The NFC standard (Near Field Communication - literally “near field communication”) is a special communication standard designed for communication between compact devices over a short distance. To connect, only one of the devices must have active power, and therefore the standard is becoming more and more popular. After all, this feature allows NFC modules to be built into various smart cards, keys for electronically controlled locks, and, in principle, any items that do not have a battery.

One of the functions of NFC is making contactless payments. It is enough to bring the device to the appropriate receiver - and a connection will be established between the devices, and money for goods or services will be debited from the account. Smartphones with NFC can be used to pay for travel and purchases in stores. But not everyone knows exactly how to use this function, so let’s try to figure it out now.

The NFC function itself theoretically allows you to make any payments. However, in order to do this, contactless payment must be supported by the financial services organization. Such organizations may be banks, carriers that issue their own cards for contactless payments in transport, as well as smartphone manufacturers.

At the moment, the most common in the post-Soviet space is payment using NFC for travel on public transport. Linking to bank cards is also gaining popularity. However, this service still operates with restrictions. Therefore, you cannot simply take any (debit, credit, universal) card from any bank and link it to make payments via NFC.

Some contactless payments do not work on smartphones that have root access. This was done by application developers for protection, since a rooted device is easier for hackers to hack.

How to pay for travel using a smartphone

To pay for travel using NFC technology in Russia, you usually need a special SIM card. The service is supported by MegaFon, Beeline, MTS operators. After replacing the SIM card with a special one, a phone number is linked to the subscriber account. After activation, the account is topped up from the main account, and when you bring the smartphone to the reader, the fare is paid. How to replace a SIM card and activate the service depends on the city and operator. To clarify all instructions, contact the operator or company providing transport services in your city.

In Ukraine, it is currently possible to pay for travel via NFC only in the Kiev metro. Privatbank processes transactions, so to use the service, you need to be its client and have the Privat24 application installed. Then you should select “NFC” in the application menu and activate contactless payments. You can pay for travel by simply holding your unlocked smartphone to the reader.

How to pay for goods with NFC

In May 2017, the Android Pay system finally came to Russia. Now you can use it to pay for goods in stores equipped with terminals that support contactless payments. So far, the list of companies whose cards can be linked to a smartphone includes Yandex.Money (Mastercard cards) and MTS Bank, Tinkoff banks, Russian Standard, Tochka, Rocketbank, Sberbank, Raiffeisenbank, Rosselkhozbank, Promsvyazbank, Otkritie, VTB24, Binbank, Alfa -Bank and AkBars Bank. Perhaps, by the time you read the material, this list will already be wider.

To use Android Pay, you need to download a special application to your smartphone, link a card to it and activate it. To pay, you need to bring your unlocked smartphone to the appropriate terminal. Amounts up to 1000 rubles usually do not require entering a code; for larger payments you may need to enter a PIN code, sign a receipt or confirm the transaction with a fingerprint.

In addition to universal Android Pay, Samsung Pay is also available in Russia. To pay for purchases using this system, you can use Samsung smartphones Galaxy series S starting with S6, Note 5, A5 and A7 2016 and 2017, A3 (2017), J5 (2017) and J7 (2017), and samsung watch Gear S3. The list of banks is almost the same as for Android Pay. You can find out more about the list of financial organizations that provide the Samsung Pay contactless payment service on the manufacturer’s Russian website.

In Ukraine, the Android Pay system does not yet work, so there is no centralized payment tool yet. However, some banks provide this service on an individual basis. In addition to Privatbank, the list also includes Oschadbank, Ukreximbank and Kredobank. To pay with a Privat card, you need to install the Privat24 application, other banks - a special program from the bank’s website or the Google market. Payments less than 500 UAH from Visa cards and 100 UAH from Mastercard do not require confirmation; for larger amounts, identification by PIN code is required.

As for other banks, the possibility of paying via NFC should be checked on the website or at the branch.

Is it possible to pay with NFC on iPhone

In Russia it is possible. Apple launched its service in 2016 and is supported by many banks. Their list is expanding; the list at the time of writing is presented in the illustration below.

Smartphones starting from iPhone 6 are supported, as well as smart watches from Apple. To add a card from which payments will be made, you need to scan it in the application or enter the data manually. Payment is made when you bring your smartphone to the terminal. To confirm the transaction, you must press the home button to scan your fingerprint.

