NFC and Security
NFC and Security
NFC related surveys have shown that the public has some concerns regarding the usage of NFC technology for payments. We would like to remind you again that existing security measures of payments systems are also applicable to NFC-compatible mobile phones.
Are your concerns viable?
All my applications are in my mobile phone. If I lose my mobile phone, I lose all of my information.
The procedure you should follow when you lose your mobile phone synchronized with a payment card is the same as the procedure you should follow when you lose your bank card or credit card.
With remote installation system (OTA – over-the-air), you can block the payment feature of your mobile phone. All you need to do is contact your bank.
What should I do if I want my information and cards to be loaded on my phone again? With remote installation system, your information will be sent and loaded on your phone with your approval.
This is a payment method I am not accustomed to. Will this work out for me?
NFC technology offers you a system through which you can make payments in a fast and simple way. You can set a passcode four your phone and make sure your approval is requested for payments. Also, you can block the payment feature of your phone and make sure that no payment is made, when necessary. NFC technology in your mobile phone makes sure that you make your payments in a more controlled way.
Some technologies may be altered by people with bad intentions and used for fraud purposes. Is NFC safe against these kinds of risks?
NFC technology is a technology that works at close range. For NFC to work, two NFC-compatible devices should be as close as 4-10 cm to each other. It is not likely for users’ information on their mobile phones to be stolen without their knowledge via NFC technology, as the impact of electromagnetic waves that are created by devices used for expanding the range of NFC can be physically felt. Studies on misuses of NFC continue to be carried out in the industry. In this context, the following measures were suggested by the authorities:
- Usage of an encrypted communication and origination mechanism that will ensure the creation of a secure communication channel whose purpose is to block anything having access to and listening to the connection and communication between two NC devices
- Encrypting and storing all card data in a method other than encryption/switching mechanism which ensures communication security against fraud, preventing new attacks with transaction counters and only keeping the data signed by the bank issuing cards, on the card
- Creating a bunch of card identification keys against, but not including master keys, preventing the usage of the card after the first fraud attempt by creating black lists
Card payment systems industry is expanding the NFC payment infrastructure by taking these suggestions into account. Security methods developed by VISA and MasterCard for contactless EMV applications and the rules that are put forward became successful against cloning, in preventing attacks against cards and preventing suspicious transactions from taking place by using a controlled method.
Resources:
Serge Ferré, Nokia. Presentation titled “NFC and Mobile Services – Applications and Experience”, July 2008.
Dave Birch, Consult Hyperion. Presentation titled “NFC Security”, August 2008.