0
0
Near field communication (NFC) is a set of standards for smartphones and similar devices to establish radio communication with each other by touching them together or bringing them into close proximity, usually no more than a few centimetres. NFC contactless payment is a set of standards for smartphones and similar devices to establish radio communication with each other by touching them together or bringing them into close proximity, usually no more than a few centimetres. Communication is also possible between an NFC device and an unpowered NFC chip, called a “tag”.
Present and anticipated applications include contact less transactions, data exchange, and simplified setup of more complex communications such as Wi-Fi. Communication is also possible between an NFC device and an unpowered NFC chip, called a “tag”.
NFC allows two devices to communicate when they are within 4 cm (1.6 in) of each other. This enables the two devices to exchange information by connecting one mobile device via Bluetooth or Wi-Fi to the internet then having another mobile phone tap it; this second mobile phone will then browse the internet through the first phone’s connection with no additional input required from either user.
Inherent security Risk in NFC contactless payment
NFC stands for Near Field Communication. It is a technology that allows two devices to communicate with each other when they are within a few centimetres of each other. This can be used for making payments, sharing pictures or videos, making appointments and more.
The communication range of NFC is limited to a few centimetres and this means that if someone listens in on your conversation, there is no way they can steal any information from it. However, this technique is not part of the ISO standard and it does not provide any protection against eavesdropping.
Eavesdropping
NFC is based on RFID (Radio-frequency identification) technology. It was originally developed as a wireless alternative to magnetic stripe cards (such as credit cards), since it allows data to be transmitted over short distances and requires no internal battery (it just uses power from the reader). The RFID tag can store up to 200 bytes of data and so far has been used primarily for payment gateway systems such as contactless debit/credit cards, keyless car entry systems etc.
Data modification
The modulation ratio is the ratio between the number of bits that are modulated and the number of bits that are transmitted. This is usually expressed as a percentage. For example, if a data packet contains 1024 bits, but only 100 of them can be modulated at any given time, then the modulation ratio is 10%.
The strength of the amplitude modulation depends on the modulation type used. The most commonly used amplitude modulation types are Miller coding and Manchester coding.
Relay attack in contactless payment
The goal of the attack is to take advantage of the NFC-enabled smart card and launch a practical relay attack. To accomplish this, the attacker has to forward the request of the reader to the victim, and relay back its answer to it in real-time, pretending to be the owner of the victim’s smart card. This is similar to a man-in-the-middle attack but specific to NFC systems. First, we demonstrate how this can be carried out with two stock commercial NFC devices. Next, we show that it can also be practically implemented using only two NFC-enabled mobile phones.
Lost property
What is NFC in mobile? NFC-enabled mobile phones support multiple forms of authentication that can be used to secure data and provide access control. When a mobile phone is lost or stolen, it may be possible to remotely lock or erase the device, or at least prevent the thief from using it for further acts of mischief.
Walk-off
NFC is vulnerable to attacks. In order to protect against unauthorized access, the host device must time out a valid connection after it has been inactive for a certain period of time. However, this does not prevent an attacker from stealing one of the user’s devices, using it to access the cloud and then dropping it back into their possession. This attack is called “replacement”.
NFC and PCI DSS compliance Requirements
The PCI Security Standards Council and EMVCo have not issued any guidelines for NFC payments. In order for the payment terminal to process the transaction, it needs to be able to communicate with your mobile device via NFC. Since no standards exist yet, all communication is currently on an “at your own risk” basis.