But in Ukraine, iPhone owners can only wait. The launch of the Apple Pay service is planned for 2018, but whether it will take place on time is unknown.

Twelve steps EMV-transactions

“In order to complete the transaction, you must go through a dozen steps”
From the master's instructions EMVco

Surely many of you have noticed that after replacing cards with a magnetic stripe with chip cards, the time for completing a transaction in the terminal increased by several seconds. It takes longer to read the microcircuit, and more time is spent checking the PIN code offline.

This is due to the fact that the process of servicing chip cards is much more complex than reading a couple of dozen bytes from the strip and sending an authorization request to an open socket.

According to the EMVCo standard, a typical EMV transaction cycle consists of 12 stages:

1. Select an application;

2. Initialization of application processing;

3. Read application data;

4. Offline issuer authentication;

5. Handling restrictions;

6. Cardholder authentication;

7. Checking risk management parameters on the terminal side;

8. Analysis of terminal actions;

9. Checking risk management parameters on the card side;

10. Analysis of card actions;

12. Completion of the transaction.

These operations require intensive exchange and calculations both on the card side and on the terminal side and take a lot of time by the standards of online systems. In this case, the card is constantly in the terminal reader, and the client eagerly awaits the system’s verdict.

For large retail chains, every second counts, and modern customers want to receive their goods faster. The Visa payment system has offered contactless card service technology for stores and customers. In addition to the speed of payment, customers received another valuable advantage - now a standard piece of plastic can become completely redundant; payment data is recorded in the phone with NFC.

Quick VSDC or let's do it real quick

« The Visa requirement is for the transaction time not to exceed 500 milliseconds»
From the manual Visa for developers of contactless terminals

The requirement given in the epigraph sets a very strict framework for processing a contactless transaction - 500 milliseconds. The terminal and card have exactly that much time to get to know each other, discuss and make the right decision.

To make a contactless transaction possible in such a short period of time, the developers proposed removing as much unnecessary stuff as possible from the 12 steps of an EMV transaction, and combining and shortening the necessary steps. This is how the qVSDC (quick Visa Smart Debit/Credit) specifications appeared.

Figure 1 shows the main phases of servicing a contactless transaction.

Rice. 1. Main phases of servicing a contactless transaction

Phase 1: Preparing for a contactless transaction.

At this moment, the terminal already knows the amount to be paid and can determine the possibility of conducting a transaction via a contactless interface, taking into account the limits allowed by the acquiring bank. The terminal fills out a TTQ (Terminal Transaction Qualifier) ​​record, which it later gives to the card for a decision.

If a contactless transaction is possible, the terminal activates the contactless reader.

Phase 2.1. Application selection

The client brings the contactless card or phone with NFC to the reader. The reader requests from the card a list of applications that support contactless payment - PPSE (Proximity Payment Systems Environment). If an application is found, it is automatically selected for payment based on its AID (Application ID). If the application is not found, the transaction is completed. In this case, the terminal offers to use a different interface to make a payment.

Phase 2.2. Initializing Application Processing

The terminal sends the most important Command to the card - Get Processing Option. Based on the analysis of the TTQ record, the amount and currency of the data transaction, the card makes a decision on the method of customer authentication, taking into account the risk management rules set by the card issuer.

For contactless payment, an accelerated authentication mechanism fDDA (Fast Dynamic Data Authentication) has been implemented. Before responding to the Get Processing Option command, the card signs a random number (unpredictable number) using the issuer's key certificate, as well as the parameters of the transaction transmitted by the terminal - the amount and currency code. Unlike standard EMV processing, to reduce time, instead of a separate exchange cycle, the transaction cryptogram (TC) is transmitted immediately in response to the Get Processing Option command.

Phase 3: Cardholder Authentication

Based on the information received from the card, the terminal authenticates the cardholder. The options may be the following:

No authentication. This is permissible, for example, when using the VEPS (Visa Easy Payment Service) service;

By signature. The cashier must ask the customer to sign the receipt;

Pin. The terminal prompts the client to enter a PIN code;

CDCVM (Consumer Device CVM). A special method designed for client devices, such as a telephone. In this case, the client enters a separate access code to the payment application. A sign of such authentication will be transmitted to the terminal.

