Hi,
I would like to know what modules should I buy to build a contactless payment processing device like attached.
Thanks.
ContactlessPaymentProcessing.pdf (201 KB)
Your PDF identifies the Contactless Reader as complying with ISO 14443.
That should be the starting point for your study.
Is there any possibility you are a little out of your depth?
...R
Yes, using ISO14443 contactless reader with either USB or RS232 connection type to the board like the products show in these links: -
http://www.athena-scs.com/products-solutions/readers/contactless
http://www.identive-group.com/products-and-solutions/identification-products/desktop-readers-terminals/rfid-desktop-readers
Yes, I have little knowledge on this and would like to try it our if any of you are able to give me advise. I don't know if this workable and don't know where to start actually.
Thanks.
This seems to me like a project that would be subject to considerable security requirements imposed by your payment provider. I wouldn't be surprised to find that providers imposed restrictions on the specific epos devices to be used (and the environments they were allowed to be used in) and required devices to be certified before they were approved for use.
Making something that looks broadly like a device for accepting payment shouldn't be hard. Making something that you can actually use to accept payment from the general public is another matter entirely. Which problem are you trying to solve?
Of course, if you try to pass off a DIY device as an approved payment device there are various ways that could lead to fraud.
I could be totally off base here but my first impression is that you have no idea what protocols, software and hardware are used to support the technology you are referring to . Everything you have posted for reference suggests this is a PC based technology running secure server software and who knows what, none of which would ever run on any arduino. Can you run windows software on your arduino ? Can you run secure server software on your arduino ? What possessed you to think that this can be done with an arduino ? We have people from all over the world and from every profession (including scientists) posting here and this is the first I have heard of this. I am really curious who gave you the idea it could be done with an arduino or is that something that you just thought of (one day) ?
Frankly I wouldn't want to have my contactless debit card near a commercial contactless payment processor either. TBH I think contactless payment systems are a crime wave waiting to happen - it's already been demonstrated that the cards can be read from a couple of feet away with commonly available technology, and the systems currently in use provide zero security - the cards can be cloned without any specialist knowledge or equipment and the cloned card is indistinguishable (to the system) from the original. Even worse - the common cards apparently broadcast enough information (completely open - no security whatsoever) for anyone reading it to know the card number, expiry, card holder's name. That's enough to take payments from the card even without cloning it.
Separately from the issues of contactless payment systems, I would be especially wary about using any home-made payment system because it would leave me so vulnerable to fraud.
Just for the record. We cannot honestly we know for a fact what THIS contactless payment processing system would be used for, can we ? After all, it does suggest an intent to make it portable and the size makes it easy to conceal. Do we really want to tell the whole world how to steal our credit card numbers ?
Contactless cards already make it simple to steal money - it's like stapling your debit card to the back of your jacket. Anyone who wants to can read the data on the card with minimal effort and you will never know it's happened.
There is obvious potential for fraud using a DIY payment processor. I wouldn't assume the OP is planning anything fraudulent - but I wouldn't assume they aren't.
Let me explain further on this project and yes, everyone who do not know the contactless payment debit/credit card EMV compliance and standard, will be very worry of this device. Firstly, let me explain how your debit/credit contactless card works in and EMV compliance environment where your issuer bank should been certified by the card brand for issuing your card. Under EMV security compliant, the bank is required to use 3DES and RSA keys for authentication and so on. Which as of my knowledge, no one ever hack these EMV complaint card.
Now, back to this project. This is not EMV compliant device and the purpose is to provide a cheaper device for e-voucher/coupon payment in a closed-loop proprietary environment. There are potential in this closed-loop for this device if the cost is reasonable.
Actually, I just want to know if Arduino devices/modules is able to make this device as I am new to Arduino. FYI., we can easily get a ISO14443 read/write device and connect to a computer to access to any public (unsecured) information of any contactless card. Alternatively, if you are have any NFC smart phone, you can download any NFC app and try to read any of your contactless card, you will sure get the public data from the card.
