Have you ever wondered what is the underlying technology behind Apple Pay, Google Wallet, or Square payments by waving your phone near it? Those devices are using Near Field Communications (NFC). Here is a more detailed description from nearfieldcommunications.org:
Bluetooth and Wi-Fi seem similar to near field communication on the surface. All three allow wireless communication and data exchange between digital devices like smartphones. Yet near field communication utilizes electromagnetic radio fields while technologies such as Bluetooth and Wi-Fi focus on radio transmissions instead.
Near field communication, or NFC for short, is an offshoot of radio-frequency identification (RFID) with the exception that NFC is designed for use by devices within close proximity to each other. Three forms of NFC technology exist: Type A, Type B, and FeliCa. All are similar but communicate in slightly different ways. FeliCa is commonly found in Japan.
These devices are leveraging these wireless technologies to transfer information stored in your phone as a method of payment.
What About Security?
The immediate security benefit of NFC is proximity. For the technology to work, the devices have to be within centimeters apart from each other to transfer the payment details. That makes for the interception of that communication very, very hard to eavesdrop that communication. According to the InfoSec Institute, NFC might be the technology that addresses a lot of consumer’s concerns:
Credit card security is always a concern for consumers, and through the years many systems have been implemented to protect buyers and their finances, from the use of pins to dual authentication when using credit cards online to embedded chips, a technology that is now being phased in also for consumers’ credit cards in the United States.
NFC, with its high-security standards as well as convenience, seems to be the answer to the credit card security concerns.
In the case of Apple Pay, your credit card details are not actually stored on the device but a device-specific key that only the credit card company can use. Here are some details according to Apple:
Once your card is approved, your bank or your bank’s authorized service provider creates a device-specific Device Account Number, encrypts it, and sends it along with other data (such as the key used to generate dynamic security codes unique to each transaction) to Apple. Apple can’t decrypt it, but will add it to the Secure Element within your device. The Secure Element is an industry-standard, certified chip designed to store your payment information safely.
So, when using Apple Pay or the like, you are also getting the benefit of what the industry calls liability shift that was established in 2015. If merchants stick with the magnetic strip technologies that can be skimmed and are somewhat vulnerable by today’s standards, they are liable for any potential fraud that could occur vs. the cardholder or processing network. This policy shift is forcing point of sale units to upgrade and support stronger encryption measures to help protect the consumer. This is on top of the protection of eavesdropping by proximity as well as advanced data encryption.
The one thing to keep in mind, this only protects the customer credit card information during transmission. Once the transaction details are stored in a given company’s database, the traditional data security measures, policies, data retention, and practices kick in to protect that data. This would be the same as any traditional point of sale transaction. At a minimum, consumers are getting the benefit of additional security protections in providing their credit card information to the company. Plus the convenience of not having to carry credit cards on them as they are digitally stored in a very, very secure manner.