Recent reports have highlighted some major concerns about the security and reliability of near field communications, specifically surrounding the technology’s use in mobile phones. The risks become particularly worrisome in instances where NFC technology is used in conjunction with an app, or other downloadable software, as a means of mobile payment.
“As with credit cards, the sensitive financial data stored on mobile phones will become targets for thieves and the unscrupulous. The upside, though, is that the security of NFC-enabled phones could be quite good, or at least no worse than a credit card,” says Harley Geiger in an article for cdt. He goes on to say that it is up to device manufacturers and service providers to ensure that protections, such as strong cryptography and authentication protocol, are in place for NFC transactions.
Risks
1. Sensitive Financial Data
While NFC’s short read range (maximum of 20 cm) provides some security against transaction interference, there is still concern that it may be possible to steal data from an NFC system from a greater distance, with the use of an antenna.
However, Stacy Cowley of CNN Money notes that NFC’s required proximity of functionality poses a huge obstacle to potential hackers: “The big challenge for would-be NFC hackers is proximity. NFC signals have a tiny range that typically covers just a few centimeters. An attacker has to get very, very cozy with you and your devices to successfully transmit anything malicious.”
2. Spyware or Malware Interference
Another concern is “man-in-the-middle” attacks, in which a hacker may be able to transfer a form of spyware or malware onto a phone through an interaction with that device. The affected device would then infect other devices it comes in contact with later.
“Anti-virus software and operating system architecture that controls flow of information between applications will be important safeguards to mitigate such attacks,” says Gieger. With no shortage of anti-spyware software currently available on the market, it is unlikely that this will remain an issue for long.
3. Lack of Education
Perhaps the biggest risk in NFC technology is a lack of consumer education. Gieger says, “Studies indicate that most consumers do not understand current risks and are not diligent about the security of their phones.” Gieger also cites a survey by Ponemon Institute that indicates that less than half of consumers protect their mobile devices with passwords or key locks and less than a third have considered installing anti-virus software.
In contrast to the concerns surrounding NFC’s use in mobile payments, it is important to keep in mind that NFC technology can be used in numerous other applications, many of which present little or no risk to consumers.
Advantages
1. Augmented Shopping Experience
Zaptap uses NFC technology as a tool to create an augmented shopping experience. In this application, there is no exchange of personal, financial, or banking information. Zaptap is one of a few products that use NFC technology to connect consumers with a webpage featuring product information. There are no apps to download and nothing to install. [Editor’s note: the author is the CEO of ZapTap.]
2. More Tech Companies Are Getting On Board
Current NFC concerns don’t seem to bother tech companies, like Apple, who continue to embrace the new technology. According to an article by stuff.tv, Apple is working on a patent for an “NFC-infused iPhone which can connect to a multitude of devices and become a powerful controller.” This will make millions of iPhone users happier, as it will enable them to get in the game with the wonders of NFC. Of course, having Apple adopt such technology also shows the value in it and how secure it will be. With a company like theirs, privacy and security are always top of mind.
Likewise, RIM remains an advocate of NFC, with a goal of incorporating the technology into every one of their upcoming products. Google also continues to support NFC technology, as indicated in its recent unveiling of the revamped Google Wallet, according to Dan Balaban in an article for NFC Times.
Balaban also says, “The card accounts will be stored on Google’s servers. But for the in-store purchases, Google will link these credit and debit card accounts to a virtual MasterCard card number stored on the secure element in NFC phones that support the wallet.” This virtual card number will be called the “Google Wallet ID.”
3. Quick and Easy Access
In the not-so-distant future, NFC technology could eliminate the need to carry a bus pass, loyalty cards, hotel keys, and event tickets. In an article for x.commerce, Travis Robertson says: “I don’t know about you, but I’m more likely to leave the hotel without my key than I am to leave without my smartphone. My phone is attached to me. My hotel key? Not so much. Soon, we will be able to check in on our mobile devices and download a virtual key (read: data) to our phones. Rather than using those plastic key cards, we’ll simply walk up to our hotel room door and tap our phones against an NFC-enabled door to gain access to our rooms.”
Robertson also envisions the rental car and airline baggage check processes working in a similar fashion and places an emphasis on the possibility of a tracking system that would allow airline passengers to “see” where their bags are at all times, expediting the return of any misplaced luggage.
Perhaps the silver lining in the questions surrounding the use of NFC technology in contactless payments is the resulting push of money and research being committed to finding ways to reduce these risks. How do you feel about NFC technology’s application in mobile payments?
Guest author Yan Simard is the founder and CEO of Zaptap, a platform which creates augmented shopping experiences complete with in-store promotions and custom real-time notifications for consumers. Used by brands and agencies, Zaptap helps brands create a richer experience at the point of purchase decision. Follow Simard on Twitter @ysimard.