Acontactless smart card is a contactless credential whose dimensions arecredit card size. Its embedded integrated circuits can store (and sometimes process) data and communicate with a terminal viaNFC. Commonplace uses include transit tickets, bank cards and passports.

There are two broad categories of contactless smart cards. Memory cards contain non-volatile memory storage components, and perhaps some specific security logic. Contactless smart cards contain read-onlyRFID called CSN (Card Serial Number) or UID, and a re-writeable smart cardmicrochip that can be transcribed via radio waves.

A contactless smart card is characterized as follows:

• Dimensions are normallycredit card size. The ID-1 ofISO/IEC 7810 standard defines them as 85.60 × 53.98 × 0.76 mm (3.370 × 2.125 × 0.030 in).^[1]
• Contains a security system withtamper-resistant properties (e.g. asecure cryptoprocessor, secure file system, human-readable features) and is capable of providing security services (e.g. confidentiality of information in the memory).
• Assets managed by way of a central administration systems, or applications, which receive or exchange information with the card, such as card hotlisting and updates for application data.
• Card data is transferred via radio waves to the central administration system through card read-write devices, such aspoint of sale devices, doorway access control readers, ticket readers,ATMs, USB-connected desktop readers, etc.

Contactless smart cards can be used for identification, authentication, and data storage.^[2] They also provide a means of effecting business transactions in a flexible, secure, standard way with minimal human intervention.

Contactless smart cards were first used for electronic ticketing in 1995 in Seoul, South Korea.^[3][4]

Since then, smart cards with contactless interfaces have been increasingly popular for payment and ticketing applications such as mass transit. Globally, contactless fare collection is being employed for efficiencies in public transit. The various standards emerging are local in focus and are not compatible, though theMIFARE Classic card from Philips has a large market share in the United States and Europe.

In more recent times,Visa andMasterCard have agreed to standards for general "open loop" payments on their networks, with millions of cards deployed in the U.S.,^[5] in Europe and around the world.

Smart cards are being introduced in personal identification and entitlement schemes at regional, national, and international levels. Citizen cards, drivers’ licenses, and patient card schemes are becoming more prevalent. In Malaysia, the compulsory national ID schemeMyKad includes 8 different applications and is rolled out for 18 million users. Contactless smart cards are being integrated intoICAObiometric passports to enhance security for international travel.

During theCOVID-19 pandemic, demand for and usage of contactless credit and debit cards increased, although research suggests that coins and banknotes generally carry a low risk of carrying the virus.^[6]

Contactless smart card readers use radio waves to communicate with, and both read and write data on a smart card. When used for electronic payment, they are commonly located nearPIN pads, cash registers and other places of payment. When the readers are used for public transit they are commonly located on fare boxes, ticket machines, turnstiles, and station platforms as a standalone unit. When used for security, readers are usually located to the side of an entry door.

• 
  Novosibirsk (Russia). Transport fare collection terminalCFT
• 
  Smart card being used to pay forpublic transportation in theHelsinki area
• 
  An electronicticket machine used to read prepaid cards and issue tickets in Mumbai
• 
  Myki reader installed atBendigo railway station

A contactless smart card is a card in which the chip communicates with the card reader through an induction technology similar to that of anRFID (at data rates of 106 to 848 kbit/s). These cards require only close proximity to an antenna to complete a transaction. They are often used when transactions must be processed quickly or hands-free, such as on mass transit systems, where a smart card can be used without even removing it from awallet.

The standard for contactless smart card communications isISO/IEC 14443. It defines two types of contactless cards ("A" and "B")^[7] and allows for communications at distances up to 10 cm (3.9 in)^{[citation needed]}. There had been proposals for ISO/IEC 14443 types C, D, E, F and G that have been rejected by the International Organization for Standardization. An alternative standard for contactless smart cards isISO/IEC 15693, which allows communications at distances up to 50 cm (1.6 ft).

