The security associated with the ring is a non-trivial issue and the one that has the greatest impact on the cost of the item. We explain the key points that you should keep in mind when evaluating it.
NFC chip certified by Visa and Mastercard
There are many different types of NFC chips with very different purposes. The most general-purpose ones allow data to be recorded without any kind of security. They are usually used to exchange non-sensitive data such as business cards or links to web pages. Of course, any low-cost ring can use this type of chip, but if you think of recording your bank card details on it, you expose yourself to the possibility of anyone copying them, and no payment terminal would know what to do with that data, as it lacks the credentials that authenticate it as valid for Visa/MasterCard transactions.
The chip in Rikki rings complies with the reading and recording standards specially designed by Visa and Mastercard, so that only platforms certified by these companies can record on them and interpret their data.
If you are a Rikki user, we invite you to check it yourself: use the NFC reader on your mobile and try to read the data recorded on your ring. Does this message sound familiar to you?: There is no compatible application for this NFC tag
Now download an app that can read and write NFCs. You will be able to read the technical data that identifies the chip, but you will not be able to read the information recorded inside (your bank card) or edit it.
Therefore, not every NFC ring is suitable for payment, so before buying it, make sure that it will fulfill the purpose you are looking for.
Your card data is encrypted
On the other hand, the data recorded on the ring has previously been encrypted to prevent any agent outside the banking circuit from reading it. The encryption of said data can only be done by Visa or Mastercard, who are the ones who keep the decryption keys so that they can be read when they reach their systems. In other words, your card data is not stored on your ring exactly as you read it, but is encrypted with a very long and difficult-to-decipher cryptic word (token). When this word reaches the Visa and Mastercard systems, it is converted back into natural language so that the bank can identify your card and approve the operation.
Data traveling safely
There are several very important aspects for the security of your money that you must control with the utmost rigor:
The moment of providing your bank card details
As required by Internet security regulations, all companies that wish to offer services in which user data must be exchanged must comply with the SSL (Secure Sockets Layer) security standard.
This is a security protocol that creates an encrypted link between a web server and a web browser, to prevent a third party not involved in the transaction from reading it. You will know if a website is using this protocol if you see a padlock in the browser URL, as is the case with the Rikki store.
The platform that collects your card data
Just like the chip, the provider that collects the card data and sends it to Visa or MasterCard must be certified by these two companies, meaning it must meet their security standards, and be integrated with the tokenization servers of both companies.
This platform collects your card details and provides them to Visa or Mastercard so that they can return the card token. Once this token is obtained, Rikki records it on the ring by connecting securely to the platform.
Stay alert. Recently we have been encountering people on social media who are trivializing the security aspects of the ring with supposedly critical comments about its cost, inviting users to buy cheap Chinese rings and convert them into paid rings “through an app that they will send to the unwary in private.”
For anyone familiar with the subject, these messages will set off all the alarms, because giving your bank details to a person or company that is not clearly identified, and that does not comply with the security standards of Visa and Mastercard, is the same as giving your bank account passwords to the first person you pass by.
As you can see, neither the technological solution we use is as simple as the aesthetics of the ring (we have been working on it for over 2 years), nor do we hide behind untraceable identities. Please, never give your card details to anyone who cannot be clearly identified and is not properly certified by your Visa or Mastercard card provider.
The moment to pay with your ring
It's the same as with any bank card, you do it through the merchant's payment terminal, which reads the first letters of your card's token and sends them to Visa or Mastercard so that they can process the transaction with your bank. The advantage over a traditional card is that, even if it's stolen or you're sniffed for a few moments, no one can read or clone your card data, as we've explained above.
But with the solution we offer you, you are always informed of the payments you make with the ring, since you receive an instant notification on your mobile phone, and they are recorded in the app. What's more, if you don't use it temporarily, you can pause payments and, if you lose it, you can block the card.
Do you still have questions? Write to Rikki on WhatsApp: 621 26 60 02 and we will try to clarify anything that concerns you.
-------------------------
Elena Fuenmayor
Computer engineer with more than 12 years of experience in electronic certification and banking security projects.