What mechanism is embedded within, for instance, tram cards that you can use to check in and out of your train ride, that prevents you from copying the signal that is coming from that card ? I could maybe understand this for cards that have an account linked to them (e.g. bank cards or other personalised cards), but what about cards you just [top up](https://en.wikipedia.org/wiki/Stored-value_card?wprov=sfti1) (e.g. [train cards in the Netherlands](https://en.wikipedia.org/wiki/OV-chipkaart?wprov=sfti1)). Why couldn’t you just copy every signal that is coming out of that card and clone it to a different one making a receiving device think you have a topped up card?
In: 0
Using Apple Pay as an example, it sends a security code derived from your device ID that can’t be reused. A replay attempt will be using an old, invalid security code and be rejected.
Latest Answers