Phase 4. Online transaction authorization.

If necessary, the terminal generates an authorization request and sends it to the issuer. The request contains the standard fields of an EMV transaction, the transaction cryptogram, the selected application and the sign of card service via a contactless interface.

Application VisaQIWIWallet. General interaction scheme

Since release operating system Google Android version 4.4 allows developers to access the NFC interface directly. Thanks to this, it became possible to emulate the operation of a card in a payment application. Officially, the technology is called Host Card Emulation (HCE).

The technologies described above can be implemented not only in a microcircuit implanted in a piece of plastic, but also in those same Consumer Devices, in particular in mobile phones.
Thanks to the cooperation between Visa and QIWI, we can now try for ourselves how this works in life. It is enough to have:

A smartphone with an NFC chip and Android OS no lower than 4.4;

Installed Visa QIWI Wallet mobile wallet program.

Figure 2 shows a diagram of the interaction of participants during contactless payment using a phone.

Rice. 2. Scheme of interaction between participants

From the point of view of the payment system, the interaction of participants does not differ from regular card payments. The POS terminal is connected to the host of the acquiring bank's processing system and generates requests for authorization of payment transactions. The acquiring bank's processing system sends authorization requests to the Visa payment system, which routes the requests to the issuing bank's processing system. The received response is returned through the chain to the terminal.

The interaction between the issuing bank and a smartphone is more interesting; let’s look at it in more detail.

The user installs the Visa QIWI Wallet program on his smartphone. When launched for the first time, the program is linked to the smartphone using a session password sent to the user via SMS.

The channel between the smartphone and the issuing bank server is protected. The system uses SSL-pinning technology. This means that the SSL certificate used on the server is embedded directly into the Visa QIWI Wallet application. The standard Android certificate store is not used, so the risk of certificate spoofing is greatly reduced. In addition, data transmitted to the application is encrypted with a key downloaded from the server.

Via a secure communication channel between the processing system of the issuing bank and the phone, the details of the Visa bank card are loaded into the application. If your phone has NFC chip and HCE mode is supported, then a key is additionally loaded into the application with which the transaction cryptogram (TC) will be signed. The accepted key, as well as the card details, are stored in a secure storage in the smartphone’s memory. For security reasons, the key is changed periodically.

To pay for goods, Internet access is not required; the Visa QIWI Wallet application may not even be launched, you just need to unlock the screen.

If the purchase amount does not exceed 1 thousand rubles, then the VEPS service is activated and no additional client authentication is required.

If the purchase amount is greater than the threshold and the screen has been unlocked by the client, the terminal will ask you to sign the transaction receipt (signature authentication). The fact of unlocking confirms ownership of the phone. The CDCVM (Consumer Device CVM) attribute will be sent to the terminal.

If the purchase amount is greater than the threshold and the screen lock is not enabled on the smartphone, the application may request additional confirmation from the client using an access password. Here you will need an Internet connection.

Interaction with the terminal is carried out according to the qVSDC scheme described above. Unlike the hardware implementation on the chip, all calculations, as well as the generation of the TC cryptogram, are performed in software.

Recently in Russia Google finally launched its new payment system Android Pay - payment by phone instead of card. It came to our country with some delay, since it was announced on May 16, and much later than in a number of other countries. In general, Android Pay has been on the market for almost two years, and Russia has become only the 11th country where this payment system has become available. By the way, competitors from Apple ahead Google, having launched its similar Apple Pay service in the Russian Federation last fall. At the same time, Russians got the opportunity to use Samsung Pay, a payment service developed exclusively for the technology of this Korean company.

What is Android Pay and what is it for?

Android Pay is a very convenient and practical thing. Thanks to the application, you no longer need to carry all your bank cards in your wallet. You just need to link them to Android Pay installed on a smartphone or other gadget with an operating system from Google. In the future, you can pay for goods and services using a mobile device in any place where contactless payment terminals are installed. In this case, the Android Pay user will pay exactly as much as indicated on the price tag, since Google does not charge a commission for using this service.

