Research highlights security issues with NFC payments
Academics reveal payments can be made from nearly a metre away
A UK study has raised alarm bells around the use of contactless payment cards and other devices fitted with Near Field Communication (NFC) technology.
The research, carried out by a team at Surrey University and published last week, found that contactless payment methods can be used to pay for things even when they are nearly a metre away from a payment terminal.
NFC technology is in use on more recent mobile phones and on contactless debit/credit cards issued by UK banks.
Related Articles on Techworld
“We looked at the distances at which the transmission could be captured, depending on field strengths transmitted and user scenarios,” lead academic researcher, Dr Johann Briffa, told Techworld yesterday. “At this point we believe it’s important to highlight that designers of applications using NFC need to consider privacy because the intended short range of the channel is no defence against a determined eavesdropper.”
The academics from the university's department of computing said they were able to receive a contactless transmission from distances of 45-80cm using inconspicuous objects.
In their experiments, the team said they used portable, inexpensive and easily concealable objects including a pocket-sized cylindrical antenna, a backpack, and a shopping trolley. They added that none of these items would raise suspicion if used in a supermarket queue or in a crowded place.
Eleanor Gendle, managing editor of The Journal of Engineering, in which the study was published, said: “With banks routinely issuing contactless payment cards to customers, there is a need to raise awareness of the potential security threats. It will be interesting to see further research in this area and ascertain the implications for users of contactless technology with regards to theft, fraud and liability.”