Short for “near field communication”, NFC allows devices in close proximity to wirelessly transfer data back and forth. The technology is very similar to Bluetooth, but NFC uses far less power and works over much shorter distances.
In the world of commerce, merchants and consumers use NFC technology to initiate contactless payments via credit cards or mobile devices. Rather than physically swipe plastic, consumers simply wave their preferred payment delivery device across an NFC reader to authorize transactions.
NFC payment technology already comes standard with most Android devices and a growing number of credit and debit cards. But with the introduction of the iPhone 6, contactless payments have become more mainstream, with a growing number of retailers and restaurants adding their own in-store NFC readers — including at Target, Macy's, McDonald's and Walgreens.
But if one only needs to wave a mobile phone (or credit card) to authorize a transaction, how secure is NFC payment technology? After all, couldn't a nearby hacker wirelessly steal users’ payment information?
The Truth about NFC Payment Security
NFC technology comes with a range of security features that help protect financial data from prying eyes, including:
1. Proximity Protection
Contactless payment solutions work over incredibly short distances (we're talking about inches, not yards). In order for a would-be thief to potentially steal information, he or she would have to stand uncomfortably close to an NFC-enabled device. This proximity protection represents the first level of defense.
2. User Initiation
In order to begin each transaction, the customer must actively initiate the contactless payment process. This usually requires launching the appropriate NFC application within the phone in order to establish a connection between the device and the merchant's reader. So even if a thief gets close enough, no transactions can happen in standby mode.
With some NFC applications, the user must also verify a transaction by using fingerprint scanning technology or a private pass code.
3. Secure Element Validation
Once a connection has been established, the transaction only goes through after the card or mobile device has validated the purchase using a secure element chip. This validation process assigns a unique digital signature to every payment instead of transferring credit or debit card numbers between the device and reader.
Secure element verification is similar to the validation process more commonly associated with chip-enabled EMV credit cards.
NFC Payments Are Secure — But Are They Foolproof?
With three separate levels of protection, NFC technology represents one of the most secure payment options in the world. But no payment technology is 100 percent foolproof — not even cash.
However, there are steps you can take to erect additional hurdles between private financial data and hackers:
- As a consumer, you should password-protect your mobile device at all times. If your smartphone falls into the wrong hands, you won’t always be able to prevent thieves from initiating payments in your absence.
- As a merchant, you can make your payment infrastructure more secure by ensuring that your credit card processing remains PCI-compliant and follows the latest industry guidelines.
Have additional questions about NFC security? Schedule a free consultation with our payment support team today.