File Name: impact of near field communication and risks in mobile payment system .zip
Skip to Main Content. A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity. Use of this web site signifies your agreement to the terms and conditions.
The Near Field Communication NFC is a set of standards for mobile devices designed to establish radio communication with each other by being touched together or brought within a short distance. The NFC standard regulates a radio technology that allows two devices to communicate when they are in close proximity, usually no more than a few centimeters, allowing the secure exchange of information. The coverage of various ISO standards ensures for NFC technology the global interoperability that makes the technology usable in different areas.
Figure 1 — NFC standards. The NFC technology could be very effective in various areas. The main applications that can benefit from its introduction are:. On the user end, NFC represents a true revolution; a mobile could be used to send micropayments or as an access management device for dynamic identification. This high level of integration of NFC technology represents a point of strength making possible interaction with existing RFID infrastructures.
When NFC technology is mentioned, there is an immediate reference to mobile communication and the possibility of extending the usage of mobile devices as payment terminals. Major firms such as Nokia and Google are developing a lot of projects using NFC; it must be considered that the technology could be adopted in various areas, such as health care.
NFC devices can operate mainly in three modes:. Many U. Big enterprises are driving the growth of NFC demand and the markets are investing in the technologies, attracting a multitude of minor firms that provide development for a huge quantity of innovative services. The killer application for the future is the one that will make it possible for multiple card issuers and payment processors to share space on an NFC handset opening the technology to a scenario rich in applications.
We are in front of one of the biggest business opportunities of our times. Several international researchers have confirmed it with extraordinary figures; according to the Deloitte firm:. A flaw in the standard could affect several sectors with serious consequences.
Security is an essential aspect of the success of NFC technology. The high interoperability of the popular collection of standards must be integrated with appropriate mechanisms to protect data. Implementation of security mechanisms to a tag requires analysis of costs versus benefits. There are various solutions that imply different economic and computational costs, therefore it is crucial to understand exactly what information has to be protected and which are the main threats.
Newer tags have security functionality built into the chip but are not a part of the NFC tag specification; the principal objectives to pursue for data protection are:. In both cases, the above principles are violated. The confidentiality is achievable through the use of encryption algorithms, while authenticity and integrity are obtainable through the adoption of signature processes.
Defines the required and optional signature RTD fields, and also provides a list of suitable signature algorithms and certificate types that can be used to create the signature. Specification of the certificate verification and revocation process is out of scope. Another possibility for developing it is by defining a proprietary method of signature and associating the signature with a data record.
Although the communication range of NFC is limited to a few centimeters, the standard does not ensure secure communications and various types of attacks are already known in literature.
In an eavesdropping scenario, the attacker uses an antenna to record communication between NFC devices. Despite the fact that NFC communication occurs between devices in close proximity, this type of attack is feasible. In some cases, the attack is meant to corrupt the information being exchanged, making it useless.
The principal method to prevent eavesdropping is using a secure channel that has to be established between the NFC devices, usually implementing encryption methods; meanwhile, the proximity of the communication units is another deterrent for attack realization, but it does not eliminate the risks.
Figure 3 — NFC attack scenario. This type of attack is very difficult to implement but the data modification is realizable in rare cases, especially for active mode transmission of NFC information.
The most common way to interfere with the NFC data exchange is to use an RFID jammer; Data modification could be detected, introducing code in the NFC source device that measures the strength of frequencies, thus choosing the one that is truly the closest and most likely valid.
Checking the RF field during transmission allows the sender to detect this type of attack. Another possibility is to modify the data in such a way that it appears to be valid to the receiver; the attacker has to deal with the single bits of the RF signal.
The feasibility of this attack depends on various factors, such as the strength of the amplitude modulation. This attack technique focuses on the extension of the range between the NFC token e. The access victim system will not able to detect the attack because it will think a card is actually in front of it.
Figure 4 — Relay attack scheme. The attack is constrained by a timing issue: Because of the physical distance between the two NFC devices, the packets that are relayed will take longer to be transferred to the destination.
RFID technology has some constraints on the time range between a challenge and response, named frame waiting time FWT ; exceeding this limit will cause the failure of the attack. Principal countermeasures to prevent relay attacks are:.
During the attack the mole is brought in proximity to the card under attack; meanwhile, the card emulator is located in proximity of a reader device POS terminal, access control reader, etc. Figure 5 — Attack Scenario. The limit on a relay attack is the necessity for an attacker to stay in physical proximity less than one meter to the device under attack.
In recent versions of Google Wallet till June , it was possible to communicate with the credit card applets in the secure element through the wired interface without asking the user for his PIN. Although the round-trip times are longer, the EMV terminal does not recognize the delay, as EMV does not define timing constraints on the terminal for transaction processing. Figure 6 — Proof of concept Video. A data corruption attack is essentially a form of the denial of service DoS attack, in which an attacker interferes with data transmission, disturbing or blocking data flow such that the receiver is not able to decipher the information.
