NFC

Full Title or Meme

Near Field Communications (NFC) is used by some smart devices (chips or phones) to provide Identity Information.

Context

Many locations where a large number of Identity checks must be made at high speed, such as passports and door access methods, give the user an Identity Card with an imbedded NFC chip for easy access.

• One of the many Smartphone Wireless radios.
• Designed for close access, unlike BLE which can be accessed up to 10 meters away.
• The Near Field Communication technology is a simple means of establishing contactless communication between two devices within 20cm (8 inches) of each other.

Problems

• It's easy to read an NFC chip without the user's knowledge.
• Apple iPhone has limited access to NFC for payment, but late in 2023 is being sued as a result.^[1] Update below applies to iOS 18.1.

Solutions

• Some providers of Identity cards also give the user a tinfoil envelope to block reading of the chip, for example if a user gets an enhanced Driver's License in the state of Washington, they are provided such an envelope.
• Apple had blocked their phones from reading NFC data, but was forced to allow access by the UK government in order to make it easier for the UK government to check the Identity of people passing into the country.^[2] Home Secretary Sajid Javid is quoted as saying about Brexit “Our EU Settlement Scheme is now up and running and after a successful launch, over 280,000 EU citizens have applied so that they can continue to live their lives as they do now.” Except that their private information is accessible by anyone with a smart phone
• Android NFC API - Google first began testing NFC in web apps with the release of Chrome 81. That version added initial support for the Web NFC API, allowing sites to read and write NFC tags. It’s mainly intended for inventory management, conferences, museum exhibits, and anywhere else NFC is frequently used. Starting with Chrome 89 (Stable on 2021-03-17), the Web NFC API is enabled by default on Android.

Protocol

The NFC Authentication Protocol Technical Specification is proprietary and must be purchased for $200. The NFC Authentication Protocol 1.0 technical specification was adopted in December 2022. There were no changes from the Candidate version. NFC communication technology is used by several different existing contactless communication protocols in the market which use different coding for signal and load modulation. The NFC Forum created a set of specifications allowing NFC Forum Devices to use these different communication protocols. As a result, NFC Forum Devices are able to communicate with:^[3]

ISO/IEC 14443 Type A compliant Readers and Cards
ISO/IEC 14443 Type B compliant Readers and Cards
ISO/IEC 15693 compliant Cards
ISO/IEC 18092 compliant Devices
JIS-X 6319-4 compliant Readers and Cards
NFC Forum Tags
Other NFC Forum Devices

Availability

• Google has had access to NFC for several releases.
• 2024-08-14 Apple Opens Up. This Is Huge

Apple

• Also see wiki page on Payment on Apple

Starting with iOS 18.1, developers will be able to offer NFC contactless transactions using the Secure Element from within their own apps on iPhone, separate from Apple Pay and Apple Wallet. Using the new NFC and SE (Secure Element) APIs, developers will be able to offer in-app contactless transactions for in-store payments, car keys, closed-loop transit, corporate badges, student IDs, home keys, hotel keys, merchant loyalty and rewards cards, and event tickets, with government IDs to be supported in the future.

As users’ security and privacy is of the utmost importance to Apple, this new solution was designed to provide developers with a secure way to offer NFC contactless transactions from within their iOS apps. The NFC and SE APIs leverage the Secure Element — an industry-standard, certified chip designed to store sensitive information securely on device. Apple has dedicated significant resources to design a solution that protects users’ security and privacy, leveraging a number of Apple’s proprietary hardware and software technologies when making a contactless transaction, including the Secure Enclave, biometric authentication, and Apple servers. To make a contactless transaction within an app that utilizes these APIs, users can either open the app directly, or set the app as their default contactless app in iOS Settings, and double-click the side button on iPhone to initiate a transaction.

To incorporate this new solution in their iPhone apps, developers will need to enter into a commercial agreement with Apple, request the NFC and SE entitlement, and pay the associated fees. This ensures that only authorized developers who meet certain industry and regulatory requirements, and commit to Apple’s ongoing security and privacy standards, can access the relevant APIs. The NFC and SE APIs will be available to developers in Australia, Brazil, Canada, Japan, New Zealand, the U.K., and the U.S. in an upcoming developer seed for iOS 18.1, with additional locations to follow. Developers and users will continue to have access to the easy, secure, and private experience of Apple Pay and Wallet.