Examples of widely used contactless smart cards areSeoul'sUpass (1996),MalaysiaTouch 'n Go card (1997),Hong Kong'sOctopus card,Shanghai'sPublic Transportation Card (1999),Paris'sNavigo card,Japan'sSuica (2001),Singapore'sEZ-Link,Taiwan'sEasyCard,San Francisco Bay Area'sClipper Card (2002),London'sOyster card,Beijing'sMunicipal Administration and Communications Card (2003),South Korea'sT-money,Southern Ontario'sPresto card,India'sMore Card,Israel'sRav-Kav Card (2008),Melbourne'sMyki card andSydney'sOpal card which predate the ISO/IEC 14443 standard. The following tables list smart cards used forpublic transportation and otherelectronic purse applications.

A related contactless technology isRFID (radio frequency identification). In certain cases, it can be used for applications similar to those of contactless smart cards, such as forelectronic toll collection. RFID devices usually do not include writeable memory or microcontroller processing capability as contactless smart cards often do.^{[dubious –discuss]}

There are dual-interface cards that implement contactless and contact interfaces on a single card with some shared storage and processing. An example isPorto's multi-application transport card, calledAndante, that uses a chip in contact and contactless (ISO/IEC 14443 type B) mode.

Like smart cards with contacts, contactless cards do not have a battery. Instead, they use a built-ininductor, using the principle ofresonant inductive coupling, to capture some of the incident electromagnetic signal,rectify it, and use it to power the card's electronics.

Since the start of using theSeoul Transportation Card, numerous cities have moved to the introduction of contactless smart cards as the fare media in anautomated fare collection system.^{[citation needed]}

In a number of cases these cards carry anelectronic wallet as well as fare products, and can be used for low-value payments.

Starting around 2005, a major application of the technology has beencontactless payment credit and debit cards. Some major examples include:

• ExpressPay –American Express
• MasterCard Contactless (formerly PayPass) –MasterCard
• Visa Contactless (formerly payWave) –Visa
• QuickPass –UnionPay
• JCB Contactless (formerly J/Speedy), QUICPay (not compatible withEMV Contactless/ISO/IEC 14443) –JCB
• RuPay Contactless -RuPay
• Zip –Discover

Roll-outs started in 2005 in the United States, and in 2006 in some parts of Europe and Asia (Singapore).^[10] In the U.S., contactless (nonPIN) transactions cover a payment range of ~$5–$100.

In general there are two classes of contactless bank cards: magnetic stripe data (MSD) and contactlessEMV.

Contactless MSD cards are similar to magnetic stripe cards in terms of the data they share across the contactless interface. They are only distributed in the U.S. Payment occurs in a similar fashion to mag-stripe, without a PIN and often in off-line mode (depending on parameters of the terminal). The security level of such a transaction is better than a mag-stripe card, as the chip cryptographically generates a code which can be verified by the card issuer's systems.

Contactless EMV cards have two interfaces (contact and contactless) and work as a normal EMV card via their contact interface. The contactless interface provides similar data to a contact EMV transaction, but usually a subset of the capabilities (e.g. usually issuers will not allow balances to be increased via the contactless interface, instead requiring the card to be inserted into a device which uses the contact interface). EMV cards may carry an "offline balance" stored in their chip, similar to theelectronic wallet or "purse" that users of transit smart cards are used to.

A quickly growing application is in digital identification cards. In this application, the cards are used forauthentication of identity. The most common example is in conjunction with aPKI. The smart card will store an encrypted digital certificate issued from the PKI along with any other relevant or needed information about the card holder. Examples include theU.S. Department of Defense (DoD)Common Access Card (CAC), and the use of various smart cards by many governments as identification cards for their citizens. When combined with biometrics, smart cards can provide two- or three-factor authentication. Smart cards are not always a privacy-enhancing technology, for the subject carries possibly incriminating information about him all the time. By employing contactless smart cards, that can be read without having to remove the card from the wallet or even the garment it is in, one can add even more authentication value to the human carrier of the cards.