Clients of which banks can already use Android Pay

Now you can connect Visa and MasterCard cards to the Android Pay payment service Raiffeisenbank, Bars Bank, MTS–Jar, VTB 24, Sberbank, Alfa-Bank, Rosselkhozbank, jar Tinkoff, as well as the bank Discoveries along with its satellites Rocketbank And Dot. Also partners of the service are Binbank, Promsvyazbank, bank Russian standard And Yandex money. However, in this case, only MasterCard payment system cards can be connected to Android Pay. In the future, Google promises to expand the list of banks whose cards can be connected to Android Pay.

Which mobile devices can you install Android Pay apps on?

The Android Pay payment system can be used by everyone mobile devices equipped with operating systems Google, starting from Android KitKat (4.4) and later. However, it is worth remembering that the smartphone must be equipped with an NFC chip. This technology is intended for wireless transmission data over a short distance and it is this that allows the mobile device to interact with the payment terminal.

In addition, Android Pay will not work if the smartphone is not set to official firmware operating system, and root access is installed. The latter allows the user to “dig deeper” into software devices. I don't like Android Pay and the unlocked operating system bootloader. All these restrictions are necessary for the security of payments and to prevent fraudulent activities with the user’s bank cards.

How can I connect a bank card to Android Pay?

To begin, you need to contact Google Play Store and download the Android Pay app from there.

After the application is installed and launched, it will prompt you to add a bank card. Moreover, if the user has previously connected to his personal account to Google any card, you just need to enter the CVV code into Android Pay.

If you are adding a card for the first time, you will need to use your smartphone camera or manually enter the card number, expiration date, CVV code and owner’s address into the payment service. After this, the bank will send the user a verification code, the introduction of which will complete the card connection operation.

Where can you pay using Android Pay and what is needed for this?

In Russia, you can pay using Android Pay in all major retail chains, online establishments, as well as in many other places where there are payment terminals. For example, Sberbank plans to equip more than 1 million such devices with contactless payment systems by the end of this year. It’s easy to understand whether or not you can make a payment using a smartphone - just pay attention to the presence of these symbols:

In order to make a payment, you just need to momentarily bring your turned on mobile device to the terminal. After this, if the operation is successful, an image of the card and a warning about the planned operation will appear on the smartphone screen. Most often, you will not need to enter a PIN code. This operation will need to be carried out only if the settings of the bank itself or the payment amount exceeds one thousand rubles.

In case you have more than one card added to Android Pay, you will need to select a basic one, which will be used by default. To select another bank card, before using it you will have to go into the application and inform the device about it.

Android Pay for payments in online stores and applications

Android Pay allows you to make purchases in online stores and pay for services in some mobile applications. To do this you need to use the mobile version of the browser Google Chrome. Now in Russia a similar option is available in Lamoda, OneTwoTrip, Rambler/Kassa, Afisha. When you try to make a payment, a special button will appear on the screen that says “Pay via Android Pay.” A little later, the number of available services will expand - Delivery Club, Kinokhod, Ozon, Yandex.Taxi and a number of other applications will appear.

Bonus in the form of loyalty cards

The Android Pay app also allows you to deposit various gift and bonus cards. A very useful function, since sometimes the number of such promo cards amounts to dozens. In order to connect such cards, you just need to point your phone camera at its barcode. After this, to receive benefits from the bonus card, you will only need to show it to the cashier on your mobile device. By the way, Android Pay will also prompt the user about nearby stores whose cards are included in the application.

Are payments safe with Android Pay?

In company Google vouch for the fact that all payments via Android Pay are absolutely safe. The fact is that this application does not use information about connected cards, but transfers only a virtual copy to the seller when paying. Nevertheless, real data about bank cards is stored on the servers of the Google.

In addition, when installing Android Pay, the user adds protection, disabling which will lead to the complete deletion of all card data. If your mobile device is lost, data from the payment service can be destroyed using the special Android Device Manager service.

Post navigation

For Russian clients of Savings Bank, payment for goods and services plastic card has become familiar. Relatively recently, technology was introduced with which purchases can be paid by phone instead of a Sberbank card, which increases the speed and security of transfers.

To make a payment, you need a telephone with NFC technology (modern gadgets already have it, and there is no need to perform additional settings).

