Magnetic secure transmission (MST) is the name for mobile payment technology in which devices such as smartphones emit a signal that mimics the magnetic stripe on a traditional payment card.
MST sends a magnetic signal from the device to the payment terminal's card reader. It emulates swiping a physical card without having to upgrade the terminal's software or hardware to support more advanced technology, such as contactless payments. Hence, in contrast to payments using near-field communication, MST technology is compatible with nearly all payment terminals that possess a magnetic stripe reader. [1] [2]
MST is designed to transmit from within 3 in (76 mm) of the magnetic card reader. [3] Outside of physical transmission, there are no changes to the magnetic stripe card system (i.e., reception, processing, information content, and cryptographic protocols). However, the information being transmitted being dynamic may allow tokenization.
MST was originally developed by LoopPay, which was acquired by Samsung in 2015 [4] and incorporated into its Samsung Pay service. [5] In 2017, LG launched its competing LG Pay service, which uses a similar technology called Wireless Magnetic Communication (WMC). [6]
The original MST and WMC mimicked unencrypted magnetic stripe technology in order to be compatible with older credit card terminals. The wireless transmissions were not encrypted and therefore not considered "secure". The Samsung Pay and LG implementations of MST use secure EMV compatible tokens and are considered to be secure.[ citation needed ]
A smart card (SC), chip card, or integrated circuit card is a physical electronic authentication device, used to control access to a resource. It is typically a plastic credit card-sized card with an embedded integrated circuit (IC) chip. Many smart cards include a pattern of metal contacts to electrically connect to the internal chip. Others are contactless, and some are both. Smart cards can provide personal identification, authentication, data storage, and application processing. Applications include identification, financial, public transit, computer security, schools, and healthcare. Smart cards may provide strong security authentication for single sign-on (SSO) within organizations. Numerous nations have deployed smart cards throughout their populations.
Tokenization, when applied to data security, is the process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token, that has no intrinsic or exploitable meaning or value. The token is a reference that maps back to the sensitive data through a tokenization system. The mapping from original data to a token uses methods that render tokens infeasible to reverse in the absence of the tokenization system, for example using tokens created from random numbers. A one-way cryptographic function is used to convert the original data into tokens, making it difficult to recreate the original data without obtaining entry to the tokenization system's resources. To deliver such services, the system maintains a vault database of tokens that are connected to the corresponding sensitive data. Protecting the system vault is vital to the system, and improved processes must be put in place to offer database integrity and physical security.
A mobile payment, also referred to as mobile money, mobile money transfer and mobile wallet, is any of various payment processing services operated under financial regulations and performed from or via a mobile device, as the cardinal class of digital wallet. Instead of paying with cash, cheque, or credit cards, a consumer can use a payment app on a mobile device to pay for a wide range of services and digital or hard goods. Although the concept of using non-coin-based currency systems has a long history, it is only in the 21st century that the technology to support such systems has become widely available.
Electronic cash was, until 2007, the debit card system of the German Banking Industry Committee, the association that represents the top German financial interest groups. Usually paired with a transaction account or current account, cards with an Electronic Cash logo were only handed out by proper credit institutions. An electronic card payment was generally made by the card owner entering their PIN at a so-called EFT-POS-terminal (Electronic-Funds-Transfer-Terminal). The name "EC" originally comes from the unified European checking system Eurocheque. Comparable debit card systems are Maestro and Visa Electron. Banks and credit institutions who issued these cards often paired EC debit cards with Maestro functionality. These combined cards, recognizable by an additional Maestro logo, were referred to as "EC/Maestro cards".
Near-field communication (NFC) is a set of communication protocols that enables communication between two electronic devices over a distance of 4 cm (1.57 in) or less. NFC offers a low-speed connection through a simple setup that can be used to bootstrap more capable wireless connections. Like other "proximity card" technologies, NFC is based on inductive coupling between two antennas present on NFC-enabled devices—for example a smartphone and a printer—communicating in one or both directions, using a frequency of 13.56 MHz in the globally available unlicensed radio frequency ISM band using the ISO/IEC 18000-3 air interface standard at data rates ranging from 106 to 848 kbit/s.
EMV is a payment method based on a technical standard for smart payment cards and for payment terminals and automated teller machines which can accept them. EMV stands for "Europay, Mastercard, and Visa", the three companies that created the standard.
Mastercard Maestro is a brand of debit cards and prepaid cards owned by Mastercard that was introduced in 1991. Maestro is accepted at around fifteen million point of sale outlets in 93 countries.
