Contactless Technology Overview

Are you lost in a maze of contactless technology standards?

Contactless technology is a term often used to describe a set of technologies originally developed to help identify objects. This technology has advanced and has found new applications, such as access control, inventory management, data exchange, contactless point-of-sale payments and toll collections.

Today, contactless technology can be found in different form factors, such as smart cards, tags and mobile smartphones.

What is RFID (Radio Frequency IDentification)?

RFID (Radio Frequency IDentification) was one of the first forms of contactless technology and is still in widespread use today. RFID can be thought of as a modern version of the barcode technology which can be found on virtually any product today.

Similar to a barcode, an RFID tag is attached to the object to be identified and then a reader device (also known as an interrogator device) is used to read the contents of the tag. Depending on the type of tag used, the read distance (the distance between the reader and the tag) can be up to 100 m. Communication with the RFID is usually one way, which means that the reader can only read from the tag and is not able to modify its electronic content.

An RFID tag consists of a radio frequency transceiver (transmitter and receiver), an antenna and electronic circuitry to store the tag’s content. The information stored on a tag can either be pre-assigned by the manufacturer (such as an identification number) or it can be programmed by the user to provide custom information. An RFID reader transmits an encoded radio signal and when a tag is within read distance, it will respond by transmitting its contents to the reader.

There are two main types of RFID tags available – passive and active. The main difference between passive and active tags is the way that they are powered. Active RFID tags use an internal power source (battery) to power the tags continuously. Passive RFID tags don’t use an internal power source, but rather rely on the electromagnetic energy emitted from the reader device. A consequence of passive tags having to rely on the electromagnetic energy from the reader device, is that the read distance with such a tag is much shorter than for active tags.

In addition to active and passive tags, there is also a sort of hybrid tag available, called a BAP(Battery Assisted Passive) tag. A BAP tag has a small internal battery but does not continuously power the tag, as with an active tag. The BAP tag will only switch on when it detects the electromagnetic field radiated from a reader device, thus saving battery power when a reader is not present. The advantage of a BAP tag is that, since it has an internal battery, it can transmit its data over a larger distance, which means it has a larger read distance than a standard passive tag.

What is NFC (Near Field Communication)?

NFC (Near-Field Communication) expands on RFID to allow for two way communication as well as higher data transfer rates (up to 424 kbit/s), at the cost of a much shorter read distance of approximately 10 cm.

Current NFC applications range from data exchange, access control, contactless transactions and automated setup of more advanced communication systems, such as Bluetooth or WiFi. Although NFC is a two-way communication technology, it is also compatible with one-way readable RFID tags operating at the same frequency.

Contactless payment cards are available from various financial institutions. They are used in almost exactly the same way as the traditional magnetic stripe or pin-chip credit or debit card. The only difference is that, instead of swiping or inserting the card into a reader, the tag is simply brought into close proximity.

Many new mobile phones have built-in NFC capability, which allows them to be used in contactless payments. This allows for mobile phones to replace the traditional magnetic stripe or pin-chip payment cards.

As NFC is limited to a maximum data transfer rate of 424 kbit/s, it is sub-optimal to use the NFCconnection to transfer large amounts of data. Mobile phone manufacturers therefore have implemented systems that use NFC automatically to set up a faster and higher bandwidth communication protocol, such as Wi-Fi or Bluetooth. The actual data is then transferred using one of these higher speed communication links.


Various international standards have been developed to define different forms of contactless technology for various applications. This section will describe some of the more widely used standards.

ISO 11784 & 11785 & 14223

The ISO 11784 & 11785 standards are international standards regulating the use of RFID in the identification of animals.