NFC Basics

NFC, or Near Field Communication, is a set of communication protocols that enables communication between two electronic devices over a distance of 4 cm (1.57 in) or less. It’s a proximity-based wireless communication standard. Unlike Wi-Fi or Bluetooth, however, NFC interaction is limited to an extremely short range. NFC can allow a phone to act as a transit pass or credit card, quickly transfer data, or instantly pair with Bluetooth devices like headphones and speakers. It’s the technology that powers contactless payments via mobile wallets for payment, as well as for contactless cards.

In essence, NFC offers a low-speed connection through a simple setup that can be used to bootstrap more capable wireless connections. It’s an evolution of RFID (radio frequency identification) technology that has already been around for decades. If you’ve ever used a key card to access an office building or hotel room, you’re already familiar with how it works. Both RFID and NFC operate on the principle of inductive coupling and in most smartphone-related applications the software will only initiate communication if there’s physical contact.

Benefits (examples):

1. Encryption: Data passing between the two devices is encrypted. The security protocol followed by NFC technology is the same one used by chip-enabled payment cards. This means that data is translated from plaintext to ciphertext.
2. Secure Transmission: Depending on the standard being applied, in a transaction using NFC technology, sensitive information is encrypted and transmitted securely.

Limitations (examples):

1. Range: NFC can only work in shorter distances, which is about 10-20 cm. This is to prevent accidental triggers, especially important now that the technology is used for transferring sensitive data and is an important architectural design and user-experience consideration for mobile wallets
2. Data Transfer Rate: It offers very low data transfer rates which is about 106, 212, or 424 Kbps. This makes NFC suitable for exchanging small amounts of data, but it can become inconvenient and almost unusable if phones and/or readers need to be held together for many seconds to perform the data transfer. This will be a significant architectural, user-experience & exceptions management consideration for wallets
3. Data Size: In practice NFC is generally capped at 424Kbits/sec for data transfer, again a key architectural consideration for mobile wallets and the protocols implemented

Security Considerations (Examples):

While NFC is generally considered secure due to its short range, it is not without potential security risks. Here are some examples of security concerns associated with NFC:

1. Eavesdropping: Since NFC uses radio waves, it is possible for someone to intercept the data being transmitted between devices or bump a phone to initiate an exchange without the subject's awareness ( ie crowded spaces such as public transit, festivals,,,, )
2. Data Corruption or Manipulation: As with any form of data transmission, there’s a risk that the data could be corrupted or manipulated during an NFC transaction. In a multi-application environment such as a smart phone this is a significant security design consideration for wallets.
3. Physical Theft: If an NFC-enabled device is lost or stolen, it could potentially be used to make unauthorized transactions.
4. Relay Attacks: In this scenario, an attacker uses two NFC devices to relay communication between a legitimate device and reader. This can allow the attacker to carry out transactions without the legitimate user’s knowledge.
5. Data Interception: (Eavesdropping): Data interception presents a significant security risk by exposing the private information of two NFC devices. If an attack is initiated within the range of two devices using NFC communication, the attacker can intercept communication signals and easily record the data being broadcast. NFC tags and reader applications for phones are inexpensive and widely available
6. Malware: NFC technology may be used to distribute malware and malicious apps if the wallet application does not "block' NFC signals from non-trusted sources

Technical Details

NFC technology is commonly used in contactless credit cards.

