SciTechTalk: NFC offers benefits but with some cautions

By JIM ALGAR, United Press International  |  March 4, 2012 at 5:14 AM
share with facebook
share with twitter

Waving your phone at the checkout counter will make it easier than ever to pay for your puchases, but will it be safe?

That's one of the big questions about the latest "must-have" technology for top-end smartphones, near field communication, or NFC, which allows phones to establish radio communication with each other, or with similar devices such as point-of sale terminals, when they touch or are brought within a few inches of each other.

As with all broadcast technologies -- even such short-range range ones -- there are big questions about how secure the technology is..

The big consumer push for NFC is for so-called "contactless transactions" where putting your NFC-enabled smartphone close to a pad or terminal at a sales counter will confirm the purchase and instantaneously authorize the transfer of funds, without having to open your wallet or purse to fish out your traditional credit card.

Google Wallet, for example, allows users to store credit card information in a "virtual" wallet and then use an NFC-enabled device at terminals to make purchases and payments.

NFC systems allow two-way communication between devices, where earlier systems such as contactless smart cards were one-way only, so the user's smartphone not only authorizes the transfer of funds but also can confirm it and show the new balance in the "virtual wallet."

The close distances at which NFCs operate is said to make the process secure but the fact remains data is being broadcast and could be intercepted.

NFC is not part of the ISO standard so offers no protection against eavesdropping and can be vulnerable to data modifications.

Tests have shown the signal for NFC wireless data transfer can be picked up with antennas, sometimes from several yards away.

In the same way that credit cards have been targeted, sensitive financial data stored on mobile phones will become targets for hackers and identity thieves.

Phishing and spoofing attacks against mobile phones with NFC have already been demonstrated by security analysts.

Experts say particular worries for NFC data security are so-called "man-in-the-middle attacks" in which someone involved in one end of a transaction can insert some form of spyware or malware onto the phone, which could then infect other phones.

Anti-virus software and operating system architecture that controls flow of information between applications will be important safeguards to mitigate such attacks, they say.

While strong cryptography and authentication protocols can be built into smartphones, it is up to manufacturers and wireless carriers to ensure the protections are made apart of NFC transactions.

Does this mean using your mobile phone for payments is a bad idea or not worth the risks? No more so than other existing technologies, experts say. As with any leading-edge technology, great convenience brings a need for great caution and diligence on the part of everyone involved, especially the end users of such technologies.

"The risks to personal privacy must be addressed," the authors of a London School of Economics report examining NFC privacy and regulation issues said. "This is not only to protect against surveillance, but it is essential to ensure that there is confidence in the marketplaces that may yet emerge with widespread use of NFC."

"For NFC to thrive, privacy must be considered in the design of the technology, the platforms, and the services," they said.

Related UPI Stories
Trending Stories