Security & Privacy Threats to NFC in 2021 and How to Make it Safer?

NFC or Near Field Communication is a popular technology that is basically shaping the future of mobile payments. All the popular online payment systems such as Apple Pay, Google Pay, and others use NFC Technology to make payments. In this comprehensive guide, I will discuss how NFC Works, what security features it has, what are the security and privacy threats to NFC in 2021, and how you can make it safer. Let’s get started.

What is NFC?

Let’s start with the very basic question, which is: What is NFC? NFC is basically a technology that allows the two devices to exchange payment information when you held them close to each other. The best thing about this technology is that it doesn’t require a user to do much. Just wave your smartphone near the NFC terminal, and the technology will verify the content on its own and process the transaction.

NFC Technology

How NFC Works?

Now the next question is how NFC Works? NFC is basically a form of wireless communication where the two devices communicate with each other using radio frequencies. In the case of NFC, we use the 13.56 MHZ frequency, which allows the devices to transfer data at the rate of 424 Kbit/second. When we put an NFC-enabled device near NFC Terminal, they start communicating with each other, and you can easily pay for your shopping and stuff with a simple tap.

What are the Security Features of NFC?

NFC is a very secure technology, but like all technologies, it can also be misused. That’s why I come with a range of security features to protect users from unwanted interaction. In this section, I will discuss the different security features you get in NFC.

Proximity

As NFC is mainly used for payments, the developers have limited the transmission zone, which ranges few inches. This makes it difficult for anyone to misuse it, and if someone wants to misuse it, he/she would have to come very close to you to intercept the NFC transmission.

User Initiation

The second security feature of NFC is that all the transactions on NFC are initiated by the users. So, the transaction on NFC Terminal can only be initiated by the user, and no one else can do it. On top of that, you can also use the secondary verification features such as a PIN or Biometric verification to verify the transaction.

Secure Element Validation

The next and most important security feature of NFC technology is secure element validation. When you put your smartphone near NFC Terminal, it establishes a communication channel, and the secure element chip within your device will validate the transaction. So, if the chip in your system doesn’t validate, the transaction won’t proceed. This process also involves a unique digital signature for each transaction which means that even if someone manages to get information of one transaction, he/she can’t misuse it or initiate another transaction based on collected data due to a unique signature.

What are the Security & Privacy Threats to NFC in 2021?

NFC threats

NFC is still a new technology, and it has a long way to go. Like other technologies, NFC also has security & privacy threats which I will discuss in this section.

Let’s start with NFC Beaming or Android Beaming, which is a feature in Android devices. This feature basically allows the Android devices to send multimedia such as images and videos to other Android devices using NFC.

Usually, when devices initiate this transfer, the user is alerted, and it requires approval from the owner of the smartphone to approve the transfer. Similarly, when one device sends an app to other devices, Android shows that you are getting an app from an unknown source. However, it was recently revealed that the devices with Android 8 or later didn’t show this prompt, and users will just have to confirm to install the App. After this revelation, Google has fixed this issue, and there is nothing to worry about it.

One of the biggest security & privacy threats to NFC is that it relies on wireless signals to accept payments. Many people also fear that hackers can access merchant information on NFC Terminals and use that information for exploitation. However, it’s not possible; let me explain. All major payment systems such as Google Pay, Samsung Pay, and others use a process known as “Tokenization,” which makes it impossible for hackers to use your payment information.

Let’s suppose that you use Google Pay and you have connected your Debit card with the App. When you use it for payment on NFC Terminal, Google Pay will generate a unique virtual card number and a unique code for the payment. Once your transaction is approved, that code will become unusable.

It’s also interesting to note here that in the process, your original debit card information won’t be shared with NFC Terminal. So, even if hackers get access to NFC Terminal, they won’t be able to misuse your information. On top of that, it is nearly impossible to hack NFC Terminal because it comes with advanced security and encryption.

How to make NFC Payment Secure?

NFC Payments are already very secure, but you can still take some measures to make them more secure.

Turn off NFC

Due to the close range of NFC, it would be difficult for anyone to intercept NFC transactions, and you can easily avoid unwanted transactions by disabling your NFC when you are not using it. The simple way to turn off NFC is using the Android shortcut bar. Just swipe down from the top and tap on NFC Shortcut to turn it off.

Don’t Install Fishy Apps

Never install apps from unknown sources. One of the major reasons why most people lose their money is when they install fishy apps from the internet. If you want to protect your payments and your smartphone, always install apps from the official App Store.

Conclusion

NFC is a very promising and secure technology that you can use for secure payments. It’s also more secure than any other payment method because of tokenization and encryption. Like other technologies, it has some threats, but they are ineffective, and you can use NFC without any worries. I would also recommend that you check my Apple Pay vs. Google Wallet vs. PayPal vs. Samsung Pay guide where I have compared these 4 major Payment systems and their security.