Security Concerns with NFC Technology
New users of near field communication, especially for payment purposes such as storing credit card information, are understandably concerned at first about the security and safety of their private information. Possible security attacks include eavesdropping, data corruption or modification, interception attacks, and physical thefts. Below we cover the risks and how NFC technology works to prevent such security breaches from occurring.
Eavesdropping
Eavesdropping is when a criminal “listens in” on an NFC transaction. The criminal does not need to pick up every single signal to gather private information. Two methods can prevent eavesdropping. First there is the range of NFC itself. Since the devices must be fairly close to send signals, the criminal has a limited range to work in for intercepting signals. Then there are secure channels. When a secure channel is established, the information is encrypted and only an authorized device can decode it. NFC users should ensure the companies they do business with use secure channels.
Data Corruption and Manipulation
Data corruption and manipulation occur when a criminal manipulates the data being sent to a reader or interferes with the data being sent so it is corrupted and useless when it arrives. To prevent this, secure channels should be used for communication. Some NFC devices “listen” for data corruption attacks and prevent them before they have a chance to get up and running.
Interception Attacks
Similar to data manipulation, interception attacks take this type of digital crime one step further. A person acts as a middleman between two NFC devices and receives and alters the information as it passes between them. This type of attack is difficult and less common. To prevent it, devices should be in an active-passive pairing. This means one device receives info and the other sends it instead of both devices receiving and passing information.
Theft
No amount of encryption can protect a consumer from a stolen phone. If a smartphone is stolen, the thief could theoretically wave the phone over a card reader at a store to make a purchase. To avoid this, smartphone owners should be diligent about keeping tight security on their phones. By installing a password or other type of lock that appears when the smartphone screen is turned on, a thief may not be able to figure out the password and thus cannot access sensitive information on the phone.
While it may seem like NFC would open up a world of new security risks, it may actually be safer than a credit card. If a user loses her credit card, a criminal can read the card and find out the owner’s information. If that same person loses her smartphone and has it password protected the criminal cannot access any private info. Through data encryption and secure channels, NFC technology can help consumers make purchases quickly while keeping their information safe at the safe time.
NFC Phones Raise Opportunities, Privacy and Security Issues
Security in NFC (PDF File)
Eavesdropping
Eavesdropping is when a criminal “listens in” on an NFC transaction. The criminal does not need to pick up every single signal to gather private information. Two methods can prevent eavesdropping. First there is the range of NFC itself. Since the devices must be fairly close to send signals, the criminal has a limited range to work in for intercepting signals. Then there are secure channels. When a secure channel is established, the information is encrypted and only an authorized device can decode it. NFC users should ensure the companies they do business with use secure channels.
Data Corruption and Manipulation
Data corruption and manipulation occur when a criminal manipulates the data being sent to a reader or interferes with the data being sent so it is corrupted and useless when it arrives. To prevent this, secure channels should be used for communication. Some NFC devices “listen” for data corruption attacks and prevent them before they have a chance to get up and running.
Interception Attacks
Similar to data manipulation, interception attacks take this type of digital crime one step further. A person acts as a middleman between two NFC devices and receives and alters the information as it passes between them. This type of attack is difficult and less common. To prevent it, devices should be in an active-passive pairing. This means one device receives info and the other sends it instead of both devices receiving and passing information.
Theft
No amount of encryption can protect a consumer from a stolen phone. If a smartphone is stolen, the thief could theoretically wave the phone over a card reader at a store to make a purchase. To avoid this, smartphone owners should be diligent about keeping tight security on their phones. By installing a password or other type of lock that appears when the smartphone screen is turned on, a thief may not be able to figure out the password and thus cannot access sensitive information on the phone.
While it may seem like NFC would open up a world of new security risks, it may actually be safer than a credit card. If a user loses her credit card, a criminal can read the card and find out the owner’s information. If that same person loses her smartphone and has it password protected the criminal cannot access any private info. Through data encryption and secure channels, NFC technology can help consumers make purchases quickly while keeping their information safe at the safe time.
NFC Phones Raise Opportunities, Privacy and Security Issues
Security in NFC (PDF File)
Learn More
- Near Field Communication Technology Standards
- NFC Signaling Technologies
- History of Mobile & Contactless Payment Systems
- Security Concerns with NFC Technology
- Development of NFC Compatible Smartphones
- FeliCa Technology
- NFC SD and SIM Cards
- QR Codes versus NFC Tags
- Near Field versus Far Field
- Near Field Communication versus Bluetooth