Payment for goods and services can be made by iPhone users (Apple Pay system), Samsung telephones (Samsung Pay service), smartphones with Android OS, on which you need to install a special program (such as Samsung Pay).

The technology of transfers using a phone is very convenient. Sberbank was one of the first to support it. Any person servicing a bank can enable this function for free to use their phone instead of a Sberbank card.

If the card is added to the smartphone application, the owner can pay for the purchase by confirming it by entering a PIN code.

How to set up NFC for payment with a Sberbank card

To use your phone as payment, you need to set up an NFC profile. To do this, you need to find the NFC function and connect it on your device.

Then you need to:

• turn on the corresponding switch;
• log in;
• link a credit card.

How does payment work?

Currently, many retail establishments have special terminals for contactless payment. Each time (for each purchase) a unique code is created, which is read by the terminal. There are no additional fees charged.

If the payment amount exceeds 1 thousand rubles, the debiting of funds must be confirmed with a code from SMS.

Security of payment data

If you lose your phone, you are not in danger of being left without money - the attacker will not be able to use the application, because... After any payment for a purchase, the terminal turns off, and login is performed using a special code or using the owner’s fingerprint (Touch ID), using a biometric authentication system.

If the telephone device is discharged, it will become impossible to use the payment function.

If NFC technology is installed on a tablet or laptop, they can also be used for online shopping.

One-touch payment applications: which payment system to choose?

Android Pay

Android Pay is a payment system from Google for mobile devices that is built into smartphones, tablets, and smartwatches running Android OS. In simple terms This is an app for paying by phone.

Pros of the system:

• supported by many banks;
• gives additional discounts when paying;
• There is no need for a scanner in the phone; identification is carried out using a PIN code or password.

Android Pay works through the electronic payment system Google Wallet.

How to connect Android Pay

It is possible to connect to the service if your iPhone runs on Android 4.4 KitKat OS (or even more modern) and supports NFC. The Apple Pay program works on new iPhones (6, 6s, etc.) along with iOS, app store. If a customer has an Apple Watch bracelet, they can also make purchases through Apple Pay.

Next, you need to download an application certified by Google, connect the card (either point the camera at it, or enter the information manually), click on the “Add to Android Pay” menu. Sberbank cards are connected: debit and credit Visa and Mastercard (up to 12 cards on one device).

The service of using Android Pay in Sberbank Internet is free.

Payment via Android Pay and data security

To make a payment using Android Pay, you need to tap on the app icon on your phone to activate it. Then just a simple touch of the telephone to the terminal that reads the digital code is enough. Payment is confirmed using a biometric authentication system: scanning the iris, fingerprint (touching Touch ID) or, if this is not possible, a PIN code (password).

If your phone is lost or stolen, you can remotely lock it, change the password, or turn it off with the support of Android Device Manager.

Samsung Pay

The Samsung Pay application, created specifically for Samsung phones, supports short-range contactless communication: NFC and MST technologies (MST is a development that allows you to make payments at terminals designed for cards with a magnetic stripe). In the device, before loading the card, the software is updated (there are telephone sets on which this service cannot be used: Samsung Galaxy(Note III, Light, S3), Elephone P9000, Evo 4G LTE).

How to upload a map to the application

The step-by-step instructions for connecting the card are as follows:

1. We connect the device to the Internet.
2. Open Samsung Pay and press the “Start” key.
3. To add the original map, select the icon with the picture. If you need to connect other cards, click “Add”.
4. Enter information about the card: photo of the card or manually.
5. We register a fingerprint or PIN code for security.
6. Check the acceptance of user agreements in the windows and click “Submit”
7. A confirmation code will be sent to the telephone number specified in Sberbank. We are waiting for the SMS and entering the code in a special window
8. Using your finger or stylus, we register a signature identical to the one on your card. Activation starts and lasts 10 minutes.

The algorithm of actions when paying for goods is similar to those performed when paying via Android Pay, in one touch.

Conclusion

This technology, which allows making payments by phone instead of a Sberbank card, saves the client the most important resource - time and allows you to safely conduct transactions in stores and service establishments.

Video of linking a card to a smartphone:

Brief instructions for the payment system from Google.

