With the advent of NFC-enabled payment methods like Android Pay and Samsung Pay, it has become a breeze to shop without carrying any physical cards in person. Not only does NFC helps in making payments easy it also has a bevy of other uses like automating tasks, alarms, etc.
Much of NFC’s popularity can be attributed to the fact that most of the payments can be made with just a tap on a POS — whether it’s a payment for grocery or a parking ticket.
However, as much as it is popular, it’s important to know that NFC payments also has its share of risks and security concerns. So, without further delay let’s have a quick roundup on the how secure are NFC payments and how can we stay safe.
NFC, also known as Near Field Communication is a way for two devices to communicate when kept in close contact.
The ‘close contact’ must be a distance no longer than 4 cm.
So in short, the two devices have to nearly touch each other to complete a transaction or to facilitate a small amount of data exchange.
With this in mind, it seems nearly impossible that a third party might get in between the two devices. But then, in this world of never-ending technological advancement — both on the good end and the bad — you can never be certain.
The art of eavesdropping is nearly as old as human civilization itself. And it gained its notorious status during WWI. And it may not come as a surprise that eavesdropping is also likely on NFC-enabled payments.
Although the small range between two device makes it theoretically impossible, there have been instances when sensitive information was eavesdropped by using a shopping cart as an antenna back in 2013 by a team of researchers.
Though it was just a way of showing the vulnerabilities of NFC, one can’t help but wonder how easy would it be to steal credit card information in the same manner.
2. Data Corruption or Denial of Service
And that bring us to the second type of vulnerability — data corruption. If a third party can intercept the information, they can also send the same info someplace else.
More often than not, the third-party alters the information before sending it to the receiver thereby rendering the transaction useless and at the same time stealing the needed info.
The third is Malware Risk. Malware in smartphones continues to affect millions of devices — the latest being the Judy malware. NFC-enabled smartphones can download malicious software with just a tap on another device.
Once downloaded the software can be capable of transmitting bank account information or other related data without the owner’s knowledge.
How to Stay Safe?
Howsoever frightening the above scenarios sound, much can be done on our part so that critical information remains where it should and some of the ways to stay safe are,
Secure the phone and the NFC payment app with a tight locking mechanism like a fingerprint lock or a PIN.
NFC is a still an evolving technology and there’s a lot that can be accomplished using it, like setting up a new phone, transferring contents using Android Beam, etc. While most of the payment services make use of encryption while transferring data, it always pays to stay alert on our end as well, right?