1. Inductive Coupling**:
   1. NFC operates based on **inductive coupling**, which is a fundamental principle of electromagnetic interaction.
      1. A **reader device** (such as a payment terminal) generates an **electric current** through a coil.
      2. This current creates a **magnetic field** around the coil.
      3. When you bring an **NFC-enabled smart card** (or any NFC tag) close to the reader, the magnetic field induces an **electric current** within the card's coil.
      4. Importantly, this communication happens **without any physical contact** between the reader and the card.
2. Data Transmission**:
   1. Once the initial **handshake** occurs (which establishes communication), the **stored data** on the smart card is wirelessly transmitted to the reader.
   2. The data can include information like credit card details, transit pass credentials, or other relevant data.
3. Short Range**:
   1. Unlike Wi-Fi or Bluetooth, NFC has an **extremely short range**.
   2. The maximum range for NFC communication is only a few **centimeters** (at most).
   3. In most smartphone-related applications, NFC initiates communication only when there's **physical contact** between the card and the reader.
4. Comparison with RFID**:
   1. NFC is an evolution of **RFID (Radio Frequency Identification)** technology.
   2. RFID has been around for decades and is commonly used for applications like key cards for office buildings or hotel rooms.
   3. Both RFID and NFC use inductive coupling, but NFC has a much **lower transmission range** compared to RFID.
   4. While RFID can operate over longer distances (even hundreds of feet), NFC's range is limited to close proximity.
5. Real-World Applications**:
   1. Smart cards, including **contactless credit cards**, use NFC for secure and convenient transactions.
   2. You'll also find NFC in other devices like tablets, speakers, collectibles, and even gaming consoles like the Nintendo Switch and 3DS.

Source: Conversation with Bing, 4/20/2024

(1) What is NFC and how does it work? Everything you need to know. https://www.androidauthority.com/what-is-nfc-270730/.
(2) Near-field communication - Wikipedia. https://en.wikipedia.org/wiki/Near-field_communication.
(3) What is an NFC Card and How Does it Work? | Hype Blog. https://hype.co/blog/industry/what-is-an-nfc-card-how-does-it-work.
(4) What's an NFC Tag? | HowStuffWorks. https://electronics.howstuffworks.com/nfc-tag.htm.
(5) NFC Payment: How It Works and How You Can Use It - PayPal. https://www.paypal.com/us/money-hub/article/nfc-payment.

Credit Cards

NFC (Near Field Communication) technology is commonly used in contactless credit cards.

• Contactless Payments**:
  • Contactless payments allow you to make transactions by tapping either a contactless card or a payment-enabled mobile or wearable device over a contactless-enabled payment terminal.
  • Both cards and devices (such as phones and watches) use the same contactless technology.
  • When you tap to pay, the checkout process is secure and convenient.
• How It Works**:
  • Look for the **Contactless Symbol** on the store's checkout terminal.
  • When prompted, bring your card or mobile/wearable device within a few inches of the Contactless Symbol on the checkout terminal.
  • Your payment is securely processed in seconds.
  • Each transaction generates a **transaction-specific, one-time code**, which helps reduce counterfeit fraud.
  • To make a payment, your contactless card or payment-enabled device must be placed within 2 inches of the Contactless Symbol on the checkout terminal.
• Benefits of Contactless Payments**:
  • Secure**: The one-time code system enhances security by preventing accidental payments.
    • Convenient**: No need to insert or swipe your card; just tap and go.
  • Touch-Free**: Especially useful during times when minimizing physical contact is important.
• Where to Tap to Pay**:
  • Thousands of merchants in the U.S. accept contactless payments.
  • Look for the Contactless Symbol at places like fast-food restaurants, grocery stores, pharmacies, and more.

Remember that Visa's Zero Liability Policy protects your payment information from fraud losses and unauthorized purchases¹. Other credit card providers also offer similar security features for contactless payments²³.

If you have a contactless card, you're all set! Otherwise, you can still tap to pay by loading an eligible payment card into your payment-enabled phone or wearable device¹. 🌟

Source: Conversation with Bing, 4/20/2024

(1) Contactless Payments – Learn how to Tap to Pay | Visa. https://usa.visa.com/pay-with-visa/contactless-payments/contactless-payments.html.
(2) What is a Contactless Credit Card | Chase. https://www.chase.com/personal/credit-cards/education/basics/what-is-a-contactless-credit-card.
(3) What Are NFC Mobile Payments? | Capital One. https://www.capitalone.com/learn-grow/money-management/nfc-payments/.
(4) What Is An NFC Credit Card | Robots.net. https://robots.net/fintech/what-is-an-nfc-credit-card/.

