NFC: the Technology Behind Tap-and-Go Communication
Most people are familiar with the terms of Apply Pay and Google Pay. But how many of us know what those terms stand for? Apple Pay and Google Pay are both forms of NFC mobile payment types. NFC is the technology that has enabled so many of us to enjoy the convenience of tap-and-go.
Central to every contactless mobile action is a little microchip and radio antenna conducting the tap-and-go operation that is near field communication (NFC). NFC encryption technology is transforming the way users access information, make payments, and share data across devices.
This post will break down all there is to know about NFC mobile payments. What is it, how it works and is it secure? Here’s our guide to NFC.
What is NFC?
NFC is a system of contactless communication that enables data sharing between devices like smartphones, tablets, and laptops. With NFC, a user can gesture their phone towards an enabled device and share information without manually establishing a connection. With its speed and convenience, technology has already become mainstream.
How it Works
It’s easy to assume that NFC operation is an extension of Wi-Fi or Bluetooth technology. All three systems support wireless communication and data transfer, but NFC operates using electromagnetic fields, whereas Wi-Fi and Bluetooth use radio transmissions.
NFC is a subset of RFID (radio-frequency identification), a technology that allows us to identify things through radio waves. RFID is nothing new—it’s been used for decades for things like scanning items in grocery stores and luggage on baggage claims. While the basic principles of each technology are incredibly similar, NFC operation is limited to a proximity radius. Most users consider NFC’s proximity control to be a significant security asset given the considerable role it plays in mobile payment.
There are two types of NFC devices: active and passive. Passive devices like smart posters, merchandise beacons, and contactless POS terminals can hold information for active devices to read, but cannot access external information itself. Active devices can send radio-frequency currents that interact and collect data from other enabled hosts.
More Than a Digital Wallet
While mobile payments may be the easiest way to understand NFC, the technology can be applied to more than tap-and-go purchases.
NFC introduces a more complex environment for interactive marketing. With NFC, marketers can target consumers more efficiently by collecting real-time data to deliver personalized content. This technology will make it easier to evaluate and promote loyalty programs and eliminate the need to collect multiple rewards cards. Passive hosts are already starting to pop up on advertisements, signs, and merchandise.
The real estate market is a prime example of how NFC can dramatically improve customer engagement. Including NFC tags on real estate, signs, or listings can benefit a buyer in several ways. An agent can provide details about the property, but they can also offer photos, floorplans, virtual tours, and other listings based on the buyer’s desired criteria. This communication method has the potential to create in-depth and valuable connections between brands and their mobile consumers.
The idea of paying for something through a mobile device can make some people uncomfortable. Consumers want to ensure that their data – and their money – is safe. Merchants want their systems and customers protected. The same goes for banks and credit card issuers. The more secure the transaction is, the better it is for all parties involved.
While there is always an element of risk with any electronic transaction, NFC payments are considered to be extremely secure. The data involved in an NFC transaction is encrypted and dynamic, meaning it’s always changing, unlike the data on a magnetic-stripe card, which is static—it’s all right there on the back of your card. Making mobile payments one of the most secure ways to pay.
How Does Dynamic Encryption Work
Mobile payments don’t store the credit card number of the device. Instead, they use something called tokenization.
If a user uses Apple Pay, once they take a picture of their credit card and load it into their iPhone, Apple sends the details to the card’s issuing bank or network. The banks and networks then replace the bank details with a series of randomly generated numbers. That random number is sent back to Apple, which then programs it into the user’s phone. This means that the account details on their phone can’t be cloned into anything valuable to fraudsters. Anytime contactless pay is initiated, the user’s phone sends temporary numbers to the point-of-sale that can only be used for that specific transaction. Then the number changes and can’t be used again.
This type of encryption dramatically limits the risk of shared security concerns, and as a bonus, Apple Pay is protected by Touch and Face ID, Apple’s fingerprint technology. To initiate an Apple Pay transaction, a user needs to unlock the phone with a verified fingerprint or passcode. So even if a device is stolen, no one can get to a user’s data. This is also why Apple Pay only works on the most recent iPhone models, which come equipped with Touch ID.
HCE and Google Pay
However, unlike Apple Pay, Google Pay uses HCE, or host card emulation, to emulate the user’s physical card and stores the secure account information in the cloud, as opposed to on the device itself. While this does use some level of tokenization because the payment data is stored in the cloud, the tokenization process is also cloud-based, which some believe makes it less secure.
EMVCo facilitates global interoperability and acceptance of secure mobile payments. The organization has been working towards defining the architecture, specifications, requirements, and type approval processes for supporting EMV mobile NFC payments. These include:
- Requirements for the product type approval
- Sets of basic functional requirements for mobile devices
- Cardholder verification methods
- Certification requirements such as a security evaluation for the SE holding the payment application
- Requirements for the identification of EMV application on a device
- Conformance to a reference application activation user interface (AAUI) on the device (Source: Smart Card Alliance).
The Future of NFC
Moving forward, there is potential for NFC to replace every card in your wallet. In light of our current circumstances, accelerated digital transformation initiatives are accelerating the possibility of a cashless society. Not only do NFC mobile payments reduce the number of surfaces we physically touch (i.e., credit card, POS terminal, etc.), this form of payment is also faster, more convenient, and more secure. Now is the time for businesses to investigate possible ways to incorporate NFC into their mobile strategies. A whole world of digital communication is simply a tap away.