Near Field Communication: the risks of a contactless exchange
Mobile phones no longer serve the simple purpose of sending text messages and receiving phones calls. Mobile phones now serve as multipurpose devices which allow individuals to phone, text, e-mail, surf the web, social network, store data, send files and much more. Mobiles devices have become an integral part of our daily lives, increasingly being utilised to conduct financial transactions. The value of mobile transactions is expected to exceed $3.2 trillion by 2017 . This notion of mobile commerce (m-commerce) has recently been supported by the use of Near Field Communication (NFC) which enables the functionality of mobile wallets and other methods of contactless, wireless transactions.
NFC enables the transmission of data between two devices in close proximity. Smartphones and bank cards are increasingly being designed with an embedded NFC chip which allows the contactless communication. The underlying concept of this technology is that soon people will be able to make purchases by simply tapping their smartphone or bank card on an NFC reader, allowing for a financial transaction to be conducted .
Within the mobile space, various smartphones such as Google, Samsung and Blackberry have already employed NFC technology. However, the use of NFC technology has not stopped here - numerous banks and financial service providers, such as Mastercard Paypass, Visa payWave and PayPal have utilised this technology within their bank cards. This technology has already been implemented within Europe and Asia, and is slowly gaining traction within South Africa; where the technology is currently being used instead of paper tickets at sport stadiums.
As with all cyber technological advances, NFC is not without risk. Essentially, NFC chips contain sensitive credit card and bank account information, and since this information is of value, cyber criminals have found ways to steal this sensitive information. As documented by the HP 2012 cyber risk report, a main security concern arising from a NFC chip in a bank card is the fact that the chip is always activated. The associated risk is that, when the bank card is in the field of an NFC reader, the information on the NFC chip can be read and hence stolen. With respect to mobile devices, smartphone applications activate the NFC chip, to work as an NFC reader. Thus, attackers are said to activate their smartphones, and bump into people within a crowd setting, in an attempt to steal their banking details.
Apart from these risks, data transmitted through an NFC channel may also be intercepted through the following ways:
- Eavesdropping: occurs whereby a third party intercepts the transmission channel and obtains access to the data being transferred. A solution to this risk is to encrypt the data.
- Data disruption: arises from a denial of service attack, in which an attacker blocks the NFC communication channel by disrupting or corrupting the data.
- Malware: Malware can ‘sniff’ sensitive data and send it on to an attacker over an NFC communication channel. This is becoming an increasing risk to all mobile users, not only users with NFC technology. Thus, it is imperative that users install anti-malware programs onto their mobile devices.
As the use of NFC technology increases, advances in the technology cater for greater capability which extends beyond financial transactions, such as:
- Sharing of files and documents
- Downloading of information from ‘smart posters’
- Viewing of electronic identity documents
Thus, NFC devices can be said to not only be of use to individuals but firms who engage in mobile data transactions as well. Therefore, businesses that do not employ adequate mobile and cyber security are prone to the risk of data breaches which may expose personal identifiable information of customers’ and employees’. Corporate intellectual property may also be at jeopardy. Such risks make companies vulnerable to the perils of reputational damage, financial loss and legal liability to name but a few.
In summation, the use NFC technology is attractive and the numerous capabilities it offers makes individuals’ lives and business for companies easier. The use of NFC is gaining popularity as companies throughout the world are embedding this technology in their products and services. Therefore, before one does away with paper transactions and opts for mobile wallets and other forms of contactless communication, it is imperative that we guard against their associated risks either through insurance or risk management tools.