Now available in the iPhone 6, iPhone 6 Plus and Apple Watch, NFC is poised to play an important role in the way we use our phones, especially when it comes to mobile payments. NFC payments are not the first attempt at making payments easier for consumers. Google Wallet for over three years has allowed consumers to store all their credit cards, debit cards and gift cards data in one easy-to-use virtual wallet and, more recently, even allowed them to pay using Gmail addresses. Google Wallet now is also using NFC technology to provide tap-and-pay options for its users. Looking back, this type of payment technology has already been prone to attacks. Although immediate action was taken by Google to correct their mobile wallet problem, it proves there was (and may still be) a security issue.
With media exposing major security breaches and the compromising of sensitive data due to the activity of hackers, there are growing concerns about the security and safety of private stored information when carrying out NFC-based mobile transactions. There is uncertainty on what is actually being done to protect the data from security breaches that can easily occur. The fear with NFC is that a hacker could steal credit card information in a simple way utilizing a variety of methods and not-so-sophisticated equipment. As well, a hacker could casually tap on someone’s device and collect information by using a receiving NFC device.
The possibility of a data interception can not be discounted, but NFC technology is so advanced that it makes attempts hard to carry on. In addition, technology improvements are adding layers of security that effectively protect users. Apple, for example, has devised a way to use account numbers linked to a user financial information rather than store credit card data on the phone itself. Other credit card companies are also embracing the new digital money technologies. The overall NFC security system is less likely to be vulnerable if a tag carries security functionality built into the chip.
Companies creating secure digital wallets like MasterCard’s PayPass and Visa’s pay Wave that allow customers to make contactless payments at an NFC-enabled terminal are striving to come up with similar plans to reassure consumers when using their apps and app-and-reader counterparts. More protection could be afforded by the use of a new solution: the migration to EMV that not only can secure payment cards but also be apt for NFC mobile contactless payments in point-of-sale environments. That said, credit card payments through NFC technology promise to be safer than regular credit card swiping.
RFID security system is currently being rolled out in the US, but is already widely available in Western Europe, Eastern Asia and even Australia; it is also used for widely known SBU point of sale applications (QuickBooks POS, ShopKeep and AccuPOS) that have already been optimized and support NFC technology. Since software has certain security risks, to move the secure element into hardware may be what is necessary for mobile payment systems to be secure.