NFC Security for Payment

Question

During an offline transaction, the Point-of-Sale has no internet connection, and so the payment terminal cannot verify if the client’s payment device has been revoked.

A malicious person can use a revoked bank card to perform unauthorized transactions.

How can this be prevented?

Would you mind expanding this question to cover credit cards in general and not just NFC? I was thinking about this exact question but involving swiped mag-stripe cards instead of NFC. — André Borie, Aug 15 '16 at 19:36

score 1 · Answer 1 · answered Aug 15 '16 at 16:44

1

If the transaction is truly offline, also called store and forward in the retail space, then there is a lot of inherent risk the business is accepting. That is why almost all in person transactions involve an online authorization, which contacts the issuing bank to verify the transaction details.

I am not aware of any way to mitigate that risk in a true offline transaction scenario.

answered Aug 15 '16 at 16:44

John Downey

1,915
13
12

Thanks for your fast reply ,really it's include inherent risk . – Alyaa Aug 15 '16 at 17:33
The way you mitigate the risk isn't technical. You build it into your business cost model, either directly or through insurance. – Polynomial Aug 15 '16 at 23:17

NFC Security for Payment

1 Answers1