A woman in a car with a mask on paying contact free through her phone.

Are NFC terminals secure?

Friday, November 28, 2014

What your business needs to know

When it comes to accepting payments at your small business, flexibility for consumers is key. Offering multiple ways for customers to pay is a great way to ensure customers can pay the way they prefer. One of the payment methods that has become popular is NFC payments. So, in this article, we’ll provide a high-level overview of NFC payments – what they are, how they work, and if they are a secure form of payment. First, let’s look at what NFC payments are.

What is NFC?

NFC is a term that stands for near field communication. Near field communication technology gives two devices the ability to pass data from one device to another, as long as the devices are close enough together. This proximity is very confined. It’s one of the reasons that NFC transactions only work when the two devices are within a short proximity of one another, usually just a few inches.

NFC can connect laptops, tablets, smartphones, and other devices to each other and to payment terminals. This technology is what enables contactless card payments – by either EMV-enabled cards or mobile phones. Sometimes, NFC technology gets compared to Bluetooth®. However, there are a few differences. NFC doesn’t require as much power, works over shorter distances, and doesn’t require any form of device discovery. Put simply, NFC is a way to share data over short distances. Now that you know what NFC is, let’s look at how it works.

How does NFC payment work?

Customers can use NFC technology to pay for goods and services at your business in a few different ways. First, they can use a physical, chip-enabled credit card and tap the payment terminal, if their card has NFC capability. Visa, MasterCard, American Express, and Discover all have credit cards with this feature.

Alternatively, they can activate their mobile payment card on their phone by opening their respective payment app, such as Samsung Pay or Google Pay on Android phones or Apple Pay on iPhones. For added security, the NFC function on mobile devices only activates when a user opens their mobile wallet.

Once activated, NFC payment technology utilizes radio frequency identification (RFID) to pass data on radio waves from one entity to another using a particular frequency – 13.56MHz. This frequency only works when the two NFC chips are close together. If you’ve ever made a tap-to-pay payment, you’ve seen firsthand how close you need to be to the terminal for the payment to work. If too far from each other, the two NFC chips won’t talk to each other, and no transaction will occur. Once the transaction is successful, the business charges your card just like with a physical card transaction.

NFC payments can only be accepted by businesses who have NFC-enabled payment terminals. If your business has received payment terminals or card readers from your payment processing partner within the last few years, there’s a good chance your business already has the capability to accept NFC payments. But, are NFC payments secure? Let’s take a closer look.

How secure are NFC payments?

A common question from small business owners who want to protect their customers’ data is “How safe are NFC payments?” The answer is that NFC payments are a highly secure technology and are similar to a customer dipping their EMV-enabled credit card. Here are a few reasons NFC technology is so secure.

Proximity protection

Contactless payments like NFC only work in close proximity (again, just a few inches). Therefore, if someone were to try to steal information from a customer using NFC, they’d have to stand very close to the NFC reader. This makes it relatively easy to spot a thief, since they would have to be practically standing on top of you to steal your data. Proximity is the first line of defense for NFC payments.

User initiation

The next security benefit of NFC payments is that customers must actively initiate the contactless payment process. That means that a thief cannot gain access to the saved credit card information simply if the phone is in standby mode. When standing near an NFC-equipped terminal, the customer not only has to activate the NFC mode on their phone by opening their NFC payment app, but they must also pass a secondary form of identification to proceed. This second form of authentication could be a thumbprint, facial recognition, or a specific PIN code. This two-factor authentication process makes it even more secure.

Secure element validation

After the connection is made, the transaction can only go through after the card or smartphone validates the purchase with a secure element chip. This validation process uses a unique digital signature for every payment. This process is sometimes called tokenization, because the transaction uses a unique string of numbers (a token) in place of a customer’s actual credit or debit card information. The token guarantees the same functionality of the credit card data while only being useful during one specific transaction. This means that even if someone were to steal the token, it would be useless outside of the single transaction that just took place.

Now that you’ve seen the security features of NFC payments, let’s address the security vulnerabilities of NFC payments.

What are the security risks of NFC payments?

While NFC payments are very secure, they’re not foolproof. Therefore, it’s important to take note of the potential risks of NFC payments. The biggest risk to consider is that NFC technology relies on wireless signals for payments. Although a small potential, there’s always the possibility of hackers accessing the merchant data stored in the NFC terminal. Other security risks include hackers using malicious code on a consumer’s device or collecting information by tapping their device on an NFC device.

Again, these types of attacks are difficult to pull off. As you’ve seen, NFC payments are arguably more secure than traditional card payments. Thanks to technology like tokenization, NFC payments also help prevent physical card theft and the theft of card numbers.

Most consumers are also savvy enough to take proactive measures to protect their devices. Passcodes and PIN codes on smartphones, as well as biometric technology, can help customers keep their data safe. If a device is secure, the mobile wallet within that device is secure, too.

In this article, we’ve looked at the security of NFC payments. While NFC technology has been around for awhile, it’s starting to change the way businesses like yours accept payments. NFC payment technology is making it more secure to pay and accept payments than ever before. Implementing NFC payments at your business is one way you can not only meet consumer demand for payment technology, but also protect their personal information and yours in the process.


Ready to work with a payment processor who can help you accept NFC payments?

Heartland is the point of sale, payments and payroll solution of choice for entrepreneurs that need human-centered technology to sell more, keep customers coming back and spend less time in the back office. Nearly 1,000,000 businesses trust us to guide them through market changes and technology challenges, so they can stay competitive and focus on building remarkable businesses instead of managing the daily grind. Learn more at heartland.us.