Payment Apps

Best NFC Payment Apps enables two local devices to share a small amount of data. It is integrated with things like print advertisements, smart cards, and commuter cards. Nowadays the technology has been implemented in iPhone, Android, and Windows phones that have made NFC even more applicable. People and businesses around the world are appreciating Near Field Communication (NFC) Payment apps.

There is a range of effectual NFC Payment apps you will encounter on the app store.

Install an NFC Payment app on your Smartphone. Secondly; tap the phone on the credit card terminal to establish a connection with NFC. At this stage, you have to enter a passcode or scan your finger to approve the transaction. Now the transaction will be authenticated with a special chip named the secure element (SE). As a result, it will transmit the validation back to the NFC modem. At last, the payment process will be completed by the same means that it would in a conventional credit card swipe operation. Top NFC Payment Apps

1. Apple Pay is The NFC based mobile Wallet which allows tap and pay option with the contactless point-of-sale system (POS System). It is considered as one of the best mobile payment apps with accessibility from iPhone, iPad and apple watch with tokenization to secure card data. It requires touch ID or passcode to authorize payment.
2. Samsung Pay is the prominent payment mode available for Android devices only. It facilitates users to load debit, credit, loyalty and gift cards to the platform. Hence; the users can use their Smartphones to pay in stores. Samsung Pay makes use of Magnetic Secure Transmission technology that aids your phone to imitate a physical card swipe.
3. Google Wallet has also served us a great means for transferring money. The Google wallet near field communication enables you to transfer money to the phone number or email. The recipients are informed by e-mail and then after completing the verification process users can accept the money.
4. Android Pay is a leading Android NFC payment app which allows in-app purchases and in-store payments. Android pay is the best pay apps for android which is even compatible with the PoS Terminals, vending machines.
5. PayPal for whether you need to pay anyone or want to receive payment, PayPal is the overall solution for all your transactions. It one of the big name mobile payment apps striking the app market. PayPal has enabled you to instantly send, receive and spend money around the world. Within seconds you can have your transactions done right from where you are at the moment. Other PayPal alternatives can be apps like Zelle and Venmo.
6. Qkr is the most secure and instant payment way, allowing you to order and pay at anywhere anytime. The app makes use of Mastercard’s secure digital wallet solution and Masterpass to accept Mastercard, American Express, Visa, and Discover Cards. You can also split the bill with your friend’s right from the app.
7. Jaguar and Shell have launched its in-car app for enabling cashless gas station payments. This in-car payment system allows drivers to fuel their vehicles and make payment through their car’s touchscreen. The app uses Geolocation smarts to automatically detect your location. Moreover; it allows you to tap once to make payment with a pre-registered payment method.

Recipient Apps

Also known as Tap to Pay

• https://developer.apple.com/tap-to-pay/
• https://stackoverflow.com/questions/tagged/nfc

Apps like PayPal and Android Pay can be set as the default app to launch when NFC contact is detected. I would like for my payment app to be an option to launch when someone does NFC tap. Currently my app can take advantage of NFC by the Android Beam functionality, but I was curious to see how I can get my app included as a tap-to-pay default option so that an NFC tap would launch the app directly. https://stackoverflow.com/questions/45241811/adding-my-app-as-a-tap-and-pay-option-in-android

@Jake is your app a payment (HCE) app? If so then I think the moment you register Service with a metadata for android.nfc.cardemulation.host_apdu_service, it'll become an option in the settings. I've never seen a case where user gets to choose the payment app when doing a tap-to-pay. Usually the default is set ahead of time and android uses it immediately (without user interaction) when it detects a tap-to-pay to make the experience quick. Usually the first payment app found on device is set as default payment. User could change it after installing another one – 
ahasbini
CommentedDec 15, 2017 at 7:06
@ahasbini yes we know that so here what we need is how user could change our app to default payment app, please if you have done this before share with us?thanks – 
abdullahicyc
CommentedFeb 27, 2018 at 14:16
@abdullahicyc here's an answer that prompts the user to set the app as default payment app: stackoverflow.com/a/24167039/2949966. Note that app cannot set itself as the default without asking the user first. – 
ahasbini
CommentedFeb 27, 2018 at 15:48

• trying to do the same like you and I found this question which ables you to show your app as payment method.

add these lines within application tag in your android manifest...

