NFC

Full Title or Meme

Near Field Communications (NFC) is used by some smart chips to provide Identity Information

Context

Many locations where a large number of Identity checks must be made at high speed, such as passports and door access methods, give the user an Identity Card with an imbedded NFC chip for easy access.

• One of the many Smartphone Wireless radios.
• Designed for close access, unlike BLE which can be accessed up to 10 meters away.

Problems

• It's easy to read an NFC chip without the user's knowledge.
• Apple iPhone has limited access to NFC for payment, but late in 2023 is being sued as a result.^[1]

Solutions

• Some providers of Identity cards also give the user a tinfoil envelope to block reading of the chip, for example if a user gets an enhanced Driver's License in the state of Washington, they are provided such an envelope.
• Apple had blocked their phones from reading NFC data, but was forced to allow access by the UK government in order to make it easier for the UK government to check the Identity of people passing into the country.^[2] Home Secretary Sajid Javid is quoted as saying about Brexit “Our EU Settlement Scheme is now up and running and after a successful launch, over 280,000 EU citizens have applied so that they can continue to live their lives as they do now.” Except that their private information is accessible by anyone with a smart phone
• Android NFC API - Google first began testing NFC in web apps with the release of Chrome 81. That version added initial support for the Web NFC API, allowing sites to read and write NFC tags. It’s mainly intended for inventory management, conferences, museum exhibits, and anywhere else NFC is frequently used. Starting with Chrome 89 (Stable on 2021-03-17), the Web NFC API is enabled by default on Android.

NFC Basics

NFC, or Near Field Communication, is a set of communication protocols that enables communication between two electronic devices over a distance of 4 cm (1.57 in) or less. It’s a proximity-based wireless communication standard. Unlike Wi-Fi or Bluetooth, however, NFC interaction is limited to an extremely short range. NFC can allow a phone to act as a transit pass or credit card, quickly transfer data, or instantly pair with Bluetooth devices like headphones and speakers. It’s the technology that powers contactless payments via mobile wallets for payment, as well as for contactless cards.

In essence, NFC offers a low-speed connection through a simple setup that can be used to bootstrap more capable wireless connections. It’s an evolution of RFID (radio frequency identification) technology that has already been around for decades. If you’ve ever used a key card to access an office building or hotel room, you’re already familiar with how it works. Both RFID and NFC operate on the principle of inductive coupling and in most smartphone-related applications the software will only initiate communication if there’s physical contact.

Benefits (examples):

1. Encryption: Data passing between the two devices is encrypted. The security protocol followed by NFC technology is the same one used by chip-enabled payment cards. This means that data is translated from plaintext to ciphertext.
2. Secure Transmission: Depending on the standard being applied, in a transaction using NFC technology, sensitive information is encrypted and transmitted securely.

Limitations (examples):

1. Range: NFC can only work in shorter distances, which is about 10-20 cm. This is to prevent accidental triggers, especially important now that the technology is used for transferring sensitive data and is an important architectural design and user-experience consideration for mobile wallets
2. Data Transfer Rate: It offers very low data transfer rates which is about 106, 212, or 424 Kbps. This makes NFC suitable for exchanging small amounts of data, but it can become inconvenient and almost unusable if phones and/or readers need to be held together for many seconds to perform the data transfer. This will be a significant architectural, user-experience & exceptions management consideration for wallets
3. Data Size: In practice NFC is generally capped at 424Kbits/sec for data transfer, again a key architectural consideration for mobile wallets and the protocols implemented

Security Considerations (Examples):

While NFC is generally considered secure due to its short range, it is not without potential security risks. Here are some examples of security concerns associated with NFC:

1. Eavesdropping: Since NFC uses radio waves, it is possible for someone to intercept the data being transmitted between devices or bump a phone to initiate an exchange without the subject's awareness ( ie crowded spaces such as public transit, festivals,,,, )
2. Data Corruption or Manipulation: As with any form of data transmission, there’s a risk that the data could be corrupted or manipulated during an NFC transaction. In a multi-application environment such as a smart phone this is a significant security design consideration for wallets.
3. Physical Theft: If an NFC-enabled device is lost or stolen, it could potentially be used to make unauthorized transactions.
4. Relay Attacks: In this scenario, an attacker uses two NFC devices to relay communication between a legitimate device and reader. This can allow the attacker to carry out transactions without the legitimate user’s knowledge.
5. Data Interception: (Eavesdropping): Data interception presents a significant security risk by exposing the private information of two NFC devices. If an attack is initiated within the range of two devices using NFC communication, the attacker can intercept communication signals and easily record the data being broadcast. NFC tags and reader applications for phones are inexpensive and widely available
6. Malware: NFC technology may be used to distribute malware and malicious apps if the wallet application does not "block' NFC signals from non-trusted sources

Credit Cards

NFC (Near Field Communication) technology is commonly used in contactless credit cards.

• Contactless Payments**:

  - Contactless payments allow you to make transactions by tapping either a contactless card or a payment-enabled mobile or wearable device over a contactless-enabled payment terminal.
  - Both cards and devices (such as phones and watches) use the same contactless technology.
  - When you tap to pay, the checkout process is secure and convenient.

• How It Works**:

  - Look for the **Contactless Symbol** on the store's checkout terminal.
  - When prompted, bring your card or mobile/wearable device within a few inches of the Contactless Symbol on the checkout terminal.
  - Your payment is securely processed in seconds.
  - Each transaction generates a **transaction-specific, one-time code**, which helps reduce counterfeit fraud.
  - To make a payment, your contactless card or payment-enabled device must be placed within 2 inches of the Contactless Symbol on the checkout terminal.

• Benefits of Contactless Payments**:

  - **Secure**: The one-time code system enhances security by preventing accidental payments.
  - **Convenient**: No need to insert or swipe your card; just tap and go.
  - **Touch-Free**: Especially useful during times when minimizing physical contact is important.

• Where to Tap to Pay**:

  - Thousands of merchants in the U.S. accept contactless payments.
  - Look for the Contactless Symbol at places like fast-food restaurants, grocery stores, pharmacies, and more.

Remember that Visa's Zero Liability Policy protects your payment information from fraud losses and unauthorized purchases¹. Other credit card providers also offer similar security features for contactless payments²³.

If you have a contactless card, you're all set! Otherwise, you can still tap to pay by loading an eligible payment card into your payment-enabled phone or wearable device¹. 🌟

Source: Conversation with Bing, 4/20/2024

(1) Contactless Payments – Learn how to Tap to Pay | Visa. https://usa.visa.com/pay-with-visa/contactless-payments/contactless-payments.html.
(2) What is a Contactless Credit Card | Chase. https://www.chase.com/personal/credit-cards/education/basics/what-is-a-contactless-credit-card.
(3) What Are NFC Mobile Payments? | Capital One. https://www.capitalone.com/learn-grow/money-management/nfc-payments/.
(4) What Is An NFC Credit Card | Robots.net. https://robots.net/fintech/what-is-an-nfc-credit-card/.

References

1. ↑ Finextra, Apple, Visa and Mastercard face anti-trust class action lawsuit (2023-12-18) https://www.finextra.com/newsarticle/43450/apple-visa-and-mastercard-face-anti-trust-class-action-lawsuit
2. ↑ NFC World (2019-04-09) https://www.nfcworld.com/2019/04/09/362259/apple-to-unlock-iphone-nfc-to-read-passports/?

Other Material

• W3C TAG review of the NFC API
• Digital Guide IONOS
• Page on this wiki for Smartphone Wireless