Near Field Communications (NFC) - What Is It and What Are The Risks?
posted May 13, 2019 by Daniel M. Andrea, CPA, CITP, CISA in the Business Blog
In today’s world, technology has enabled new levels of convenience in every part of our lives. One technology that has exploded in recent years is near field communication or NFC. I’m sure you have paid for something recently by simply tapping your credit card on a payment terminal. Or maybe you’ve tapped your phone at a train terminal to purchase a ticket. While NFC provides the convenience we all love, there are some risks involved with the technology. Learn how you can safeguard your personal information while still enjoying the convenience of NFC.
What is NFC?
Near field communication, or NFC is a form of contactless communication between devices like smartphones or tablets. Contactless communication allows users to wave the smartphone over an NFC compatible device to send information without needing to touch the devices together.
Of course the main perk of NFC is its convenience. NFC makes it easy for users to make instant payments using their mobile wallet. In addition, NFC also offers….
Versatility- NFC covers a wide range of industries and services. You can use NFC for mobile banking, reserving restaurant/movie seats, booking train tickets, redeeming rewards and more.
Better user experience- Companies who offer NFC are viewed as dynamic and progressive, and the technology helps better serve customers by providing them with an easy and hassle free method of payment. This leads to customer loyalty and helps attract new customers as well.
Unfortunately, NFC opens the doors for criminals, too. But there are ways you can prevent any damage from happening!
Eavesdropping- This is when a criminal “listens in” on an NFC transaction. The scary part about eavesdropping is that a criminal does not need to pick up every signal to gather private information.
How to prevent this: The devices must be fairly close to send signals, so the criminal does have a limited range to work for in intercepting signals. However, you can prevent eavesdropping by establishing what’s called a “secure channel” which encrypts information and only an authorized device can decode it.
Data corruption and manipulation- This occurs when a criminal manipulates the data being sent to a reader or interferes with the data being sent. The data is then corrupted and useless when it gets to the recipient.
How to prevent this: Again, establishing a secure channel can help with this. The secure channel will essentially “listen” for data corruption attacks and prevent them before they have the opportunity to wreak havoc.
Interception- Sometimes referred to as a “man in the middle” (MITM) scam, this scam involves a person who acts as a middleman between two NFC devices and receives and alters the data as it passes between them.
How to prevent this: Devices should be in an “active-passive pairing”. In other words, one device should be receiving information and the other should be sending it, rather than both devices sending and receiving.
Virus infections- You can unknowingly download malicious applications onto NFC devices. The app can read any nearby NFC tag and send data to the attacker. Without your knowledge, your NFC device could be gathering your credit card info and sending it to an attacker.
How to prevent this: Make sure you know what you are downloading!
Outright theft- Of course, there is always the chance that your physical device can be stolen, which can land you into trouble.
How to prevent this: While there is no surefire way to prevent this, you can take precautions to make sure that even if your phone lands in the wrong hands, your personal information won’t. Always enable all available protections at both the device and app level. NEVER take shortcuts with your phone’s security.
By using these prevention tips you can safeguard yourself and your business from criminals and enjoy the ease and convenience of NFC.
Questions on near field communication? Reach out to our Information Security Services Team.