How Contactless Debit Cards Work

Contactless smart cards are miniature computers with no onboard power that communicate using a private encrypted protocol. It’s all rather ingenious.

This article illuminates the process that occurs between a smart debit/credit card and a card reader used in shops. Although contactless cards are unpowered, they contain a micro-controller, memory and an inductive coil and this is all you need to complete a transaction.

The Antenna

A contactless card has an antenna in the form of looped coils of wire that pick up electromagnetic energy by induction. Usually an antenna is used as an RF resonator, but not in this case.

The ISO standard requires a carrier frequency of 13.56 MHz to work at a distance of up to 10 cm between card and reader.

The range of the card and reader interaction is influenced by the number of coils in the card and fewer coils reduces the effective range. This is a good thing from the point of view of criminal intent and small sheet of baking foil makes a very effective shield (refer to video).

The antenna has three functions:

  1. To collect RF energy
  2. To receive transmissions from the card reader
  3. To transmit responses back to the card reader

The communication is half-duplex, meaning that only one side can talk at a time, and the protocol has to ensure that this process works smoothly.

The exposed antenna revealing looped inductance coils
An impression of a credit card CPU and antenna
An impression of the CPU and antenna on an internal layer of the card showing how the two parts were physically configured.

The Power Source

The AC voltage from the RF field picked up by the antenna is rectified to provide a continuous DC voltage source. The antenna and rectifier combination provide a steady power source as long as the card is within the reader’s electromagnetic field. When the card voltage reaches a threshold value, the device will switch on and begin to operate.

Incident wave
The card reader’s radio wave carrier signal induces a voltage in the coiled antenna in the same way a transformer does.
Full wave rectification
The induced energy wave is converted into a positive voltage cycle.
Smoothed full wave rectification
Capacitance is used to smooth the voltage into a usable source.

The Micro Controller

A photo of a CPU embedded inside a contactless card.
The underside of the chip showing the CPU mounted inside the boundary of the central pad. The rectangles inside the chip are areas where transistors and other functional components are etched into complete circuits with specific tasks.

The visible surface of the micro controller’s container is a metal pad etched into 6 electrically isolated segments. Depending on the chip design, the underside of the top segment may contain external memory for the micro controller to use. The micro controller itself is contained within the boundary of the central segment.

A contactless credit card CPU
The micro-controller is inside the central square in the chip. This image shows the top and underside of the chip on the left. The right-hand side shows them overlaid (the contact side has been reversed to match the two halves correctly).

The pads surrounding the chip in the centre are used when a card is inserted directly into a card reader. They provide physical electrical contact with the payment machine when a contactless exchange is not possible.

Contactless card microcontroller pinout to the visible pads
In contactless mode, these pads are not used but they do reveal the basic requirements of the microcontroller. The pin carrying the programming voltage isn’t normally used after the card has been shipped.

The microcontroller is programmed with encryption and decryption capability together with instructions to manage a card reader’s communication protocol. Its memory carries its identity and numeric keys that will validate the card for use.

During each use, a special code is generated dynamically by the card and this will be validated by the card issuer remotely. The dynamic code combats criminal card cloning.

The Communication Technique

The reader and card are using amplitude modulation to communicate. In this example the carrier wave is 13.56 MHz, the modulation (sub-carrier) frequency is 847.5 kHz and there are 16 carrier wave oscillations per modulation cycle.

The data bits are encoded using Modified Frequency Modulation to reduce bulk and increase resilience.

A screenshot from EEVBlog''s contactless smart card video
The card reader (left) initiates a response from the card (right) using amplitude modulation. Credit: eevBlog for kind permission to use video screenshot.

The oscilloscope trace shows a data exchange between a card and reader. The left-hand side of the frame shows a communication initiation request from the reader followed by a response from the card on the right.

The Contactless Sequence

Once the communication protocol is established, private encryption keys are exchanged and the transaction confirmation can take place. This is the full sequence of events:

  • A contactless smart card is brought near a card reader
  • An antenna wrapped inside the circumference of the card picks up energy from the radio frequency (RF) field provided by the reader.
  • Energy continues to be absorbed by the card while it is within the RF field.
  • The absorbed energy powers the micro-controller in the card and switches it on.
  • The card reader establishes a connection with the card and a clock signal is used to guide the exchange of data between the reader and the microcontroller.
  • The card reader sends the card an encryption key.
  • The card decrypts the key and uses the result to encode its ensuing communication with the reader.
  • The reader sends the transaction details to the card.
  • The card encodes a document containing the payment details signed with its private key.
  • The card sends the document to the reader.
  • The reader sends a receipt to the card

Newer cards can now operate on low voltages (1.8v) which should make them more reliable.

A Card Being Analysed

Here is Dave Jones of EEVBlog being very enthusiastic. The video is to do with investigating the security of a contactless card. If you stick with it, you will see Dave isolating the communication protocol on an oscilloscope. He does stress that the communication is carried via amplitude-modulated magnetic fields via the transformer style inductance coupling.

References

Disclaimer

Care has been taken to keep the information in this article as accurate as possible but its correctness is not guaranteed. Please refer to the references, when supplied, to verify that you agree with any results that may be presented. You should only use this information as a starting point for your own research, not as an endpoint. You can read the full disclaimer here.