Near field communication (NFC) is a protocol that was first defined in 2003 for use in radio-frequency identification (RFID) technology, in standards distributed, promoted, and certified by the NFC Forum.
The standard describes the way in which two devices could be placed in close proximity (1.6 inches) to exchange data between one another to induce magnetic induction. Once a connection is established, data can be exchanged at a rate of 424 kbps on 13.56 MHz frequency in one of three modes: peer-to-peer (two-way exchange of information), read/write-only (one-way exchange of information), or card emulation mode (how NFC payment operates).
The first NFC-enabled phone was the Nokia 6131 flip phone released in 2006. An Android enabled NFC phone wasn’t released until 2010 on the Nexus S, and Apple didn’t include it in the iPhone until 2014. Over time, however—especially as NFC payments become much more ubiquitous among typical smartphone users—increasingly creative uses of NFC are being adopted. Here’s a look at some of the ways NFC is already being used on your smartphone.
NFC Contactless Payment
Sometime in the early 2010s, banks and credit card companies began to issue cards that included RFID chips for contactless payments. The motivation for them was simple—the easier it was to make a payment for something, the more a consumer was likely to spend. While transactions became suddenly much more convenient, concerns over the security became much more obvious.
The problem with initial RFID technology in payment methods was that, if you lost or misplaced your debit card, a third party could easily use it without knowing your PIN. To mitigate this risk, many financial institutions imposed spending limits on contactless payments. There was also a period of time where RFID skimming was possible, although today RFID-enabled cards are encrypted to prevent this sort of theft.
The first smartphone-enabled NFC payment application came from Google through Google Wallet (now Google Pay after merging with Android Pay) on the Nexus S. Apple released Apple Pay in 2014, making it possible to make payments using an iPhone (6 or later) and the Apple Watch.
Image courtesy of MobileAppCost.
It may seem counterintuitive to include all of your contactless payment card information on your smartphone. But consider that this method may still be more secure than carrying those cards in your wallet. Afterall, most phones require a pin, password, or biometric ID to access your smartphone to make the payment (a process that is still more convenient than entering your bank PIN on a point-of-sale terminal). If your phone is lost, there is still that added layer of security, as well as the possibility to remotely wipe your device if the feature is enabled.
For many, there's a general unease in making your smartphone an even more critical point of failure if lost. Beyond that, NFC payments include privacy concerns about whether various companies are tracking your spending habits through apps.
Apple has maintained a high degree of control over the NFC hardware in their devices, initially limiting the use to Apple Pay only. Slowly, they’ve been opening the module up to app developers, and currently provide access through a Core NFC framework. This limit to access of new hardware is not unusual with Apple—another example being the limited access to the fingerprint reader after it was first released as a feature. Other limits include only enabling NFC from an app while the app is open in the foreground.
Recently, Apple announced their plans to expand the NFC module use to everything from accessing hotel rooms, using the iPhone as a transit pass, to opening car doors. It is also reported that employees on the Apple campus use their devices for access control in the building. Further, Apple reports that it plans to expand capabilities for developers in Core NFC.
Some projects already exist that allow users to unlock their cars with their smartphones using NFC. Once again, one might wonder about the security of having this capability on your phone since you can misplace or lose it, although it could be seen as not unlike misplacing or losing your car keys. In the event of losing your car keys, it’s usually a bit easier to identify the car it belongs to since keys usually feature the car manufacturer's logo.
Two-Factor Authentication (2FA) can add an important layer of protection when it comes to accessing accounts, devices, or other secure information. Instead of just using only a password, a secondary authentication response is required.
Right now, there are many ways 2FA is implemented. You may receive a text message or email with a code or you might have a key dongle with regularly refreshing access codes or you may have an app on your phone. However, these methods are still just inconvenient enough that many people still don’t bother with it. However, with NFC-enabled smartphones, 2FA can be streamlined and become a lot more convenient.
That is the objective of YubiKey, which is taking advantage of Apple’s expanded Core NFC access to enable tap-and-go 2FA using a hardware key. YubiKey has already established itself as a hardware 2FA key for laptops, in which the key can be inserted into the USB port to authenticate computer user login, logging into email accounts like Gmail, or cloud storage like DropBox.
Image courtesy of Yubico.
On the iPhone, the same keychain dongle can be used to authenticate access to the LassPass password manager, but with Apple’s most recent announcement, there is anticipation that the YubiKey will eventually be capable of 2FA for many other apps. This sort of application of NFC can make it even harder for an adversary to access sensitive data on your smartphone: even if they somehow bypass your password/PIN/biometric ID, the hardware key would still be required. NFC also makes this form of 2FA more convenient and more likely to be used.
Have you used NFC in a design? What sort of applications would you want to see NFC used for?