Security in NFC

Security in NFC

by Andy Gent

Anti-fraud and security measures are critical requirements for NFC payment and ticketing and as such, it is important to understand the security within an NFC enabled environment.

Mobile phones come equipped with a pass code that can be activated by the user.  But as we have outlined in the past, some 30% of people simply do not use this.  Clearly to be fraud free, an NFC enabled mobile device, especially one that could incorporate a number of credit and debit cards, needs to have a higher level of security.

Inherently, NFC technology is built with a high level of security.  Users can activate several options in order to store their data in a secure environment.

A user can set a financial limit beyond which a pass code is required to authorise payment, or a user can also arrange for the mobile wallet element of the phone to be switched on for only, say two minutes at a time.  This allows the user to make a purchase and then be sure the device is deactivated shortly afterwards.  By transferring cash from one element of the device to another (ie from a credit card application to a “cash in wallet” type application), a user would also be able to limit the amount of risk associated with losing a phone to a relatively small amount.

Beyond user created and user defined security measures, there is an extremely high level of security built into an NFC wallet or payment application.

An NFC enabled credit/debit card or ticketing application is held within a secure element of the mobile device.  Using the same technology as chip and PIN cards, this secure element is certified and supported by the payment industry, providing as high a level of assurance to the end user as a traditional credit card.

Finally, unlike a lost wallet, a mobile phone regularly communicates with the mobile network to enable it to function.  At any given point, the mobile network will know where a phone is with a degree of accuracy.  What is more, a phone can be disabled over the air within moments, moving the whole credit card to a new device.

Added together, these measures provide a comprehensive level of security.  But perhaps the most pertinent security measure is the news that the average person looks at a smartphone 150 times a day.  Compared to the number of times someone checks their wallet, this provides a reassurance that should help to reduce fraud within NFC.