If your cashless solution truly supports and underwrites offline transactions it must be storing wallet balance data on the NFC tag itself – and doing so has various implications that inform which NFC chip is needed for your closed loop cashless solution. In part one of this series we’ll explore an often overlooked, yet critical implication: memory tearing in NFC.
When storing balance information on the NFC chip (required for safe offline transactions) the terminal must write to this memory when a purchase or top up is made. Writing memory to any NFC tag always involves the risk of the terminal or tag being removed too soon, making the tag go out of range before the memory writing completes. This will cause memory tearing.
NFC Chips are Not All Made Equally
Like any computing product, NFC chips are not made equally. CPUs, RAM, and disk drives are all sold at various tiers to better suit the application and NFC chips are no different. You may choose a high reliability and speed solid state disk for your main OS drive and your critical files but a more pedestrian mechanical drive for less critical files such as local (offline reference) copies of cloud storage. NFC chips are computing products like anything else, and which one your cashless solution provider selects has serious ramifications towards the security and usage claims it can make.
NFC was envisioned to suit many applications with wide ranging security requirements such as interactive media, device pairing using close proximity, and secure financial transactions. Just like some disk drives are meant to store critical information with fully redundant and encrypted storage and others are just basic drives for everyday general use – NFC chips have similar product variants. These variants have vastly different capabilities and some are simply not intended (even by the manufacturer’s warning) for financial applications. Special care needs to be taken if the closed payment loop is a long running one such as one used in a resort, arena, or stadium (as opposed to a single day event).
Memory Tearing and Anti-Tearing
Memory tearing is a general computing term that refers to what happens when a memory writing operation is prematurely terminated, usually because of a disk or power failure. According to NFC technical standards for ordinary (type 2) NFC chips, memory is written in four byte blocks (a block is a unit of memory that cannot be divided for memory access purposes). When an NFC tag is removed from the reader terminal prematurely, ordinary NFC chips don’t prevent the writing process from failing before all four bytes are written correctly. Not that it’s a design flaw in these NFC chips, they simply weren’t designed for applications requiring anti-tearing.
The more advanced and capable NFC chips have built in protection against memory tearing in the event that the terminal becomes out of range before memory writing completes. Using a lesser NFC chip in your cashless system introduces the possibility of tearing so it’s conceivable that a guest could have the balance “corrupted”. Anti-tearing capabilities of NFC chips intended for financial applications beyond low value and short term usage prevent this. If the NFC chip was properly configured by the cashless provider, a guest will never lose balance information due to user error by the staff or guest. All that is required to remedy such user error is simply to try again, rather than have to call management to replace a corrupted wristband and deal with an unhappy guest. WristCoin uses NFC chips with fully guaranteed anti-tearing on all memory writes.
Using a lesser NFC chip would be fine if you’re only reading information from it, but if that’s the case then no balance information is stored and hence the cashless solution depends on Internet connectivity to “phone home” to check that the guest has sufficient balance for each purchase. Closed loop cashless solutions that depend on Internet connections are severely limited and will require costly WiFi infrastructure – so the cost saved on less capable NFC chips is a false savings once you factor in the cost of providing the required connectivity.
Some NFC chips such as the Ultralight C are marketed as suitable for short term, low value vending and ticketing. The Ultralight C however does not support anti-tearing natively and suffers from the limitations discussed in this article. As the manufacturer itself states, the Ultralight C is intended for “limited use applications.” For such applications the Ultralight C can be a cost effective product that has enough (very) basic “table stakes” security for storing short term, low value monetary credit but it is neither recommended nor intended for long term, higher value closed payment loops such as those used in transit, hospitality, and ongoing venue operations (arenas, stadiums, concert halls, etc..). And with only legacy DES based encryption, the Ultralight C leaves much to be desired for long term payment loops.
WristCoin uses the DESFire EV2 chip, which natively supports anti-tearing on all memory updates and uses, despite the name, full 128-bit AES encryption. This does make our wristbands a tad more expensive to manufacture but the savings achieved with increased security, and robustness is realized when no WiFi network or specially trained on-site support staff is needed to support your long running cashless system.