More and more card readers at POS terminals now support tap to pay means of making a payment. If we are not inserting the chip end of the card, how is it providing additional security?
Edit: wow, lots of great information, thank you folks for taking the time and explaining it like I’m 5.
In: 197
The chip is a teeny tiny computer that generates a one-time code every time it’s used.
Random on computers is a very, very difficult problem to solve and programmers usually cheat by using local data to “seed” a complex formula which generates psuedorandom numbers – for example, the current time is a frequent seed if you’re doing it just to get randomness and not for security. If you’ve ever played a game with a procedurally generated world like Minecraft then you’ve probably seen the “seed” which you can use to generate that exact same world again. Stardew Valley uses the number of steps you taken as a seed for certain random events, like the weather (this is how speedrunners get it to rain every day so they don’t have to water their plants)
Your chip has a unique “seed” and a random number generator built in. Because the bank knows what seed your card has and more or less how many numbers it has generated, it can validate that the random number that it just received from your card was actually generated by your card.
So it provides additional security whether you insert or tap because either way it’s spitting out what is essentially a one-time code. Even if a bad actor intercepts and recreates the signal your bank would reject the transaction because that code has already been used.
Latest Answers