Blog Home > Dynamic Analysis > Tap and Pay – Weaknesses of NFC

Tap and Pay – Weaknesses of NFC


Tap and Pay Weaknesses

In today’s society, technology is everywhere. If you thought there couldn’t be any more technology that you need to deal with, you would be wrong. In fact, there will probably never be a time when there is not some new innovation that you have to think about in the future. The question that you should always consider, however, is this: should we be using that technology and is it safe and secure to use? This brings us to a recent technology that has come out over the past few years – Tap and Pay. Tap and Pay is a technological innovation that allows you to leverage your phone in order to pay for goods and services as opposed to a debit or credit card. The question we now face is whether or not this new technology is safe to use. After all, we are transmitting our financial information through the air and there is a lot that can go wrong when these types of transactions take place.

Tap and Pay Today

I’d be surprised if you haven’t heard of Tap and Pay already; there are some major companies that are starting to place this technology on their phones. Tech giants such as Google and Apple spring to mind. Newer Android phones such as the Samsung Galaxy S6 and the Galaxy Note 4 will have tap and pay though Google Wallet, but basically Google Walletanything with at least Android 4.4 should work fine. In addition, the iPhone 6, iPad Air 2, and iPad mini 3 also have the ability to use tap and pay, but it is called Apple Pay instead of Google Wallet.

Wondering why each company has Tap and Pay under a different title? It’s because Tap and Pay is really an older piece of technology packaged with a shiny new name. The tech in question? Near Field Communications. Also known as NFC, Near Field Communication operates within a specific range, hence the ‘near field’ moniker. It is similar to how a QR code works, except that NFC uses radio waves over a short distance in order to transfer data and/or carry out commands. It still requires an NFC tag like a QR code and you have to scan your phone over the tag in order for it to carry out the correct instruction. It is very simple to use, but it still hasn’t been widely adopted. Although it is a fairly secure system, there are a few different security issues that can render Tap and Pay susceptible to attacks.


Tap and Pay Vulnerabilities

The first and most obvious security risk is theft. If someone steals your phone, there is nothing that you can do to stop that person from using Tap and Pay to spend all of your hard earned cash. The best way to protect against this is simple, yet often overlooked: put a screen lock on your phone. Surprisingly, most people neglect this method of added mobile security, despite how easy of a solution this is. As a matter of fact less than half of consumers use passwords or keypad locks to secure their devices, which presents a serious security risk for those people who want to use Tap and Pay.


Aside from stealing your phone, there are other methods to steal your information if an attacker is so inclined. One method an information thief could use is to place an NFC tag over the tag that you are scanning in order to initiate payment. Given that most individuals tend to trust technology despite its appearance, you might not even know the difference. This tag could send a command to your phone to give away your credit card credentials if a transaction is taking place and you would be none the wiser.


The next two methods are closely related in that they both require the attacker being near your device. The first of these close proximity methods is to try and get close enough to your device to spread some malicious software onto your phone through NFC. Since you most likely aren’t handing your phone directly to strangers to let them install software, the most likely scenario for this attack would be in a crowded area such as bus or a train. All it takes is for the attacker to be within range, and they could use an open NFC channel reserved for your Tap and Pay needs to transfer malware without even touching the device.

The second close proximity method an attacker could make use of is to eavesdrop your phone’s NFC transmission asvintage antenae a transaction takes place. The attacker in question would have to be very close, of course, but they would also have to be very precise. Eavesdropping a specific NFC radio wave would require a special antennae pointed directly at your. This method is very rarely used because getting the antennae to point directly at the precise point of transmission at the correct angle is very difficult, not to mention there is a higher risk of being caught.

As a general rule of thumb: if you are not using it for Tap and Pay or any immediate need – turn NFC off on your device. It will save your battery life and also your financial well-being. One tap and you are all set.


Conclusion – Tap and Pay May be Worth the Effort

So even though Tap and Pay is a convenient and innovative technology, there are some weaknesses you should keep in mind if you decide to use it. It is a fairly secure piece of technology but Tap and Pay still requires some common sense usage on the user’s side of things. Various vulnerabilities in the technology can be waylaid with little effort, while still maintaining the convenience of the Tap and Pay functionality. If you want to be smart about your money, be smart about your security. One little tap could save you from a world of trouble. So if you decide Tap and Pay is right for you just keep in mind that security is never perfect. There is always some form of vulnerability or weakness to be exploited, but smart usage will keep you both safe and secure in your daily usage of simple Tap and Pay.


Mobile Two-Factor Authentication

Please follow and like us:

Leave a Reply

Required fields are marked *.

Main menu