Paying with your phone for a cup of coffee or your train ticket isn’t magic, it’s just NFC technology. It allows your phone to transfer data to another nearby device, but are there any risks? Find out more about NFC and its security.
NFC stands for near-field communication. It allows NFC-enabled devices to easily send and receive data such as photos, contacts, files, and even payments. The connection is established as soon as the two devices are 4 inches apart or closer.
NFC evolved from radio-frequency identification (RFID), a technology that doesn’t require Wi-Fi, 3G, LTE, or any power or manual pairing. You can find NFC chips in security cards or various payment and travel cards. Nowadays, most smartphones have NFC too, and they mostly use it to complete contactless mobile payments.
If your device is running Android 4.4 or later, then your OS supports NFC (and your device probably does, too). This technology is the reason why you can use Android Pay or Samsung Pay (depending on your phone manufacturer). Android phones can also use a feature called Android Beam, which allows exchanging phone numbers, files, apps, photos, and even directions. Once two devices are nearby, you should see an automatic “Would you like to beam” message.
The feature was discontinued after the Android 9.0 operating system was released mostly because it wasn’t as popular or useful as anticipated.
If you have an iPhone 6 or a later model, then you have an NFC-enabled device. iPhone users do not have anything like Android Beam, but they can still perform mobile payments. Without NFC, your Apple Pay wouldn’t work.
NFC is great for when you forget your wallet at home. But is NFC on a mobile safe to use? Well, due to the proximity it requires and the fact that it needs 2-factor-authentication, some might say that it’s even safer than using your credit card. Nothing is unhackable, however, NFC mobile payments are pretty secure. To hack them in real life would be very challenging and not worth the cost.
Apple Pay, Android Pay, and Samsung Pay all use “tokenization” to secure your NFC payments. Tokenization is the process of replacing sensitive data with surrogate data. Credit card payments require a lot of sensitive data such as your Primary Account Number (PAN), name, address, and your card’s expiration date. When you pay using NFC and tokenization, the merchant doesn’t see your real data. This is what happens:
Different platforms have slight differences. Your credit card company assigns a Device Account Number (DAN), which is needed to authorize your payment and is used only by your phone. The difference is that Apple stores DAN on your phone while Android stores it on a cloud. Samsung Pay, like Apple, stores it on your phone and also uses an added security protocol to protect your DAN even further. Over all, NFC technology is pretty secure.
Could bad actors clear out your bank account by using your NFC-enabled phone? Not really. To complete transactions using your phone, you need to provide additional authorization – either enter a PIN or use your biometric data, fingerprint or your face. If your 2FA isn’t set up then no one would be able to use mobile payments. On the other hand, if your phone isn’t locked or doesn’t have a 2FA you may face bigger problems than just NFC payments.
However, if you lost your phone and are worried that someone might compromise your account, you should call your bank and close your account. You should also remotely reset your phone to factory settings if possible (here’s how to factory reset your iPhone).
For more tips on cybersecurity, subscribe to our monthly blog newsletter below!