Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

>What prevents a phone from emulating a regular physical credit card?

If this were possible fraudsters would be easily be able to clone people's cards by getting close to them. The protocol was explicitly designed for this to not be possible. There are secrets that live on the card itself and are not exposed



> The protocol

Aren't there several protocols? I understand NFC chips or the old-school "phone card" UICCs are probably quite difficult to clone but at least in the US swiping credit cards (+ physically signing the printout maybe) still seems to be quite common.


So a phone can totally emulate a regular physical credit card, if it has the private key.

Behaving like a credit card does not mean that the credit card is clonable.


Yes, if you want to write an app, that will generate transaction conforming to the protocol & will use your card number it's actually very short programy.

With some luck it will be even routed to your bank. Then it will fail due to invalid authentication. I think there's a defcon talk on YouTube that details the exchange.


> With some luck it will be even routed to your bank. Then it will fail due to invalid authentication.

What if you're mimicking the swiping-type of payment protocol? Shouldn't the magnetic stripe be relatively easy to clone?

> I think there's a defcon talk on YouTube that details the exchange.

Is it this one? -> https://m.youtube.com/watch?v=EBZlt1E8drE


No hardware on the phone to emulate swipe :-) But yes, magstripe is easy to clone - main reason why it is dying.

The one you shared is fine, but it's overview on whole ecosystem. Something NFC focused would be probably more helpful like these two https://youtu.be/7ElZBI9PufY

https://youtu.be/tFi0vYuYeAI


Thanks so much!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: