Re: Content of the NFC public payload of visa card that can be fetched from smartphone app

ryden
Dabbler

Content of the NFC public payload of visa card that can be fetched from smartphone app

Hello,

I'm looking to perform authentication of a user in a mobile app, through nfc read of a visa card.

When checking what's provided in the result of this "nfc read" (though the use of publicly available apps, for example), I see the card number, expiration date...

But my concern is that this data can be obtained through a phishing website or by social engeneering.

Is there some kind of "technical id" that can be fetched through nfc and allow to identify the card, but that the user could not see directly (so he or she cannot be tricked into providing it to a fraudster)?

 

Regards.

3 REPLIES 3
jenn_kh
Community Moderator

Re: Content of the NFC public payload of visa card that can be fetched from smartphone app

Hi, @ryden. Thank you for your question! Our agent is looking into this and will get back to you with more information as soon as possible. -Jenn

ryden
Dabbler

Re: Content of the NFC public payload of visa card that can be fetched from smartphone app

I'm getting that the ideal solution would be to perform an Offline Data Authentication (ODA) with Dynamic Data Authentication (DDA): a challenge generated by the app and signed by the EMV chip over NFC, with a key provided in a certificate itself signed by Visa?

That way the app would be autonomous to ensure that the detected card is an actual one, with an offline single-use challenge cryptographicaly signed by Visa, am I right?

The Android API seems to give low-level access to the NFC, so it should be possible.

On the Apple side, I'm not sure if it's possible, as it's a procedure usualy performed directly by the apple wallet?

 

Is there any documentation on how to implement this challenge (DDA ODA over NFC) in Kotlin & Swift?

API_Products
Visa Developer Support Specialist

Re: Content of the NFC public payload of visa card that can be fetched from smartphone app

Hi @ryden,

 

Visa Token Service is capable of contactless card payments using a mobile device. We have Card-On-File" (COF) functionality on the Portal that enables provisioning and use of tokens for HCE-based contactless (NFC) payments and for in-app purchases using tokens provisioned to a mobile device. Please refer to the Visa Token Service documentation here.
  




Thanks,

Diana



Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.