The attacker does not need to access the transmitted data, he just needs to transmit radio signals to reduce the signals to random noises destroying the information content of the communication. A common countermeasure implemented in NFC devices is the check for RF signal during data transmission; because the power to corrupt data is bigger than the power used sending the data, the sending device is able to detect the attack and stop the data transmission automatically.
The correct time can be calculated if the attacker has a good understanding of the used modulation scheme and coding. In a spoofing attack, a third party pretends to be another entity to induce a user to tap its device against the tag.
This is possible if an attacker compromised an NFC tag e. The principal countermeasure against this type of attack is to properly configure the device to prompt a message before executing commands through NFC e. An attacker can intercept the information, possibly manipulate it, and relay it to the receiving device.
Another factor that makes the implementation of MITM attacks difficult is the use of encryption mechanisms such as AES for secure communication. Figure 7 — MITM attack scenario. Assuming that the attacker is in proximity to a legitimate NFC payment terminal or uses some kind of antenna to do it, an attacker could exploit ordinary operations such as paying for a drink, a metro ticket, or a cab.
An attacker can force some mobile devices to parse images, videos, contacts, office documents, and even any other content without user interaction. In specific cases, the attacker can completely take control of the phone via NFC, including stealing data on a mobile e. Test m. Once paired, it is possible to use tools such as obexfs, gsmsendsms, or xgnokii to perform actions with the device. Basically, if a user just enables NFC and makes no other changes to the device, it can be completely controlled by an attacker if the attacker can get it read an NFC tag.
Critical vulnerabilities in mobile software could allow the access to information stored on the mobile. Personal information, credit cards, and sensitive data that are stored on NFC devices will become targets for hackers and cyber-criminals. Developing NFC technology, researchers need to account for the trade-off of some aspects such as cost, usability, and level of security, for the reasons explained.
NFC technology will become omnipresent in our lives; many devices around us will implement the standards, from the mobile phone to the access management system of our office.
Payments, access, sites visited,—all this information can be acquired by monitoring an NFC device that is associated with our identity. Anyway, we must consider that NFC usage could be extended to several sectors, from private business to the military.
For this reason, security and privacy are the most concerning issues. Several studies indicate that most consumers do not understand the current risks and are not diligent about the security of their mobile devices. Our role is to develop interface specifications to enable the use of NFC in a wide range of applications, rather than to define the requirements including security of the applications that use the NFC interface. NFC solution providers may add security measures to their applications as they see fit, including both required and optional user actions to enable or disable functions.
Introduction The Near Field Communication NFC is a set of standards for mobile devices designed to establish radio communication with each other by being touched together or brought within a short distance. Posted: June 18, In this Series. Should they be? Another Marriott data breach. Related Bootcamps. Computer Forensics. Ethical Hacking. General security. February 25, February 18, February 16,
communication for mobile phones and other devices. Near Field Communication (NFC) is a technology utilized to communicate important role in payment issues so that it is easy to use. for the use of NFC in the payment system using cellular phones that can affect customers, number1/reddingvwclub.org
Although social networks and mobile-related technology are widely accepted by society, mobile payment is not among the most widely used mobile services. In order to analyse the level of acceptance of this technology, as well as the factors that determine its use by the consumers, we have introduced a modification of the classical technological acceptance model, including risk as a variable—given its relevance in the field. The empirical results show a particular support for the effects of external influences, of usefulness and, to a lesser extent, of risk.
The Near Field Communication NFC is a set of standards for mobile devices designed to establish radio communication with each other by being touched together or brought within a short distance.
Donald L. The growth of mobile commerce, or the purchase of services or goods using mobile technology, heavily depends on the availability, reliability, and acceptance of mobile wallet systems. Although several researchers have attempted to create models on the acceptance of such mobile payment systems, no single comprehensive framework has yet emerged. Based upon a broad literature review of mobile technology adoption, a comprehensive model integrating eleven key consumer-related variables affecting the adoption of mobile payment systems is proposed. This model, based on established theoretical underpinnings originally established in the technology acceptance literature, extends existing frameworks by including attractiveness of alternatives and by proposing relationships between the key constructs.
What explains the huge gap between adoption of these mobile payment services in the two countries? Based on our their experience in the financial services industry and work with platform companies, the authors identified two key strategic drivers for successful platform adoption: 1 Create value for all parties, not just the consumer, and 2 Monetize the ecosystem , not just the product. Even before Covid, mobile payment platforms were experiencing a boom in the U. Apple Pay U. Though both platforms are growing, Alipay is outperforming its U. Given the size difference between the two countries, the difference between the number of Alipay users in China and Apple Pay users in the U. What are some of the factors driving this stark contrast?
How to adapt to the evolving Near Field Communication payments landscape 1 M-Pesa is a mobile money transfer scheme launched by mobile network operator Safaricom e-commerce firms are expected to have a positive impact on the number of global need to analyze the risks and benefits associated with each.
Your email address will not be published. Required fields are marked *