New users of near field communication, especially for payment purposes such as storing credit card information, are understandably concerned at first about the security and safety of their private information. Possible security attacks include eavesdropping, data corruption or modification, interception attacks, and physical thefts. Below we cover the risks and how NFC technology works to prevent such security breaches from occurring.
Eavesdropping
Eavesdropping is when a criminal “listens in” on an NFC transaction. The criminal does not need to pick up every single signal to gather private information. Two methods can prevent eavesdropping. First there is the range of NFC itself. Since the devices must be fairly close to send signals, the criminal has a limited range to work in for intercepting signals. Then there are secure channels. When a secure channel is established, the information is encrypted and only an authorized device can decode it. NFC users should ensure the companies they do business with use secure channels.
Data Corruption and Manipulation
Data corruption and manipulation occur when a criminal manipulates the data being sent to a reader or interferes with the data being sent so it is corrupted and useless when it arrives. To prevent this, secure channels should be used for communication. Some NFC devices “listen” for data corruption attacks and prevent them before they have a chance to get up and running.
Interception Attacks
Similar to data manipulation, interception attacks take this type of digital crime one step further. A person acts as a middleman between two NFC devices and receives and alters the information as it passes between them. This type of attack is difficult and less common. To prevent it, devices should be in an active-passive pairing. This means one device receives info and the other sends it instead of both devices receiving and passing information.
Theft
No amount of encryption can protect a consumer from a stolen phone. If a smartphone is stolen, the thief could theoretically wave the phone over a card reader at a store to make a purchase. To avoid this, smartphone owners should be diligent about keeping tight security on their phones. By installing a password or other type of lock that appears when the smartphone screen is turned on, a thief may not be able to figure out the password and thus cannot access sensitive information on the phone.
While it may seem like NFC would open up a world of new security risks, it may actually be safer than a credit card. If a user loses her credit card, a criminal can read the card and find out the owner’s information. If that same person loses her smartphone and has it password protected the criminal cannot access any private info. Through data encryption and secure channels, NFC technology can help consumers make purchases quickly while keeping their information safe at the safe time.
NFC Phones Raise Opportunities, Privacy and Security Issues
Security in NFC (PDF File)
FAQs
NFC devices are frequently used to breach the systems they were designed to protect. Our research shows that some NFC devices are vulnerable to pre-play, replay, relay, eavesdropping, and side-channel attacks that trick the card to perform an unauthorised action or extract sensitive information.
Is NFC technology secure? ›
The transmission of payment information during an NFC transaction must be encrypted to most securely protect that data. Business owners should only choose a PCI DSS compliant payment processor that encrypts transaction information.
What are NFC attacks? ›
In an NFC hack, a cybercriminal will access the victim's phone via NFC in order to access the data stored there. Because NFC hacks can only take place via a very short distance, cybercriminals will sometimes steal a phone to access it easily. An NFC hack can also be used to access data stored on payment terminals.
Are NFC readers secure? ›
A closer look at NFC payment security
Contactless payment solutions work over incredibly short distances (we're talking about inches, not yards). In order for a would-be thief to potentially steal information, he or she would have to stand uncomfortably close to an NFC-enabled device.
Is it safe to turn on NFC on phone? ›
(For iPhone users, the NFC setting is in Communication settings.) It is more secure to pay using an NFC-enabled device because that way no one has physical access to your credit card info. And if your device is stolen, your PIN and password are still protected.
Is NFC more secure than Bluetooth? ›
There isn't even a need to open the mobile device or app with NFC, students just have to tap on the reader and it will complete their task. Additionally, because it is heavily encrypted, NFC is more secure than Bluetooth.
Can NFC be tracked? ›
An NFC tag can embed a dedicated asset-tracking functionality. By setting up check-points at different locations across the globe, companies can monitor the location of their goods thanks to the NFC tags embedded in the product, and the NFC readers set up in their warehouses and offices for example.
Can NFC chip be hacked? ›
An NFC hack can occur when the NFC chips installed on electronic devices such as smartphones, credit cards, or access fobs get compromised by cybercriminals. These criminals use specialized equipment to hack the NFC tags or chips during transit, also known as drive-by NFC hacking.
Can NFC cards be hacked? ›
There are various tools and apps like Flipper using which the hackers can read your card data, store it, and even clone it. The data stored in NFC can also be copied easily by a phone or a reader device. The hackers can then use your card number and other details to use it for fraudulent purchases.
Is it safe to leave NFC on all the time? ›
If you rarely use NFC, then it's a good idea to turn it OFF. Since NFC is very short range technology and if you don't lose your phone, then there are not much security concerns left with it. But NFC has a real effect on battery life.
While NFC isn't free from security weaknesses, it's more difficult for hackers to access than many other types of RFID because NFC sends information through magnetic field induction, and the field fades faster.
Is NFC more secure than chip? ›
Yes, contactless card payment is as secure as inserting a chip card at the register. Tapping your card to pay at the register is just as secure as inserting a chip card, according to multiple financial services companies and security experts.
Is NFC more secure than QR? ›
Interception attacks: occur when an NFC data transfer is rerouted to a device other than the one that's intended. Why QR Code technology is better: QR Codes are simply much more secure than NFC.
What is the disadvantage of NFC phone? ›
Drawbacks or disadvantages of NFC
Following are the disadvantages of NFC: ➨It can only works in shorter distances which is about 10-20 cm. ➨It offers very low data transfer rates which is about 106 or 212 or 424 Kbps. ➨It is very expensive for the companies to adopt the NFC enabled devices.
Should I keep my NFC on or off? ›
If you're not using NFC, turning it off can help conserve battery life and prevent accidental transactions. Turning off NFC can also prevent the phone from being used as an NFC tag or scanner by others. However, if you use NFC for activities such as mobile payments or data exchange, you'll want to keep it enabled.
What is the disadvantage of NFC in mobile? ›
NFC users often encounter problems with sharing files. This can be both with users who have different types of smartphones and for different file formats to be usable when opened by another user. When phones have updates to their operating systems, NFC functionality can be negatively affected.
Are NFC tags encrypted? ›
The encryption of our NFC tags is similar to the secure encryption of a chipped bank card – so they are very secure. If not encrypted, a bank card could be easily scanned and read (like when in close proximity to other people on the tube for example).
Why is NFC not widely used? ›
NFC, by its very nature, is a simple connection with low speeds. It's bad for things like large files, but you can still use it for small stuff like images. Additionally, it requires very close proximity, unlike Bluetooth.
What technology is better than NFC? ›
Beacons have a longer range (up to 100 meters) than NFC (typically a few centimeters), which makes them better suited for location-based applications. Beacons can also be used for outdoor applications, where NFC is limited to short-range indoor applications.
