X

Sign in

Sign in to confirm

Have you forgotten your password?

... or login with Facebook:

Don't have an AndroidPIT account yet? Sign up

Is NFC Secure? In A Word: Yes!

Aaron Tilton
0

NFC Security

One thing is certain: NFC is here and will be embraced by the public faster then you might think. And there are more then a few editors here at AndroidPIT, who would bet good money that we’ll soon be making most of our purchases via NFC in the near future. But as was the case with almost every new technology in the last 10 years, NFC makes some people uneasy. Rumors and myths keep dominating the public discussion about the future of NFC; “But my money wont be safe if I use NFC!” or “What happens if my phone gets a virus and steals all my data?`” These questions have already been answered dozens of times. NFC is a secure technology, whose time has come.

But what’s causing all this uncertainty? It has to come from somewhere after all! It might be because, for a lot of people, the term NFC appeared almost over night. And, while most publications are quick to tout the advantages of NFC (AndroidPIT included), you’d be hard pressed to find a decent discussion of just how secure NFC really is. So, to help clear up the rumors and misinformation, we’ve put together a list of the most important security and personal privacy questions regarding NFC and, hopefully, been able to answer them all.

How does NFC function?
NFC is an abbreviation for Near Field Communication. The technology is based on Radio Frequency Identification– RFID for short– which transmits information to a RF receiver over a short distance and is powered either by your mobile handset or through a NFC terminal.

What is NFC used for?
At the moment Near Field Communication is almost exclusively used for monetary transactions. And it’s most likely this field, which will help NFC gain public acceptance. But NFC can do a lot more then just replace the cash in you wallet. Anytime you need to identify yourself, NFC could jump in to help save you time. Imagine checking into a hotel. Instead of picking up a key from the desk, you could get it sent to you wirelessly over your smartphone... or concert tickets... keys for a rental car... etc.

The technology is so flexible that you can expect entirely new business models to develop around the new wireless standard.

Are there only NFC chips in smartphones?
At the moment, NFC is most closely associated with credit or debit cards, but the chips could be installed in stickers, key rings, etc. Smartphones, however, are a logical place for the new technology because of the mobile communication possibilities they provide and it would be a safe bet that more and more smartphones will come equipped with the new communications technology. By the way, you don’t need an Internet connection to make a payment with NFC!


Is paying with NFC secure?
Let’s get this out of the way right off the bat: It’s impossible to guarantee 100% security. However, NFC manufacturers make use of the same security measures we already know from credit cards and when NFC is utilized in smartphones, they make use of additional security precautions, which make wireless payment systems, such as the MasterCard PayPass system, very secure. An NFC transaction has built in security mechanisms at almost every step of the process. The name of the account holder is not saved on the NFC chip–an important criteria for preventing abuse and a step up from credit card security– and each NFC terminal sends a verification signal to the NFC chip in your phone, which makes sure they are only dealing with one and the same transaction at a given time.

For the more tech. oriented among us, NFC utilizes the CVC3 security and encryption system with 112 bit encryption to protect transactions. CVC3 is a dynamic protocol (meaning each transaction encrypted uniquely) and is a major step up from the static CVC1 codes currently used by credit card companies. Put simply: If this isn’t secure, then nothing on the consumer market is.

But if that’s not enough for you, there is also an automatic PIN code required for all transactions over $30. But the system is also designed to randomly require a PIN and/or signature for transactions under $30, just to be sure. But even with the PIN and signature requirements, it’s still on average faster then paying with cash.

Can scamers electronically copy my chip and gain access to my accounts?
If you’ve been reading this closely, you probably already guessed but let’s make this clear, it’s hard to imagine a scenario, where it would make any economic sense to try. The chip is securely installed; you’re information is encrypted and not in anyway connected to your real name. While they could attempt to crack the encryption protocol, it is such a complex process that it wouldn’t be worth it to actually sit down and try to brake the encryption.

Even if they did manage to get a hold of your information and decrypt it, it would be completely pointless as the chip can not, in an of itself make any transactions. You couldn’t copy the account information onto a similar card to make a transaction, which is a major danger with traditional credit cards as many of you (and your’s truly) may have already experienced.

Can illicit apps gain access to my NFC chips to make unapproved transactions?
The NFC chip doesn’t have any access to any data on your phone. Virus or trojans could theoretically gain access to your phone and attempt to get gain access to your NFC chip. But it could only attempt to get a hold of your password, cannot be used to make transactions as a background security system must authorise transactions before they can be made. But as we mentioned above, not all the information necessary for a transaction is saved on the chips meaning the information alone is worthless.

So, yes, it would be possible to access a part of the information on the chip but it wouldn’t be enough information to do any harm on its own.


But what happens if my phone is stolen? Can someone clean out my bank account?
Of course you are going to have a loss, if you lose your phone but you don’t have to worry about getting your bank account cleaned out, when your phone disappears. Just like with credit car theft, the second you notice your phone is going you can lock your account, preventing any major loss from your NFC chip. The PayPass terminals generally connected via a hard line to the MasterCard authorisation system or to the internet and ask for authorisation before they allow a transaction. All amounts above $30 require a pin. So even, if the thief has access to your phone, it wouldn’t be a financial Apocalypse if you’re phone were to disappear as the thief could only make a small transaction, which is limited in size and scope by the authorisation system.

But besides all the technical details, NFC users are only liable in the case of extreme negligence and normally only for a maximum of $200.

Loosing your wallet will probably be more of a headache then loosing an NFC chip. Once your cash is gone, there isn’t a bank in the world that will reimburse you for the loss. And you have to get all of your accounts blocked and then wait for new cards to be delivered. With a Google wallets account, just logging in with a new chip is enough.

Just in case you are wondering, most people need around 4 hours to notice that their wallet has gone missing and only 18 minutes to notice that their phone has disappeared. Another advantage to NFC security.

Can I still pay with NFC even if my battery is dead?
You’re out to eat and right when the waiter comes you realize you forgot to charge your phone. Are you going to be washing up for desert? With NFC, you wont need to get your hands wet! NFC chips don’t need much power to run and even if your battery is dead you can still make up to 10 NFC transactions.

Does NFC further help erode my personal privacy?
People have a lot of worries. That people are watching our movements; the business know what we are doing every second; that the black coat will look worse then the blue coat; that you can see their house in online maps.

I don’t want to belittle their fears but many of them are based on misinformation about what business are really interested in. But the fact is, if you really don’t want to be trackable, then don’t use NFC, forget about smartphones and hide from the Internet! Any digital transactions reveal a lot about the person making them.

On the other hand, not all of the concerns are over blown. But, unless you have reason to think people are actively tracking you, you don’t have that much to worry about.

NFC is coming and soon. The new communications technology will change much about how we think about the digital economy. Give that fact serious consideration and critical thought is, of course, only part of being a health consumer. But their is no need for panic. People were also skeptical of PayPal at the start and that criticism drove PayPal to improve it’s security and service. The advantages of the new technology out weigh the concerns. At least that’s our opnioin regarding NFC. We’d love it if our phone could double as keys, concert tickets, or I.D.s. NFC’s improved security features also represent an improvement over traditional security standards. Today, if I were to loose my keys, anyone who finds them could get into my house. With NFC, if I loose my phone, I can change all my locks in a heartbeat and get a new digital key in seconds without ever having to call a locksmith.

In other words, it's a great time for smartphone users! But I do pitty the locksmiths.

 

Related NFC News:

Comments

Write new comment: