very few known ways to trick this system. There was a bug in the early version of the system that, if the attacker got the timing just right, could inject a repeat purchase into the pay terminal (it wasn't a bug with the card) that would look like the first purchase and cause two payouts, but the attacker had 45 seconds to complete it, and the bug has since been patched. Most attacks actually copy the magstripe and then make it look like the tap and pay or the chip card has failed to get you to fallback and use the magstripe.