How do NFC payments work?

As far I know NFC tags are quite simple. They contain small amount of data, from several bytes to few kilobytes. NFC / RFID readers receive that data. They can also write back some data to read it later.

I thought that NFC payments are more secure than traditional magnetic cards where whole security is based on one secret number.

So how do NFC payments are implemented? I am especially interested in impleme开发者_开发问答ntations which we'll have on Android devices. Please describe only high level algorithm.

On a bit lower level NFC works using so-called NDEF protocol (NFC data exchange format). Basically NDEF consisting message->record->payload. Payload where application specific information goes. It depends solely on application which kind of data/encryption will be in those payload.

So there's no standard payment method implementation. Everything will depend on vendors. For example how Google and Visa guys will establish data exchange protocols and implement it.

It's very similar to regular chip and pin, except that your phone becomes a contactless credit card. You will have to enter a pin on a sales terminal.

Well, an Android device will not act as a simple tag, sending always the same data to a reader on a PoS. It can have keys in its Secure Element chip with which to sign responses and therefore produce them tailored to a certain purchase which can be verified by the merchant by checking the signature, or an online merchant can query the issuing bank directly and it can verify the authenticity of these responses.