NFC and Security FAQ Available Online
Over the last few years NFC device shipments have soared to over two billion annually in 2019 making NFC one of the “big three” consumer technologies, along with Bluetooth and Wi-Fi, in use today by billions of people. NFC is a standard feature on smartphones. It is used for payments, digital identity, to purchase transportation tickets, start automobiles, commission and control 36 billion IoT devices and more. In short, NFC is a secure technology that impacts the daily lives of billions of people on the planet. Maintaining this security is important and the NFC Forum’s security FAQ provides a good overview of the technology and its security.
When it comes to security, everyone in the NFC value chain plays a role in ensuring the security of NFC interactions. This includes:
- Standards bodies
- Device manufacturers
- Secure element manufacturers
- NFC tag manufacturers
- NFC application developers
- Solutions developers
- Mobile carrier
- Certification test laboratories
Specifications, Standards and Partnerships
NFC technology includes security features incorporated in NFC Forum specifications; supports security standards developed by industry standards bodies; and allows device manufacturers, solutions developers, service providers, and users to employ additional security measures they deem appropriate to each application.
In addition, NFC technology supports security standards developed by standards bodies and industry consortiums, including EMVCo, ETSI, GlobalPlatform, and GSMA.
Developers of NFC applications are incorporating these and other security measures, including passwords, strong authentication, and access control, that further protect devices, stored information, and transaction integrity and confidentiality.
Finally, NFC has a very short transmission range. Because NFC Forum devices and NFC Forum tags work only within a short distance they provide an initial degree of protection from attacks.
The goal is to continually strengthen the security of NFC devices and applications. The continually expanding security measures for NFC devices and applications include:
- Device NFC on/off switch: to prevent unrecognized use of NFC functionality
- When implemented by the device manufacturer, NFC functionality is automatically turned off when the phone is asleep/off
- Data encryption: to prevent unauthorized access to confidential data during NFC transmission
- Strong authentication methods (strong passwords, finger biometrics, etc.) to prevent use by unauthorized users
- NFC tag locking to prevent overwriting
- Use of digital signatures on NFC tags to ensure the authenticity and integrity of tag data
- Usage of dynamic identifiers to avoid the tracking of NFC device users when the NFC application allows anonymous transaction
For more security FAQs click here