July 15, 2009
-
Electronic Identity Systems, Pt.4
Near Field Communications.Near Field Communications (NFC) is on the cutting edge technology. The NFC is a high frequency chip that enables two communication devises to exchange data within four inches. Therefore, if embedded into one communication device, we’ll say a wireless cell phone, and placed within four inches of a credit card reader, it would eliminate the need for a consumer to swipe his card. When embedded in a cell phone, the device would act like a debit or credit card. An NFC chip can be used in several applications including transportation ticketing, blue tooth operations, electronic ticketing, and even car keys. Visa and MasterCard are both experimenting with new devices utilizing the NFC technology. Nokia has a cell phone on the market with the NFC chip already embedded for easy downloading of credit card information.
Although tests are going well for these products and consumers love the convenience of the speed of the system, the NFC has some scary credit card security issues. The short range communication between the credit card reader and communication device (cell phone) would lead you to believe there isn’t much room for an attack. However, a number of security issues exist including eavesdropping, data modification, and relay attack. Eavesdropping is a potential hazard because the signal for the data transfer from the cell phone can be picked up with an antenna. The actual distance from the point that the hacker would be able to intercept the signal depends on a number of variables posing numerous challenges lenders, merchants, and providers.
Data modification is another concern. Although data destruction is not difficult to accomplish, modification of the credit card data during transmission is difficult with the short range signals. Therefore, it is virtually impossible to accomplish, but never the less, a threat. Lastly, a relay attack has the potential of intercepting the signal and forwarding it to another place. Relay attacks are very easy to accomplish; however, the threat can be greatly reduced when the systems designers place very rigid and limited time constraints on the transaction process.