The job is to produce a professional report showing what goes on inside real NFC payment transactions.
You will be applying your knowledge of Contactless NFC and EMV Payments technologies to draw a step-by-step flow diagram of the NFC Payments process in b) ApplePay, SamsungPay and GooglePay compared to a) an *original* Contactless NFC payment card, which is also been loaded into these b) devices. This flow diagram will include all of the transaction & account details as they are exchanged in a real (not emulated, approved transaction) payment process.
The NFC capture equipment used may be
a) an Android phone with NFC sniffer App,
[login to view URL]
b) a Proxmark NFC sniffer e.g.
[login to view URL]
c) Other similar NFC hardware sniffer
The state diagram must show the data transactions from card, from the phone/watch and from terminal, at each step. At least 2 sequential transactions must be shown.
This is not a high-level simplified block diagram, values like the PAN, CVV1, CVV3 must be shown
The flow must cite the specifics values exchanged to backup the steps/data
The report much include the original Contactless NFC enabled credit/debit card
a) Visa PayWave & MasterCard PayPass (this can be any card, a gift card, personal or other)
And must choose at least one of : (in the order of priority)
d) Android Pay
The state flow will illustrate each step in the NFC transaction : the transaction data, authentication, and cryptograms, the currency amount - everything that is exchanged.
The references can include public standards specifications, API specification, university research papers etc i.e. all must be verifiable, 3rd party, reputable source, public information.
The steps that am looking for in NFC transaction include :
- Payment Terminal detecting an NFC device
- Terminal indicating amount to be paid
- Sending the NFC device payor information
- Inclusion of all fields sent (PAN, EXP, CHN, CVV1, CVV3, ... etc)
- Inclusion of all cryptograms (dynamic CVV)
- Approval process
The flow must cite where dynamically generated data is in the process e.g. transaction amount, dynamic TAVV, CAVV, PAR or CVV3
The flow diagram is ideally an easy to read, clear state table, here's a good clear example showing data transacted from each side. The diagram is ideally in PowerPoint
Bonus-1 : for each additional one of the above, also included in the report
Bonus-2 : if you include the raw Log File (in digital form) of the transaction data as well as the State Flow Diagram, and identify each of the fields as described (PAN, CVV3 ... etc)
Bonus-3 : if you include more than 2 transactions and/or include a delay/failure-case between transactions
Bonus-4 : if you include the reports from the same card in more than one device e.g. *a* Card that is loaded into Apple Watch as well as Apple iPhone
Bonus-5 : simulating the transaction with other details , to be discuss