June 17, 2013 By Tim Appleby 2 min read

Near Field Communication (NFC) or Near Field Confidence?

NFC or Near Field Communication is a standard that defines the exchange of data between two devices in close proximity.  For NFC enabled smartphones, that means consumers can replace their credit and debit cards with an electronic wallet.  Besides payment transactions, the technology has a wide variety of applications that it’s suitable for:

  • Access: Electronic identity & Physical Access control
  • Transactions: Store Transportation passes, Electronic Payments
  • Information: Store Personal information, View Product information, Receive discounts, Swap Media

How Vulnerable is the Technology?

NFC is inherently secure for mobile payment since transactions can only take place within roughly 4 cms, making it uncomfortably close for an attacker to ‘skim’ information. And since the NFC chip has to be queried by a reader, any encrypted credit card information stored on your smartphone can only be accessible when it’s activated at an NFC POS terminal or similar device.  A strong password protected phone will add an extra layer of protection to prevent unwanted access of a stolen device to further protect sensitive credit card or other personal data.

NFC Hacked

But wait, if you have six months of free time to debunk these NFC factoids, you may discover otherwise.  That’s just what someone did with a few NFC enabled smartphones to test out the security of the technology.  At a 2012 BlackHat conference, a researcher presented his findings on how he painstakingly hacked the devices to take advantage of a variety of exploits.  With the appropriate know-how, NFC can be manipulated too; launch a browser to link to a malicious website, download malware, upload personal info, make unwanted calls or even send SMS messages.  Pretty impressive huh?  And what about the concept of card skimming?  Imagine an NFC tag discretely placed at a point-of-sale terminal to quietly collect credit card information with some NFC skimming technology. Ouch!

What’s Taking So Long?

The slow adoption of NFC technology is being impacted by a few big barriers (lack of industry coordination / standardization, lack of infrastructure to support NFC) that will give smartphone providers some extra time to address these technology vulnerabilities (let’s hope that’s the case).

While retailers may be feeling consumer pressure to deploy NFC payments and other applications, a mis-step with the technology can have a huge impact not only on its adoption but also on the erosion of customer satisfaction, loyalty and retention. A bigger ouch!

More from Endpoint

Unified endpoint management for purpose-based devices

4 min read - As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized tablets and smartphones, handheld scanners and kiosks. Many different industries are utilizing purpose-built devices, including travel and transportation, retail, warehouse and distribution, manufacturing (including automotive)…

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today