The Malaysian government uses smart card technology in theidentity cards carried by all Malaysian citizens and resident non-citizens. The personal information inside the smart card (calledMyKad) can be read using special APDU commands.^[11]

Smart cards have been advertised as suitable for personal identification tasks, because they are engineered to betamper resistant. The embedded chip of a smart card usually implements somecryptographic algorithm. However, there are several methods of recovering some of the algorithm's internal state.

Differential power analysis^[12]involves measuring the precise time andelectric current^{[dubious –discuss]} required for certain encryption or decryption operations. This is most often used against public key algorithms such asRSA in order to deduce the on-chip private key, although some implementations of symmetric ciphers can be vulnerable to timing or power attacks as well.

Smart cards can be physically disassembled by using acid, abrasives, or some other technique to obtain direct, unrestricted access to the on-board microprocessor. Although such techniques obviously involve a fairly high risk of permanent damage to the chip, they permit much more detailed information (e.g. photomicrographs of encryption hardware) to be extracted.

Short distance (≈10 cm. or 4″) is required for supplying power. The radio frequency, however, can be eavesdropped within several meters once powered-up.^[13]

Failure rate

Theplastic card in which the chip is embedded is fairly flexible, and the larger the chip, the higher the probability of breaking. Smart cards are often carried in wallets or pockets — a fairly harsh environment for a chip. However, for large banking systems, the failure-management cost can be more than offset by the fraud reduction. A card enclosure may be used as an alternative to help prevent the smart card from failing.

Privacy

Using a smart card for mass transit presents a risk forprivacy, because such a system enables the mass transit operator, the banks, and the authorities, to track the movement of individuals. The same argument can be made for banks tracking retail payments. Such information was used in the investigation of theMyyrmanni bombing.

Theft and fraud

Contactless technology does not necessarily prevent use of a PIN for authentication of the user, but it is common for low value transactions (bank credit or debit card purchase, or public transport fare payment) not to require a PIN. This may make such cards more likely to be stolen, or used fraudulently by the finder of someone else's lost card.

Use abroad

Inland data networks quickly convey information between terminals and central banking systems, such that contactless payment limits may be monitored and managed. This may not be possible with use of such cards when abroad.^{[citation needed]}

Multiple cards detection

When two or more contactless cards are in close proximity the system may have difficulty determining which card is intended to be used. The card-reader may charge the incorrect card or reject both.^[14] This is generally only an issue where a service provider uses a payment card to facilitate access - eg a wallet containing a parking lot access card, an apartment building entry card and various contactless payment cards can usually be used on entry to a car park or whatever - the car park entry system can detect its own card in the wallet and open the barrier. In a retail shop, however, it is advisable to remove the individual contactless card from the wallet when making a payment. At the very least this gives the cardholder the opportunity to communicate which card they intend to be used to make payment. It is an issue of the card identifying a subscription -v- payment by transaction.^{[clarification needed]}

Wikimedia Commons has media related toContactless smartcard schematics.

• Rankl, W.; W. Effing (1997).Smart Card Handbook. John Wiley & Sons.ISBN 0-471-96720-3.
• Guthery, Scott B.; Timothy M. Jurgensen (1998).SmartCard Developer's Kit. Macmillan Technical Publishing.ISBN 1-57870-027-2.

• Contactless smart cards
• Ubiquitous computing
• ISO standards
• Smart cards
• Banking technology

• CS1 maint: location missing publisher
• Articles with short description
• Short description is different from Wikidata
• All articles with unsourced statements
• Articles with unsourced statements from November 2012
• All accuracy disputes
• Articles with disputed statements from March 2017
• Articles with unsourced statements from March 2021
• Articles with disputed statements from September 2010
• Articles with unsourced statements from December 2014
• Wikipedia articles needing clarification from December 2017
• Commons category link is locally defined