To bookmarks

On May 23, 2017, from 9:00 Moscow time, the Android Pay payment system will be available in Russia. It has existed since September 2015, Russia became the 11th region in which the system started working. Here it is available to clients of more than 10 banks who use Visa and Mastercard cards.

What is Android Pay for?

Android Pay is a contactless payment system that allows you to link a regular bank card to an application, and then use the service on a smartphone or smart watch to pay for goods and services. In addition, you can use it to pay in applications on mobile devices (for example, Uber).

Technology means you don't have to carry everything with you. bank cards, replacing them with one application on your smartphone. Android Pay does not charge a commission from the user - the amount indicated on the receipt is debited from the buyer's account.

What cards can be connected to Android Pay

At launch in Russia, Android Pay works with more than ten banks. This list includes:

• "Alfa Bank";
• Ak Bars Bank;
• "Binbank" (at the time of launch only MasterCard);
• "VTB 24";
• "MTS Bank";
• Otkritie (including Rocketbank and Tochka);
• Promsvyazbank (at the time of launch only MasterCard);
• Raiffeisenbank;
• Rosselkhozbank;
• “Russian Standard” (at the time of launch only MasterCard);
• "Sberbank";
• Tinkoff Bank;
• "Yandex.Money" (MasterCard only).

This list will expand in the future.

Which devices is Android Pay available on?

Android Pay can be connected to devices with an NFC chip that run Android KitKat (4.4) and later - Lollipop (5.0, 5.1), Marshmallow (6.0) and Nougat (7.0, 7.1).

An important condition is that the device must have official firmware installed, and must not have root rights and the bootloader must not be unlocked. Typically, these actions are performed when changing the firmware.

How to connect a card to Android Pay

To use Android Pay, you need to download the application of the same name from the Google Play Store. Some Russian users had access to it back in early May 2017.

When you first launch the Android Pay application, you will be prompted to connect a card - to do this, you need to either point the camera at it so that the service reads the number and expiration date, or enter the information manually. You will also need the CVV code on the back of the card and the user's address. When connecting the card, the bank will send a verification code to confirm the operation.

If the user has already connected cards to his Google account (for example, to pay in an app store), then Android Pay will offer to use one of them - to link to the application, you will only need to enter the CVV code.

Where and how to pay via Android Pay

Payment via Android Pay is available almost everywhere where there are terminals that support contactless payments (including through cards with PayPass and PayWave technologies). We are talking about terminals, which are indicated by similar symbols:

In Russia, such terminals are available in almost every retail chain - Azbuka Vkusa, Pyaterochka, Perekrestok, Karusel, Magnit, OK, Eldorado, H&M, Starbucks, KFC, Burger King", "Teremok", "Doubleby", "Rosneft", "Bashneft" and so on. By the end of 2017, Sberbank, which services 1.1 million terminals, promises to add the possibility of contactless payment to all its devices.

To pay for goods and services, you need to “wake up” the device with Android application Pay and hold it near the terminal for a few seconds. If the operation is successful, a message about this and an image of the card used will appear on the screen.

In some cases, the cashier may ask you to enter a PIN or sign a receipt. This depends on the settings of the bank that issued the card and the terminal. As a rule, in Russia, when making contactless payments, you need to enter a PIN code for transactions amounting to more than 1,000 rubles.

Android Pay allows you to carry out three transactions in a row without unlocking the phone for an amount of up to 1000 rubles each; on the fourth, the user will need to unlock the phone using a pattern or fingerprint. The transaction “counter” is reset if the user has unlocked the phone between them.

If the user has connected several cards, then one of them will need to be selected as the standard one, which will be used by default. To use another card, before paying, you need to open the application and select the desired card- if necessary, it can be designated as standard for the future.

How to pay with Android Pay in apps and websites

Using Android Pay, you can also pay for purchases in some mobile applications and websites using your mobile phone. Google version Chrome. In such cases, the “Pay via Android Pay” button will appear on the payment page.

In some services (for example, Uber), you can use Android Pay as one of the permanent means of payment. At the start of the system in Russia, the service will be available in Lamoda, OneTwoTrip, Rambler/Kassa and Afisha, and later will appear in Delivery Club, Kinokhod, Ozon, Yandex.Taxi and other applications.