The Different Security Risks Associated with NFC Payments


Central to a typical mobile payment transaction and reliant on a radio antenna and microchip, NFC or Near Field Communication technology is rapidly gaining traction in the digital payment industry.

NFC payments have become the standard for mobile payments in most businesses. There are other types of mobile payments as well which do exist – such as Bluetooth enabled payments, payments through QR codes, etc. – but none comes close to NFC payments in terms of popularity.

No doubt the technology has many benefits to offer because of which both merchants and customers show such an endearing preference to it, but like with any type of electronic transaction, it comes with its own.

How high are those risks?

Not really too high, but still as a merchant it’s important to know about these security risks and do your due diligence to mitigate them.

Risks of eavesdropping

The risk of eavesdropping affect all data communication protocols and NFC is no different. Eavesdropping in the context of NFC payments refers to intercepting of card data as it gets transmitted in the form of radio signals from an NFC enabled mobile device to a contact less reader.

However, because of NFC’s inherent limitation where the distance between two communicating devices can’t be any more than few centimeters, the risks of eavesdropping are low.

Not non-existent though.

Risks of relay attack

This one is little complicated to understand, so we’ll try to keep the explanation as simple as possible.

Two NFC devices when brought in close proximity with the objective of performing a transaction, interact with each other through an established set of protocol known as ISO/IEC14443 compliance protocol.

In a relay attack, the attacker exploits this protocol.

The attacker places a ‘mole’ reader device in front of a NFC token (e.g. credit card) and another device in front of the actual card reader which serves as a card emulator. The victim’s credit card falsely assumes the mole to be an actual card reader, whereas the merchant’s smart card reader assumes the card emulator to be the customer’s credit card. Using this arrangement, the attacker then relays information between the credit card and the card reader, manipulating it in transit and using it for their own gain.

It’s one of the most common security risks posed to NFC technology.

To prevent relay attacks, merchants can take following counter measures:

  • Install a Faraday box at the side of consumers. The Faraday box would act as a Faraday cage and shield the user’s card from the influence of a mole.
  • Leverage distance bounding protocols to help readers know when a relay attack is being performed and when a card is present inside the electromagnetic held.

Ensuring a secured payment environment to customers is every merchant’s responsibility, irrespective of the payment technology being deployed. NFC products and payments through them are although safe, can be made even safer by keeping the risks discussed above under consideration and taking measures to mitigate them.

Interested in learning how NFC can be used in business settings other than just for accepting payments?

Check out this post.

Leave a Reply