Reading Visa payWave Credit Card Details via NFC on Android

Question

Is it possible to read the credit card details (name, number, expiry) of a Visa payWave card via NFC on a Samsung Galaxy Nexus? What about other NFC-enabled credit cards?

If it's not possible, is there some way to retrieve a unique ID from the card?

Also, any references or example code would be a great help.

score 35 · Answer 1 · edited May 23 '17 at 12:34

35

There are at least 2 Android apps that can already do this: Squareless and Electronic Pickpocket RFID.

Some references:

Explanation of how to do it: http://blog.saush.com/2006/09/08/getting-information-from-an-emv-chip-card/
Java code: http://code.google.com/p/javaemvreader/
This may be helpful, too: http://cardpeek.googlecode.com/svn-history/r23/trunk/dot_cardpeek_dir/scripts/emv.lua
See also this question: How do I read the PAN from an EMV SmartCard from Java

edited May 23 '17 at 12:34

Community

1
1

answered Mar 11 '12 at 00:06

NFC guy

10,151
3
27
58

1

These are great resources for understanding how to read EMV data in Java but they seem to be based on USB/serial card readers. How can EMV data be read on Android via the NFC API? (Obviously, it's possible if the above 2 apps can do it.) – user1233983 Mar 11 '12 at 14:14
1

Example translation of `selectApplication()` in the last [link](http://stackoverflow.com/questions/283251/how-do-i-read-the-pan-from-an-emv-smartcard-from-java) above: `byte[] selectApplication(IsoDep tag) throws IOException { byte[] command = new byte[]{0x00, 0xA4, 0x04, 0x00, 0xA0, 0x00, 0x00, 0x00, 0x04}; return tag.transceive(command); }`. The `tag` you would get from the NFC `Intent`: `IsoDep tag = IsoDep.get(getIntent().getParcelableExtra(NfcAdapter.EXTRA_TAG);`. – NFC guy Mar 12 '12 at 15:18
Thanks. I actually figured this out myself but I wasn't really sure, so thanks for the confirmation on this. Some final questions: are the APDU commands/responses used with ISO14443 devices the same as those from ISO7816? Is there a good reference for the ISO14443 APDU commands, aside from buying the docs from ISO? – user1233983 Mar 13 '12 at 10:38
Not all ISO 14443-4 devices use ISO 7816-4 APDUs, but quite a few do (such as payment cards). – NFC guy Mar 13 '12 at 11:52

score 1 · Answer 2 · answered Jul 25 '13 at 00:23

1

Triangle.io also has an API that allows you to do this free of charge and you can integrate it in your own application. You can download the sample application from Google Play.

Disclaimer: I work for triangle.io

answered Jul 25 '13 at 00:23

Ameen

2,576
1
14
17

Of course it is safe to use :) We use RSA 2048 bit encryption with keys unique to each application and provide only encrypted information. A typical setup our clients use is to send the encrypted information over HTTPS to their back end and decrypt the data there for further processing. This way, no data in the clear is transmitted in the phone internally. – Ameen Oct 31 '13 at 15:25
Your triangle.io initialization procedure suddenly has started to fail in my project. That sucks – Dmitry Gryazin Jun 05 '14 at 14:11
@Bagzerg, there have been no downtimes. Were you having connectivity issues on your end or were you using a trial key that expired? Please use contact@triangle.io to reach out to us so that we can take a look. – Ameen Jun 12 '14 at 00:52
I'm currently using Triangle.io and it's great! – MosesA Jun 25 '14 at 09:40

Reading Visa payWave Credit Card Details via NFC on Android

2 Answers2

Linked