Near Field Communication (NFC) Payment Through Phone (Getty)
If you have a smartphone purchased in the last few years, it almost certainly came with NFC capability.
The technology allows users to effortlessly transfer money, share files and knock out a growing list of other tasks. But that data transfer can create vulnerabilities.
BBB has tips on what NFCs can do and how to stay safe when using them.
What exactly is NFC?
NFC stands for Near Field Communication. It's a data transfer that only works within a very short physical range. We’re talking inches, not feet. Some forms of this technology require you to tap one device against another or wave them back and forth in close proximity.
NFC also stands for National Football Conference and the National Finance Center, a branch of the USDA, but we’re not going to talk about those here. Near Field Communication capabilities have been around for years, but their use is becoming much more widespread.
NFCs are based on RFID (radio frequency identification) technology, a process that uses radio frequencies to identify objects. Near Field Communication is high-frequency RFID that makes it easy for one device to communicate with another.
What does it do?
Near Field Communication uses a series of protocols to make transactions easier and faster. People use them to make contactless payments, share digital content, connect one device with another, and a list of other tasks that gets longer every day.
How do they work?
An NFC relies on proximity, so when users get close to a device they want to interact with, typically, they receive a prompt asking for permission. They follow on-screen prompts from there. It’s convenient because it doesn’t involve downloading an app or signing up to get started.
When you activate some NFC technologies, they enable Bluetooth and use that to make your data transfer. That means you don’t have to fumble around with your phone to find Bluetooth settings, choose the device you want to pair, enter the key or code, and so on.
Other NFC technologies enable Wi-Fi between two devices so they can “talk” back and forth. The big benefit here is that Wi-Fi direct has much greater bandwidth, so big files transfer faster.
What smartphones come with NFC?
New handheld devices become available all the time, so the compatible device list is constantly changing. NFCWorld maintains an exhaustive list of phones and tablets both available now and coming soon. But for most people, their mobile is already capable.
Android devices running 4.0 or later come with the ability to use NFCs for financial transactions. Phones with Android 4.4 or later allow users to exchange files and messages via NFC.
iPhone was a little later to jump on the bandwagon. However, if you have an iPhone 6 or later, it supports Near Field Communications.
Are they just for financial transactions?
The possibilities and uses for near-field communications are, for the most part, just limited by the imagination. Here are just a few things people can do with them already:
- Open car doors
- Share contact information
- Share any link you program it to have
- Make wireless payments using smartphones and tablets
- Create an automatic Wi-Fi/Bluetooth pairing between phone and vehicle for hands-free driving
- Pay for and receive access to public parking and transportation
- Send photos or video between digital cameras, cell phones and media players
- Allow shoppers to receive and redeem coupons
- Prevent hard sleepers from turning off their alarm until they’re actually awake
- Enable healthcare workers to monitor medications and track physical symptoms
- Create interactive toys and games
Simplified connectivity is great, and being able to exchange funds without having to dig into our wallets was becoming popular even before social distancing was a thing. Now it’s even more helpful because it means we don’t have to touch cash or transaction terminals. But every time a technology is widely adopted, hackers start focusing on how they can exploit it for unfair gain.
Near Field Communications and cybersecurity
Convenience is great, but if you’re like most people, you might recognize when data is just floating around, there’s a security risk, especially when technology is linked to your credit card or bank account. So how risky is NFC technology?
The good thing is if you’re bumping your phone with a friend’s to share music or checking out with a trusted vendor, the security risk is fairly low because of the proximity requirement. Devices must be four centimeters or less apart, and during the split seconds the data transfer actually takes to occur, it would be hard for a hacker to get in there without you noticing.
It takes more than just a bump for a transaction to occur; both sending and receiving devices must be ready to accept the data transfer. It would be difficult for a hacker to brush against you in a crowd and wirelessly withdraw from your bank account. You’re not likely to collide with a stranger in the grocery store and accidentally send their phone all your personal information. But that doesn’t mean NFCs are without risk.
One problem happens when people lose their phones or have their devices stolen. If a thief can unlock your device, or if you don’t secure it with a strong password, there’s nothing to stop him or her from waving it over a payment terminal or ATM to get your money.
NFC tags are also vulnerable to tampering. For example, users have tapped smart tags thinking they were about to access movie trailers or visit a vendor website but instead had their personal information sent to a bad actor.
General NFC security tips
- Turn NFC off when not in use: Disable NFC on your device when you're not using it to reduce the risk of unauthorized access or accidental connections.
- Be mindful of proximity: NFC only works within a short range (typically 4 cm or less), but attackers could use specialized tools to attempt to intercept data. Be cautious when using NFC in crowded or untrusted areas.
- Use secure apps and devices: Only use trusted apps for NFC payments or file sharing. Ensure your device has updated security features and firmware.
- Enable device authentication: Use a PIN, pattern, or biometric lock on your device to prevent unauthorized use of NFC.
- Monitor permissions: Regularly check the permissions granted to apps that use NFC to ensure they only have access to necessary features.
- Avoid connecting to unknown devices: Do not pair with or transfer files to unknown NFC-enabled devices or tags without verifying their source.
- Encrypt sensitive data: If you're using NFC for payments or sharing sensitive information, ensure the data is encrypted and transmitted over a secure channel.
NFC payment tips
- Verify payment apps: Use payment apps from trusted providers and download them only from official app stores.
- Check the terminal: Inspect payment terminals for tampering or unusual devices before tapping your phone or card.
- Enable notifications: Set up notifications for NFC transactions so you're immediately aware of any unauthorized charges.
- Use one-time tokens: Where possible, opt for payment methods that generate one-time-use tokens for added security.
NFC tags tips
- Inspect before scanning: Avoid scanning unknown or suspicious NFC tags in public areas, as they may contain malicious code or links.
- Use a trusted NFC reader app: Use apps from reputable sources to read NFC tags, and review the permissions these apps require.
- Program tags securely: If programming NFC tags yourself, ensure they are configured with strong security measures to prevent tampering.
Have you heard about or experienced an NFC-related scheme or fraud? You can help spread awareness and protect others when you report it to BBB Scam Tracker.
For more information
Visit your BBB Money HQ and Cybersecurity HQ.