What is NFC on the phone?
Paying with your phone for a cup of coffee or your train ticket isn’t magic, it’s just NFC technology. It allows your phone to transfer data to another nearby device, but are there any risks? Find out more about NFC and its security.
What is NFC?
NFC stands for near-field communication. It allows NFC-enabled devices to easily send and receive data such as photos, contacts, files, and even payments. The connection is established as soon as the two devices are 4 inches apart or closer.
NFC evolved from radio-frequency identification (RFID), a technology that doesn’t require Wi-Fi, 3G, LTE, or any power or manual pairing. You can find NFC chips in security cards or various payment and travel cards. Nowadays, most smartphones have NFC too, and they mostly use it to complete contactless mobile payments.
NFC on Android
If your device is running Android 4.4 or later, then your OS supports NFC (and your device probably does, too). This technology is the reason why you can use Android Pay or Samsung Pay (depending on your phone manufacturer). Android phones can also use a feature called Android Beam, which allows exchanging phone numbers, files, apps, photos, and even directions. Once two devices are nearby, you should see an automatic “Would you like to beam” message.
The feature was discontinued after the Android 9.0 operating system was released mostly because it wasn’t as popular or useful as anticipated.
NFC on iPhone
If you have an iPhone 6 or a later model, then you have an NFC-enabled device. iPhone users do not have anything like Android Beam, but they can still perform mobile payments. Without an NFC tag, your Apple Pay wouldn’t work.
NFC security. How does it work?
NFC is great for when you forget your wallet at home. But is NFC on a mobile safe to use? Well, due to the proximity it requires and the fact that it needs 2-factor-authentication, some might say that it’s even safer than using your credit card. Nothing is unhackable, however, NFC mobile payments are pretty secure. To hack them in real life would be very challenging and not worth the cost.
Apple Pay, Android Pay, and Samsung Pay all use “tokenization” to secure your NFC payments. Tokenization is the process of replacing sensitive data with surrogate data. Credit card payments require a lot of sensitive data such as your Primary Account Number (PAN), name, address, and your card’s expiration date. When you pay using NFC and tokenization, the merchant doesn’t see your real data. This is what happens:
- Open your Apple Pay or Android Pay wallet. Use either your fingerprint or scan your face to confirm that it’s you. Then touch the merchant’s provided wireless card reader with your phone.
- Your phone communicates with Google or Apple and sends them your PAN.
- Google/Apple then communicates with your bank and ask them to issue a token, which is a string of random numbers that correlate with your bank account.
- The bank gives it to Google/Apple and they pass it on to your phone.
- Your phone sends the token to the merchant over NFC.
- The merchant’s payment terminal now needs to check whether your token is legitimate and can pay for the transaction. Your token is sent to your card issuer.
- If your token correlates with your account, your transaction can be approved and the money is deducted from your account. The merchant never sees your real details, only your token!
Different platforms have slight differences. Your credit card company assigns a Device Account Number (DAN), which is needed to authorize your payment and is used only by your phone. The difference is that Apple stores DAN on your phone while Android stores it on a cloud. Samsung Pay, like Apple, stores it on your phone and also uses an added security protocol to protect your DAN even further. Over all, NFC technology is pretty secure.
What to do if you lose your phone
Could bad actors clear out your bank account by using your NFC-enabled phone? Not really. To complete transactions using your phone, you need to provide additional authorization – either enter a PIN or use your biometric data, fingerprint or your face. If your 2FA isn’t set up then no one would be able to use mobile payments. On the other hand, if your phone isn’t locked or doesn’t have a 2FA you may face bigger problems than just NFC payments.
However, if you lost your phone and are worried that someone might compromise your account, you should call your bank and close your account. You should also remotely reset your phone to factory settings if possible (here’s how to factory reset your iPhone).
Want to read more like this?
Get the latest news and tips from NordVPN.