The RFID tag is usually implanted just under the animal’s skin. It is then possible to identify and track a specific animal as long as it is in range of an RFID reader device. RFID tags used for tracking animals are usually passive devices. The tag will wait for an interrogation signal from anRFID reader to power it and will then transmit a bitstream to the reader. The bitstream consists of an identification code, as well as some error correction bits, which ensure that the identification code was not modified during transmission and is in fact correct. The ISO 11784 standard specifies the structure of the identification code, while the ISO 11785 standard specifies the transmission protocol between the transceiver and transponder using low frequency (134.2 kHz)RFID tags. Two different schemes are defined below:

Protocol Full Duplex Half Duplex
Modulation ASK FSK
Frequency 129.0 – 133.2 kHz
135.2 – 139.4 kHz
124.2 kHz for 1 bit
134.2 kHz for 0 bit
Channel code DBP

The ISO 14223 standard expands on the ISO 11784 & 11785 standards to include specifications for more advanced RFID tags/transponders, with more memory. In addition to the transmission of the identification code as in ISO 11784 & 11785, the ISO 14223 standard describes advanced management functions to access and control the additional memory. It is, for instance, possible to use the RFID tag to read back data from sensors.

It should be noted that ISO 14223 is fully backwards compatible with ISO 11784 & 11785. It is therefore possible to read an ISO 11784/11785 tag with an ISO 14223 reader as well as to read an ISO 14223 tag with an ISO 11784/11785 reader.

ISO/IEC 14443

The ISO/IEC 14443 standard is an international standard technically defining proximity cards and the protocol used to communicate with such a card.

This is the most popular RFID standard and is used in implementations such as MIFARE cards, Calypso electronic ticketing system, Biometric passports, EMV payment cards (PayPass, payWave, ExpressPay), German identity cards, etc. This standard uses the terms PCD (Proximity Coupling Device) and PICC (Proximity Integrated Circuit Card) for the reader and tag devices respectively.

The ISO/IEC 14443 standard consists of four parts, each describing a different aspect of the proximity card and its use. The four parts are as follows:

  • Part 1: Physical characteristics
  • Part 2: Radio frequency power and signal interface
  • Part 3: Initialisation and anti-collision
  • Part 4: Transmission protocol

The standard specifies two types of cards, namely Type A and Type B. Both types use the same carrier frequency but use different modulation and encoding schemes. The details for the RF interface are given below for Type A and B respectively.

Type A Transmission from PCD to PICC Transmission from PICC to PCD
Carrier 13.56 MHz
Subcarrier 847.5 kHz
Modulation ASK 100% Load modulation
Coding Modified Miller OOK, Manchester
Type B Transmission from PCD to PICC Transmission from PICC to PCD
Carrier 13.56 MHz
Subcarrier 847.5 kHz
Modulation ASK 10% Load modulation

ISO/IEC 15693

The ISO/IEC 15693 standard is an international standard technically defining vicinity cards, which have a longer read range than proximity cards.

Vicinity cards operate at a frequency of 13.56 MHz and are readable at up to a distance of 1.5 meters. The technical specifications for the RF interface are given below:

  Transmission from reader to card Transmission from card to reader
Carrier 13.56 MHz
Subcarrier 423.75 kHz for ASK
423.75 and 484.25 kHz for FSK
Modulation ASK 10% or ASK 100% ASK 100%
Coding Manchester Manchester

ISO 18000

The ISO 18000 standard is a set of international standards defining a series of RFID technologies over a range of frequencies.

The standard is broken down into 7 parts as follows:

  1. Defines generic parameters for air interface communication throughout the ISO/IEC 18000 standard
  2. Definition for communication below 135 kHz
    1. ISO standard for low frequency RFID
  3. Definition for communication at 13.56 MHz
    1. ISO standard for high frequency RFID
    2. Read / Write capability
  4. Definition for communication at 2.45 GHz
    1. ISO standard for microwave frequency RFID
  5. Definition for communication at 5.8 GHz
    1. This part of the standard has been withdrawn
  6. Definition for communication between 860 MHz and 930 MHz
    1. ISO standard for UHF (Ultra High Frequency) RFID
    2. Read/Write capability
  7. Definition for communication at 433.92 MHz

ISO/IEC 18092 / ECMA-340

The ISO/IEC 18092 and ECMA-340 standards are international standards defining the NFCinterface and protocol.