<service android:exported="true" android:name="my.package.MyPaymentService" android:permission="android.permission.BIND_NFC_SERVICE">
       <intent-filter>
           <action android:name="android.nfc.cardemulation.action.HOST_APDU_SERVICE" />
           <category android:name="android.intent.category.DEFAULT" />
       </intent-filter>
       <meta-data android:name="android.nfc.cardemulation.host_apdu_service" android:resource="@xml/apduservice" />
   </service>

and then create a file named apdusehvices.xml in your xml folder with this content...

<host-apdu-service xmlns:android="http://schemas.android.com/apk/res/android"
   android:requireDeviceUnlock="true"
   android:apduServiceBanner="@drawable/ic_fingerprint_error">
   <aid-group
       android:category="payment"
       android:description="@string/app_name" >
       <aid-filter
           android:name="325041592E5359532E4444463031"
           android:description="@string/ppse" />
       <aid-filter
           android:name="A0000000041010"
           android:description="@string/mastercard" />
       <aid-filter
           android:name="A0000000031010"
           android:description="@string/visa" />
       <aid-filter
           android:name="A000000003101001"
           android:description="@string/visa" />
       <aid-filter
           android:name="A0000002771010"
           android:description="@string/interac" />
   </aid-group>

WA State EDL

• This may be obsolete and not longer available.

RFID is a wireless technology that stores and retrieves data remotely on devices. Technology components of an RFID system consist of an RFID tag with a microchip and antenna, a reader with an antenna, and a database. For added security and border crossing convenience, an RFID tag is embedded in the new Enhanced Driver License and Identification card (EDL/ID). • The EDL/ID is voluntary •  Call (360) 902-3900 to find an office near you or visit our website

The Washington State’s EDL/ID card includes an Ultra-High Frequency Passive Vicinity RFID tag. • Ultra-high frequencies typically offer better range, and can transfer data faster than low and high frequencies. • Passive RFID tags do not have a power source. They draw power from the RFID reader to energize the microchip’s circuits. The antenna enables the tag to transmit the information on the chip to a reader. The reader converts the radio waves reflected back from the RFID tag into digital information that is passed on to the computers that use it. • Vicinity RFID tags can be read from several feet away from the reader.

The RFID uses the low-end of the electromagnetic spectrum. The waves coming from the reader are similar to the waves coming to your car radio. The RFID tag does not contain any personal identifying information, just a unique reference number. At the border, the RFID reader will energize the RFID tag and transmit the EDL/ID’s unique reference number back to the border officer. The number will be matched to our records to verify the information contained on the front of the EDL/ID card. Data encryption, secure networks, and firewalls will protect the transmission of the EDL/ID information. For added security, we will provide a security sleeve to protect the RFID tag from being read when the cardholder is not using it for border crossing. This RFID technology is required by the federal government to facilitate rapid identification checks at the border, and complies with minimum requirements and best practices for card security. We will fully disclose the use of RFID, its purpose, content, and security to all EDL/ID applicants and interested parties.

RCW 19.300.20 makes it a class C felony for a person to intentionally scan another person’s identification device remotely, without that person’s prior knowledge and consent, for the purpose of fraud, identity theft, or for any other illegal purpose.

References

1. ↑ Finextra, Apple, Visa and Mastercard face anti-trust class action lawsuit (2023-12-18) https://www.finextra.com/newsarticle/43450/apple-visa-and-mastercard-face-anti-trust-class-action-lawsuit
2. ↑ NFC World (2019-04-09) https://www.nfcworld.com/2019/04/09/362259/apple-to-unlock-iphone-nfc-to-read-passports/?
3. ↑ NFC Forum, Technical Overview https://nfc-forum.org/learn/nfc-technology/

Other Material

• W3C TAG review of the NFC API
• Digital Guide IONOS
• Page on this wiki for Smartphone Wireless