Home » Insights » NFC Last Inch Privacy and Security

NFC Last Inch Privacy and Security

Near field communications opens up a new pathway to exposing your identity, privacy and device security.

Everywhere you go, someone wants you to tap or touch your phone to exchange information. This year, we have something like one billion NFC-enabled phones wandering around the planet. At the same time, the growth of NFC enabled point of sale terminals is exponential. It has moved past financial and retail organizations, and now enables a wide variety of transactions.

Unlike your dealings with credit cards, the use of NFC point of sale contains many uncertainties about NFC last inch privacy and security. Before your transfer trust from traditional credit card terminals to a huge variety of “touchable moments”, make sure that trust is earned.

Personally, I am going to limit my use of NFC until the market is more mature, and even then, stick with highly reputable vendors. I have lived without tapping for more than sixty years. No problem.

NFC Last Inch Risk Considerations

Risks include data theft, data tampering, and mobile malware.

  • Because NFC requires close proximity for a connection, it is hard to eavesdrop. This is largely true, but the 1-2 inch range is a myth. It is relatively easy to build portable snooping hardware that can interrogate an NFC tag from one or two feet away.  That person standing next to you on the bus could be interrogating your wallet.
  • Out of the factory, NFC tags serve one purpose: the exchange of freely readable data. Read that last sentence again. Without additional precautions, NFC tags can be copied and cloned. Many of them contain unique identifiers that can read by anyone. Now to be fair, most vendors add layers of encryption and security on top of the basic tag. But how do you really know? Since NFC payment systems are extremely complex, they appear hard to hack. But, we used to say this about computers, too.
  • Most people don’t read the fine print on NFC Apps. Service providers and application developers might be doing something with your personal data that you don’t know about. It’s one thing to live with your credit card company knowing your shopping habits. It’s another to provide this information to unknown intermediaries.

One way to reduce NFC risk is to turn it off when not needed. This is true for Bluetooth and WiFi, as well. Unfortunately, there is no off switch on NFC tags sitting inside your smart cards and devices. They are always on, ready to be read.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.