A card reader is a data input device that reads data from a card-shaped storage medium. The first were punched card readers, which read the paper or cardboard punched cards that were used during the first several decades of the computer industry to store information and programs for computer systems. Modern card readers are electronic devices that can read plastic cards embedded with either a barcode, magnetic strip, computer chip or another storage medium.
A contactless smart card is a contactless credential whose dimensions are credit card size. Its embedded integrated circuits can store data and communicate with a terminal via NFC. Commonplace uses include transit tickets, bank cards and passports.
Gemalto was an international digital security company providing software applications, secure personal devices such as smart cards and tokens, e-wallets and managed services. It was formed in June 2006 by the merger of two companies, Axalto and Gemplus International. Gemalto N.V.'s revenue in 2018 was €2.969 billion.
Contactless payment systems are credit cards and debit cards, key fobs, smart cards, or other devices, including smartphones and other mobile devices, that use radio-frequency identification (RFID) or near-field communication for making secure payments. The embedded integrated circuit chip and antenna enable consumers to wave their card, fob, or handheld device over a reader at the Point-of-sale terminal. Contactless payments are made in close physical proximity, unlike other types of mobile payments which use broad-area cellular or WiFi networks and do not involve close physical proximity.
A payment terminal, also known as a point of sale (POS) terminal, credit card machine, PIN pad, EFTPOS terminal, is a device which interfaces with payment cards to make electronic funds transfers. The terminal typically consists of a secure keypad for entering PIN, a screen, a means of capturing information from payments cards and a network connection to access the payment network for authorization.
A card security code is a series of numbers that, in addition to the bank card number, is printed on a credit or debit card. The CSC is used as a security feature for card not present transactions, where a personal identification number (PIN) cannot be manually entered by the cardholder. It was instituted to reduce the incidence of credit card fraud.
Payanywhere is a payments platform and app that allows merchants in the United States to accept credit and debit card payments while building customer relationships in-store, online, or on the go. Merchants may accept payments on their smartphone via a Bluetooth card reader or on an in-store “Storefront” solution featuring a tablet and stand, which was introduced on April 8, 2014. PayAnywhere offers credit card readers and apps that are compatible with both Apple and Android devices.
Apple Pay is a mobile payment service by Apple Inc. that allows users to make payments in person, in iOS apps, and on the web. It is supported on iPhone, Apple Watch, iPad, and Mac. It digitizes and can replace a credit or debit card chip and PIN transaction at a contactless-capable point-of-sale terminal. It does not require Apple Pay-specific contactless payment terminals; it can work with any merchant that accepts contactless payments. It adds two-factor authentication via Touch ID, Face ID, PIN, or passcode. Devices wirelessly communicate with point of sale systems using near field communication (NFC), with an embedded secure element (eSE) to securely store payment data and perform cryptographic functions, and Apple's Touch ID and Face ID for biometric authentication.
The Samsung Galaxy S6 is a line of Android-based smartphones manufactured, released and marketed by Samsung Electronics. Succeeding the Samsung Galaxy S5, the S6 was not released as a singular model, but instead in two variations unveiled and marketed together—the Galaxy S6 and Galaxy S6 Edge—with the latter differentiated primarily by having a display that is wrapped along the sides of the device. It is distinguished from its predecessor through a battery with an increased charging speed but a decreased capacity, an optically stabilized camera, sound in slow motion video recordings, a glass back, and it lacks a user-replaceable battery, a memory card slot, water resistance, and MHL-to-HDMI connection for viewing on an external monitor or television set.
Samsung Pay is a mobile payment and digital wallet service, operated by the South Korean company Samsung Electronics. It lets users make payments using compatible smartphones and other Samsung-produced devices, accessed using the Samsung Wallet app.
LG Pay was a mobile payment and digital wallet service by LG Electronics that let users make payments using compatible phones. The service supported contactless payments using near-field communications (NFC), but also incorporated wireless magnetic communication that allowed contactless payments to be used on payment terminals that only supported magnetic stripe transactions.
Google Pay is a mobile payment service developed by Google to power in-app, online, and in-person contactless purchases on mobile devices, enabling users to make payments with Android phones, tablets, or watches. Users can authenticate via a PIN, passcode, or biometrics such as 3D face scanning or fingerprint recognition.
Google Wallet is a digital wallet platform developed by Google. It is available for the Android, Wear OS, and Fitbit OS operating systems, and was announced on May 11, 2022, at the 2022 Google I/O keynote. It began rolling out on Android smartphones on July 18.