Near-field communication (NFC) technology bridges the physical and digital worlds, in a world where convenience is key, and users expect to be able to action tasks at the touch of a button.
In the future, NFC will prove critical to interconnecting the “internet of things” – appliances, cars, houses, TVs and mobile devices. However there are various security challengers to consider, for example when your phone makes contact with another device and they start talking, how does the other device know you meant to tap it? On the other hand, given that NFC brings devices closer to one another, could it in fact be used as means to tighten security?
NFC has already made its way into our lives, with applications such as mobile payments, public transportation, medical record access and event ticketing, being tested in some cities. A more common, everyday usage is swiping an Oyster card against a machine in a tube station. So, how does it work? In the same way that Wi-Fi is a wireless network cable, NFC is a wireless protocol for smart cards; a general-purpose, short-range communications protocol. It allows two devices that are very close together, to “talk” over a short-range wireless link.
In the world of mobility, NFC gives users added functionality and ease of use, and pretty much every mobile vendor is rolling out plans for NFC-enabled devices. ABI Research predicts that by 2016, 552 million handsets will have NFC embedded, meaning that it’s unlikely we’ll even be able to buy a mobile phone without NFC in the near future. With the rise of consumerisation, many NFC pilot schemes are consumer facing, so if mobile vendors building NFC technology want it to take off, they know they will need to really focus on end user requirements. If ABI’s figures play out as expected, NFC is set to become the key enabling technology behind mobile payments, and going further, it could even replace the wallet. However if mobile devices are set to replace physical applications – such as credit cards, ID’s, cash, loyalty cards and business cards – it will be crucial to ensure those devices are secure.
Using a mobile device for mobile payments, the communication between the device and the card reader on the paired system will be completed using NFC, providing a similar experience to that of swiping or inserting a credit card. The simple act of tapping the mobile device will be the main action of giving consent; however in higher risk or expensive transactions, this can be combined with PIN verification. It will be best practice that the sensitive information needed to complete the transaction will be stored on the secure element embedded on the mobile device, and this will likely be central to those transactions that require strong identity proof. The process of a mobile payment is the same as using a chip credit card, in that the infrastructure, other than the card reader on the system it’s talking to, already exists. Mobile devices can be set up to ensure they won’t respond to random requests, but will require a specific app to be running, or some sort of verification to be used before a payment is made. With all this in mind, it’s possible to design a user experience of convenience, whilst making security more robust with a phone than with a card.
NFC is not just used as a transactional enabler, although currently this is one of its most common uses. At a recent Dutch art festival, for example, each installation had an NFC station that attendees could use to rate exhibits with one to five hearts, as well as assemble their own festival poster with the works they liked. There are also various ways in which it’s set to be used as a security enabler, such as using a phone as a car key, or with a door lock that has NFC.
For businesses, there will be further opportunities to use NFC as a means to bolster the security infrastructure and bridge the gap between physical and logical access to corporate environments. For example, when we start seeing NFC in laptops, they will be used as website security management tools. NFC will enable security to be more consolidated, so that employees can use their mobile device to both access buildings, as well as the corporate network. This will reduce the need for smart cards and other physical authentication methods, offering convenience and mitigating the risk of lost or stolen devices.
NFC is used in many different ways, for many different purposes, offering scope and diverse opportunities to do things quicker and more conveniently. It’s certainly changing the ways in which devices interact with one another, and gives users more functionality. However in the future, it will do a lot more than simply enable transactions to happen; it will be used as a means to access critical systems and might even open your front door or your car. This means that there will be less physical elements to worry about – keys, wallets, credit cards – and for businesses, it will serve as a means to bolster the security infrastructure against advanced threats.
By Jon Callas, CTO, Entrust