Contactless payment by means of NFC-enabled bank cards has made our everyday transactions far more convenient over the last decade, but there still remains the tedious task of finding the card and waving it over the reader. Maybe embedded chips are a step too far for many of us, but how about a bank card in a wearable such as a ring? [Jonathan Limén] shows us how, by taking the NFC chip module from a bank card and mounting it on a ring with a wire coil antenna embedded within it.
The chip in a bank card comes mounted on a small thin PCB with contacts on one side and a coil on the other that serves as its antenna. It’s not sensitive enough to work reliably with most card readers, so the card incorporates a separate printed circuit layer that forms a large-sized tuned circuit which couples to the chip antenna. After taking us through the removal of the chip from the card with some acetone, he proceeds to create a replacement for the card antenna by winding a wire coil round the ring. This becomes a trial-and-error process, but in the end, the result is a working NFC payment ring.
We quite like this idea, but would be tempted to both take away some of the trial and error with a vector network analyzer, and run a couple of turns of the wire as a closer coupling coil for the chip. This is a subject we’ve looked at before here at Hackaday, and we wouldn’t mind having another go at it.
Depending on where you live, this might backfire. Here in Austria, NFC-enabled debit cards want to be “contacted” every now and then, else they will refuse further contactless transactions. That’s for security reasons, it limits the damage that can be done with contactless relay attacks. But there are pure NFC alternatives: banks also offer “micro debit cards” at the size of a postage stamp (can be used with an armband or a keyfob) and debit card stickers. There were even rings for some time, but they are no longer promoted, probably because of bad performance.
You are correct, I even think this is the case where I live. Thankfully it haven’t happened to me yet.
But i updated the guide with some ideas around this problem!
Thank you for pointing it out!
Thank you for pointing this out! I added some ideas in the guide if this would happen.
Have a great one!
Yeah here in the UK after a certain number of uses or at random you will be asked to insert the card, to stop someone from stealing it and just running around spending, they can only do that until the bank detects suspicious activity or the limit is reached. So by making a ring like this in the UK, you have a limited number of uses until you need to ask your bank for a new card. Using apple pay or similar on a smart watch is a much better and safer option.
I’m planning on implementing this in a casio w800-h. Paying with a “dumb” watch would be pretty neat.
I think the version of this that Lucy did here is more pretty: https://twitter.com/lucysrausch/status/1466208741221539841
It just seems like wearing an NFC contactless card would be a lot like walking around with hundred-dollar bills sticking out of your pockets. But then, I don’t really understand how contactless payment is a good thing. If I need to confirm the purchase, then it still requires contact, and if I don’t, how can it be secure?
1) you can confirm it on your trusted device (e.g. phone)
2) where you can’t confirm it, there’s a hard cap on the payment values, so if someone does Nick your card you’ll only lose pocket change. (Ish… obviously a few £30 transactions could be massive for some people). Plus the banks are good at refunding it, as they want to promote it.
3) while the unencrypted serial number can be read from a distance of some centimeters, a payment transaction requires a rather tight coupling to the reader coil for several seconds. The crypto engine inside the chip and EEPROM writes need that extra energy and time.
I saw a few comments but I don’t think they address the fundamental issue, which is that you have to turn on NFC system-wide to use the services. It’s often overlooked the possibility that a malicious user would use a zero day or other unpatched exploit to send and receive whatever they want from a malicious NFC tag, outside of the purview of the banking app.
So yes, there is plenty of opportunity for abuse and this shouldn’t be trusted. Most users tend to forget that they left NFC turned on, and say in a hypothetical situation they set their phone on a public wireless charger at something like a coffee shop or airport. In these situations there’s plenty of opportunity for a hacker to leave malicious NFC tags on or near the chargers.
I don’t know why others are so trusting, it sounds like they don’t have many options to pay for good with cash or trade where they live. If you live outside of concrete jungles then there’s no need to lock yourself into electronic transactions, sometimes you just trade a side of beef for a few cords of firewood and shake hands to confirm the transaction.
Thank you for the info. I’ll also add that in some countries (e.g australia) you can be charged extra for paying electronically. Are you rich enough to pay an extra 1% on everything you buy? I’m not.
Then again, i don’t understand how having a smart phone, keeping it updated, charged and paying for data is more “convenient” than just buying stuff with money :-)
Hello, your project is really beautiful, can you send the design file of the ring?