Let\'s take a contactless card for example (one for public transport lets say (i

Question

Let's take a contactless card for example (one for public transport lets say (i.e. MiCard)), the data is encrypted on the card and encrypted on the reader as far as I know.

So how come somebody who could read those cards couldn't just clone the card, copying all the encrypted data onto another card and go around using that? It's all encrypted on the card anyway, isn't it?

If this is the case, why don't people do it and wouldn't contactless credit/debit cards and many other pieces of encrypted data be the same?

** Not sure if this was the right area to ask, apologies if it's not.

Explanation / Answer

Long story short, @GuutBoy is correct. Contactless cards are (in theory, at least), difficult to clone.

Cards with a magnetic stripe are effectively "cloned" by the simple act of reading the magnetic stripe. All of the data on the magnetic stripe is read, verbatim, by a reader. And that magnetic data could be replayed to any third party.

Chip-based cards are not the same; when you read from them, you do not get any of the data on the card. To simplify greatly, you ask the card to authorize you for a charge of a certain monetary value. The card generates a token that authorizes you to charge that amount and hands it to you. You pass this to the card processor. The token cannot be used to perform further charges against the card.

In order to clone the card, it's likely you would have to either take the card for a significant period of time or destroy the card in the process. In either of those cases, at that point you might as well simply steal the card.

Related Questions

Navigate

• Browse (All)
• Browse L
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.