How secure are NFC terminals?
As major credit card breaches continue to take place, credit card companies, payment processing providers, and merchants alike have made customer data security a top priority. In fact, Security Magazine cited research from Barclays that revealed 47 percent of the world's credit card fraud happens in the U.S., despite the fact that Americans only account for 24 percent of total credit card volume worldwide.
With the threat of card data breaches and fraud continuing, the card brands are encouraging U.S. merchants to adopt EMV chip card technology, the latest standard for payment processing security. A bonus to using EMV technology is that it allows for mobile payments. Chip card processing and mobile payments both use NFC-enabled credit card terminals.
NFC (Near Field Communication) is a payment technology that enables smartphones and other devices to communicate with each other when they are close together, allowing merchants to accept contactless payments. Both mobile payments and contactless EMV payments can be made with an NFC terminal by waving the payment card or mobile device in front of the terminal. NFC has emerged as a new technology that can make transactions more secure.
A route to heightened security
Both consumers and merchants are warming up to NFC technology, thanks to its ability to reduce fraud. NFC terminals and payment chips allow users to avoid many of the most common credit card theft tactics, according to Business2Community. Two common strategies thieves use to access customers' credit card data are:
- Compromising the terminal itself.
- Breaking into the merchant's servers to access valuable customer information.
An NFC terminal that accepts contactless payments can help customers avoid both of these scenarios because it removes the need to swipe a card at all. Additionally, more advanced NFC technology has allowed devices and cards to generate a unique card number for each transaction, Business2Community pointed out.
Risks are still present
As different forms of security technology continue to evolve, there will most certainly be shortfalls and associated risks. While the benefits of investing in an NFC terminal are countless, there are still potential security risks worth considering. The INFOSEC Institute outlined a handful of areas of concern associated with NFC technology that merchants should keep in mind including:
- Hackers could use malicious codes on the device used by the payer.
- A remote thief could obtain access to the signal during a contactless transaction using a spoofing method through a radio receiver.
- An attacker could tap on someone's device and collect information by using a receiving NFC device.
Additionally, merchants must consider the vulnerable nature of technology that relies on a wireless signal to accept payments. There is always the potential that hackers could access sensitive merchant information stored in the NFC terminal by way of an insecure wireless connection.
EMV: A potential solution
With the October 1, 2015 fraud chargeback liability shift, merchants not using EMV technology to process chip cards may be liable for certain fraud-related chargebacks that could have been prevented by EMV. Merchants that adopt EMV-enabled devices get two for the price of one- the ability to perform EMV transactions, as well as securely accept mobile/contactless payments. As INFOSEC Institute pointed out, by implementing EMV chip technology, both contactless and traditional transactions can occur in a more secure infrastructure that reduces fraud.