The standard defines NFC using inductively coupled devices operating at a carrier frequency of 13.56 MHz, using both the active and passive communication modes. For the RF interface, it defines the modulation, coding, transfer speeds, frame format, initialisation schemes and data collision control during initialisation. The standard further defines the transport protocol for communication between NFC devices. The most important RF specifications are given below:


Transmission from reader to card

Transmission from card to reader


13.56 MHz


847 kHz


ASK (100% or 10%)





ISO/IEC 21481 / ECMA-352

The ISO/IEC 21481 standard is an international standard defining the communication mode selection mechanism for devices based on ISO/IEC 18092, ISO/IEC 14443 or ISO/IEC 15693.

The ISO/IEC 18092, ISO/IEC 14443 and ISO/IEC 15693 standards all use 13.56 MHz as the carrier frequency for communication but they use different communication modes, namely NFC,PCD and VCD respectively. The selection mechanism as defined in ISO/IEC 21481 allows for the detection and selection of one of these communication modes to make communication between devices possible.

Notable implementations


MIFARE consists of a wide range of contactless integrated circuit products from NXPSemiconductors. The MIFARE range has a typical read/write distance of 10 cm and is used worldwide, with approximately 50 million readers and 5 billion contactless cards sold.

MIFARE is ISO/IEC 14443 compliant and therefore uses a 13.56 MHz carrier frequency with a read range of approximately 10 cm.


Calypso is an international ticketing standard for microprocessor-based contactless smartcards. The Calypso card consists of an embedded microprocessor, which in addition to storing the user’s information, also implements a custom Calypso authentication scheme for security. This differs significantly from most other contactless ticketing systems, which only contain an electronic memory chip and offer no authentication.

Calypso’s air interface is compatible with the ISO/IEC 14443 standard (Type A & B).


HID Global provides a wide range of RFID-based identification and physical access control solutions.

The HID iCLASS smart card series utilises the 13.56 MHz frequency band and has an RF interface compatible with ISO/IEC 15693 & 14443B (106 kbps mode).

The HID SmartID series of 13.56 MHz RFID readers is ISO/IEC 14443 compatible. HID SmartID readers augment the HID iCLASS series by adding support for MIFARE- and DESFire-based cards.

HID Prox is a series of 125 kHz RFID proximity cards and readers. Depending on the HID Prox reader used, a maximum read distance of 61cm may be obtained.

EMV payment card

EMV (Europay, Mastercard and Visa) is an international standard governing the interface specification between “chip cards” and devices such as POS (point-of-sale) terminals and ATMs (Automated Teller Machines). This standard specifies the authentication mechanisms used to validate credit and debit card transactions.

In the case of contactless cards, the EMV standard is based on the ISO/IEC 14443 standard.

German identity card

From 2010, Germany has been issuing identity cards to its citizens containing an RFID chip. TheRFID chip is an ISO 18000-3 & 14443-A compatible 13.56 MHz device.

The RFID enabled identity card stores the information given on the ID card (name, date of birth, photo, etc.) as well as the citizen’s fingerprint (optional). When signed electronically by a third party company, the ID can also be used in conjunction with a PIN for online authentication.




MWR is an accredited member of The Cyber Security Incident Response Scheme (CSIR) approved by CREST (Council of Registered Ethical Security Testers).
MWR is certified under the Cyber Incident Response (CIR) scheme to deal with sophisticated targeted attacks against networks of national significance.
We are certified to comply with ISO 14001 in the UK, an internationally accepted standard that outlines how to put an effective environmental management system in place.
MWR is certified to comply with ISO 27001 to help ensure our client information is managed securely.
As an Approved Scanning Vendor MWR are approved by PCI SSC to conduct external vulnerability scanning services to PCI DSS Requirement 11.2.2.
We are members of the Council of Registered Ethical Security Testers (CREST), an organisation serving the needs of the information security sector.
MWR is a supplier to the Crown Commercial Service (CCS), which provides commercial and procurement services to the UK public sector.
MWR is a Qualified Security Assessor, meaning we have been qualified by PCI to validate other organisation's adherence to PCI DSS.
As members of CHECK we are measured against high standards set by CESG for the services we provide to Her Majesty's Government.
As a Certified Simulated Attack Manager and Certified Simulated Attack Specialist, MWR are authorized by CREST to perform STAR penetration testing services.