NFC World

Santa Clara University rolls out iPhone NFC student IDs

Student uses Apple iPhone NFC ID to buy from vending machine

Students, faculty and staff at Santa Clara University in the US can now add their Access student ID card to Apple Wallet and use their iPhone and Apple Watch to access buildings, attend athletic events, purchase meals and check out books from the library, the Silicon Valley-based university has announced... More








What's New in Payments

NXP reports on biometric payment cards

Covershot: What's next for payment cards

Biometric cards equipped with built-in fingerprint sensors have the potential to make payments both safer and easier, but the technology is still new and there are critical elements that need to be put in place to ensure widespread adoption, NXP explains in a white paper now available to download from the NFCW Knowledge Centre... More



What's New in Payments

Chinese fraudsters turn to QR codes to spread Trojans and viruses

QR code scams rise in China, putting e-payment security in spotlight — South China Morning Post — “By replacing legitimate merchants’ codes with malevolent copies, fraudsters can gain access to consumers’ data and even raid their bank accounts… According to one senior official and technology expert, almost a quarter of Trojans — malicious programs disguised as benign software – and other viruses are transmitted though QR codes.”


What's New in Payments

Mastercard pilots decentralized digital identities

Mastercard brings digital identity to real world tests — Mastercard — “The pilot will test a new way for people to prove their identity without having to carry multiple documents. Instead, the model allows the data to sit with its rightful owner — the user. It will activate a distributed model that blends information stored on an individual’s mobile device and verified by additional reference points, such as an individual’s bank or participating government agencies.”



JPMorgan Chase to tokenize open banking permissions

JPMorgan Chase, Envestnet l Yodlee sign agreement to increase customers’ control of their data — JPMorgan Chase & Co — “Envestnet I Yodlee is committing to send 100% of its requests for Chase customer data through the bank’s secure API (application programming interface). This will ensure the apps can receive Chase customer data they need while customers control what’s shared with whom…. Because the secure API uses a token-based approach, customers will no longer need to give out their username and password.”


What's New in Payments

PCI publishes CPoC standard for accepting contactless payments on off-the-shelf NFC devices

PCI Security Standards Council publishes new standard for contactless payments — PCI Security Standards Council — “The primary elements of a CPoC solution include: a Cots [commercial off-the-shelf] device with an embedded NFC interface to read the payment card or payment device; a validated payment acceptance software application that runs on the merchant Cots device initiating a contactless transaction; and back-end systems that are independent from the Cots device and support monitoring, integrity checks and payment processing.”


What's New in Payments

Grab to issue mobile-first numberless Mastercard across SE Asia

Grab launches Asia’s first numberless card — Grab — “The physical version of the card is completely numberless, front and back, thus averting the prospect of theft of personal and financial information… The digital GrabPay Card is available in Singapore starting today… The digital GrabPay Card will be launched in the Philippines in Q1 2020, with other Southeast Asian countries to follow in the first half of next year.”



NFC World

Google offers $1m Titan M secure element bug bounty

Expanding the Android Security Rewards Program — Google — “The Android Security Rewards (ASR) program was created in 2015 to reward researchers who find and report security issues to help keep the Android ecosystem safe… Today, we’re expanding the program and increasing reward amounts. We are introducing a top prize of $1 million for a full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices.”