Xpay for dummies

This #PayDecoding, XPay for dummies helps you to keep up appearances in front of your kids… and push your expertise a little further!

 


 

Xpay is an NFC based protocol. To begin with, what is NFC?

NFC stands for Near Field Communication.

It is a technology that allows data exchange between a reader and any compatible mobile terminal. The advantage of this technology is that in principle, no application is required. All you have to do is bring the two devices together. With Apple devices (smartphone, watch, tablet), the NFC chip is only used for mobile payments (via Apple Pay) and access control (e.g. hotel keys). But on Android, NFC also offers other uses.

These uses can be divided into 3 main categories:

  • card emulation (using the Xpay protocol that we will describe next)
  • reader mode (via QR Codes for example)
  • peer-to-peer data transfer (sending files, photos, contacts in peer-to-peer between two NFC-enabled phones)

Thanks to card emulation (enabled by the Xpay protocol), the phone becomes a smart card. This is called the “passive” mode. The phone sends information to the NFC receiver. This receiver can be placed in the doors of subway stations or in a payment terminal. All e-wallet that offer to create a virtual image of your payment cards use the Xpay protocol.

The protocol works in “lasagna” mode :

  • The NFC layer which allows the exchange of data
  • The EMV layer which is the payment protocol of the card scheme (VISA for example)
  • The payment information layer which is stored in the HCE (on Android) or the Security Module of the device (on iOS).
  • The Wallet layer which provides security and authentication
  • When creating an image of the card, Xpay adds a Dynamic Pan (DyPan). It is a token that can only work on one device:
    I change my phone, I lose my token.

The e-wallet adds two-factor authentication via Touch ID, Face ID, PIN or passcode. These integrated secure elements allow for secure storage of payment data and cryptographic functions.

Notice that the physical card (plastic) and the virtual card available in the e-wallet (XPay protocol) have 2 different life cycles. Thanks to the Token network (MDES at Mastercard, VTS at VISA, etc.) banks can automatically update the card image when the plastic card expires.

 


 

This #PayDecoding Xpay for dummies interesting you?

You want more? Access to the #PayDecoding library