How secure is NFC?


I have NFC capabilities in my phone, but I’ve never had a use for it so it’s always turned off. However, there are some efforts to use NFC in smartphone for payments, and it’s rumoured that mobile payments may be a big feature in iPhone 6. Having my phone make payments just by being near something makes me a little nervous. How secure is NFC? Couldn’t someone else in a checkout line have a device that could potentially steal my information?

Topic: Security
Answer this Question


2 total
Vote Up (2)

By virtue of how close someone would need to be to use NFC, it is pretty secure. The range is no more than an inch or two, so someone would have to pretty much be in physical contact with you. Also, if you don’t keep it turned on when you are not using it, that would negate any concern I can think of. Still, I guess if is is on, there is some small chance of being compromised. Also, aside from NFC specific issues, there would be the same concern as using QR code, in that you could be directed to a malicious website. 


Here is an article that goes further into detail about NFC and related security concerns, as well as some ways to mitigate risks. 

Vote Up (1)

How secure is NFC tech?

"Many experts say NFC really is fundamentally secure by virtue of its extremely short range. In order to snag your NFC signal, a hacker would need to be very close to you. Uncomfortably close. In other words, you'd know they were there. And unless it was a very intimate friend of yours, you'd likely not be happy about it.

There's more to the physical aspects of NFC that make it troublesome for even determined hackers."

Ask a question

Join Now or Sign In to ask a question.
Hackers purportedly representing Anonymous hit Boston Children's Hospital with phishing and DDoS attacks this spring. The hospital fought back with vigilance, internal transparency and some old-fashioned sneakernet. That – and a little bit of luck – kept patient data safe.
A Citadel variant has been used against several Middle Eastern petrochemical companies, marking the first time the financial malware has been found in targeted attacks against companies.
Hackers evaded security systems for a year-and-a-half at a hosting center that processed payment cards for Goodwill Industries, using the same type of malware that struck Target and other major retailers to steal card data, according to the charity's software vendor.
The U.S. Congress is unlikely to pass legislation to end the National Security Agency's widespread collection of U.S. telephone records before leaving Washington, D.C., on a two-month break.
Customers cringe every time they hear about a bank, retail or healthcare hack that puts personal or financial data at risk. Today's hackers are after much more that credit card numbers, though -- and most firms are powerless to stop them.
While the capability to remotely wipe data from lost or stolen mobile phones may help CIOs sleep at night, it may be an outdated approach to BYOD security.
Cisco is bringing technology obtained through last year's acquisition of Sourcefire to its firewalls to enable threat-focused security for enterprises.
Wyvern securely rolls five programming languages into one.
A U.S. appeals court has thrown out a US$368.2 million award against Apple in a patent infringement case brought by patent-holding and software company VirnetX.
The default browser in Android versions older than 4.4 has a vulnerability that allows malicious websites to bypass a critical security mechanism and take control of a user's authenticated sessions on other sites.
Join us: