If your cashless solution truly supports and underwrites offline transactions it must be storing wallet balance data on the NFC tag itself – and doing so has various implications that inform which NFC chip technology is needed for your closed loop cashless solution. When storing balance information on the NFC chip (required for safe offline transactions) the terminal must write to this memory when a purchase or top up is made.
Writing to NFC chips always has security implications and capabilities of NFC chips is by no means standardized and range from trivial or no security to fully bank grade EAL4+ certified. In part three of this series, we’ll explore the security implications of commonly used NFC chips for closed loop cashless applications with specific attention paid to security measures required in enterprise grade payment loops that operate continually.
NFC Chips are Not All Made for Long Term Financial Use, only Limited Use
We’ve all seen how even the largest and most capable tech firms can sometimes not hold the security of their users as the highest priority. Add to this the inclination to cut costs at the expense of security and you could be surprised to learn that your cashless solution may not be as secure as you hoped. This article will cover the additional security measures needed for enterprise grade continually operating payment loops.
Additional Security Features to Prevent Fraud
For longer running experiences such as arenas, football stadiums, and resorts there are additional security measures that prevent attacks which the Ultralight C is susceptible to even though it features authentication. For example, even after authentication the Ultralight C communicates in paintext (unencrypted), which means that even to those that don’t possess the secret key can still eavesdrop on the communication to learn the contents of the memory files you want to keep secret (hence the secret key).
Additional attacks such as man-in-the-middle attacks can also be used to alter the memory contents (and hence balance information) without authorization. This would usually be the case if the point of sale terminal was compromised, something that could be enabled by staff or former employees if they gave the terminal to attackers to perform these attacks. Using NFC chips without long term security features could leave your organization susceptible to fraud on account of former or disgruntled employees that have been given terminals.
For increased security in enterprise grade payment loops where continual operation is required, using an NFC chip capable of multiple security roles is essential. Being limited to a single security role is like having a computer support only a single user account – so anyone with the password to that account would gain complete access – there’s no provision for administrative folders, power users, etc. The Ultralight C only has one role, so if the encryption key was ever compromised because of an attack on a “lost” terminal that an employee never returned there’s no limit to what can be done with it. Even if your cashless solution allows you to specify that a staffer can only make purchases and not top-ups, the Ultralight C does not enforce this at the NFC level. As such, the single key yields complete debit and credit abilities allowing attackers to add fake credit to wristbands should a terminal become compromised. Using a more sophisticated NFC chip such as the DESFire EV1 allows WristCoin to have various security roles. What this means is that although WristCoin terminals are payment grade NFC devices security hardened against attack even in the wrong hands, when staff are delegated only purchase rights (such as temporary bar staff) a compromised terminal will still only yield the ability to deduct credit, not add it. This means that you as a venue or organizer will not be defrauded with fake credit or top ups even if temporary vending staff give equipment to hackers or other bad actors looking to steal from your venue.
See below for a comparison matrix of commonly used NFC chips in closed loop cashless systems.