To me, anything can be done as long as you are creative and dare to dream for a breakthru product. Thanks everyone for your comments and concerns but I have yet to get any answer what Arduino products should I get if this can be done using the module.
Thanks.
I think you are ignoring the suggestion that it is not possible because of all the high level processing software required to operate this technology currently. Frankly, it's not the kind of question we get very often because most people take the time to look at the specifications on the arduino home page and review the things like processor speed, memory size etc. You come hear asking questions about something we have no clue about..The answer to your question is that we cannot answer your question for the seemingly obvious reason that we have no idea what hardware or protocols are required. We're not going to run off and read a 500 page standards document because someone posted a question asking if it was possible. If you want a professional opinion you have to do your homework and post all the documents that relate to the use of contactless credit card payment processing systems, including documents that specify the software protocols, and like that. We haven't the foggiest idea about any of that. You have as much chance of getting an answer to that question here as if you just asked someone on the street . Why ? Well it's certainly not because we don't know anything about arduinos. It is because we don't know anything about something that we have no reason to know about. If we have members that use such technology, they know how to use it, but so far they haven't posted any projects in the Exhibition Gallery for DIY Contactless Payment Processing devices. There are a lot of other things they post or ask questions about, like programmable auto-pilot drug smuggling boat guidance systems or covert surveillance equipment, or identity theft technology. (we actually did get a post from a guy building an autopilot for a boat but he didn't provide much information about what he was doing). Research the subject and come back and tell us what the "magic box" needs to be able to do (which by the way , you have not done) in the way of interfacing to the external world. What software systems it would need to interface with and so on. If you can't provide that information then you are wasting your time.
williamloi:
Firstly, let me explain how your debit/credit contactless card works in and EMV compliance environment where your issuer bank should been certified by the card brand for issuing your card. Under EMV security compliant, the bank is required to use 3DES and RSA keys for authentication and so on. Which as of my knowledge, no one ever hack these EMV complaint card.
You seem to have a very optimistic view about the security these cards provide. I've seen somebody read a bank-issued contactless payment card using readily available hardware and without any encryption keys or security information. The information on these cards is freely accessible and somebody with the right equipment can walk through a crowd of people and read all the information such as card holder name, account number, expiry date from the cards that people are carrying. If you think that any of the stuff you mentioned prevents this, you're completely wrong. It's possible; I've seen it done. Other contactless payment cards around at the moment use similar technology and are similarly vulnerable.
There is also nothing to stop somebody with a card reader from cloning the cards and the cloned cards are indistinguishable from the originals as far as epos systems are concerned.
What you're proposing is certainly feasible but you should be looking to use a USB card scanner and do the project on a PC, where you will be able to provide secure reliable comms to whatever payment service you intend to use. If this service is going to be used to control transactions with any associated real-world value then you ought to be considering who will be liable if somebody hacks it - because the nature of the technology you're proposing to use will make it relatively easy to hack.
Are you just asking how to build the contactless reader using an arduino or are you asking how do you complete a transaction using the DIY interface ? Would you settle for the former without the latter ?
To make any payment from the banking system you will need the cooperation of a bank.
Are you trying to implement something in house , like canteen payments etc.
There are easier ways to do that.
Ok , i spent a bit more time reading the posts.
What you want to do is possible , iv done something similar.
However, how do you want to store account information ?
On the application server , or do you want the card to be used as a portable wallet that can be recharged, like an oyster card. .
Are you just asking how to build the contactless reader
This is the just as big a security risk as any other part.
I can think of no reasonable reason for making one of these things with an Arduino. If the OP has a genuine business reason he can just buy or hire a suitable device through regular channels. If his business reason won't support the cost, then just don't do it.
...R
Yes quite.
He has not said what he is trying to do.
I assume that he has looked at other methods, perforated tickets etc.
I think it's a no-brainer that anyone wanting to make one with an arduino has mobility and concealment on the design criteria.
An arduino can easily be concealed in a briefcase and you don't want to hang around after you've just skimmed someone's credit card number. You want to be able to just get up from the cafe table and stroll off like nothing happened. An arduino would fit that bill.