Contactless payment cards: Research highlights security concerns

November 1, 2013

(Phys.org) —Warnings about the use of contactless payment cards and Near Field Communication (NFC) capable devices are raised in a study led by a team of researchers at the University of Surrey.

The team from the University's Computing Department successfully received a contactless transmission from distances of 45-80cm using inconspicuous equipment, highlighting security concerns to personal data.

NFC technology is in use on more recent mobile phones and on contactless debit/credit cards issued by UK banks.

The team used portable, inexpensive and easily concealable equipment including a pocket-sized cylindrical antenna, a backpack, and a shopping trolley, none of which would raise suspicion if used in a supermarket queue or in a crowded place.

Using this equipment, the team showed how reliably eavesdropping could be carried out at various distances, with good reception possible even at 45cm when the minimum magnetic field strength required by the standard is in use.

The implications for consumers are significant. Dr Johann Briffa, Computing Lecturer, comments: "The results we found have an impact on how much we can rely on physical proximity as a 'security feature' of NFC devices.

"Designers of applications using NFC need to consider privacy because the intended short range of the channel is no defence against a determined eavesdropper."

Eleanor Gendle, IET Managing Editor at The Journal of Engineering, said: "With banks routinely issuing contactless to customers, there is a need to raise awareness of the potential security threats. It will be interesting to see further research in this area and ascertain the implications for users of contactless technology with regards to theft, fraud and liability."

According to Paul Krause, Professor of Software Engineering at the University of Surrey, "Open access is vitally important in order to ensure that the results of publicly funded research are made available to all. It is particularly important for the stimulation of innovation in engineering where new enterprises may not have the financial resources to pay for a range of journal subscriptions. The IET has taken a very significant initiative in establishing a high quality journal that covers all aspects of engineering in one resource."

Explore further: NEC launches portable terminal for electronic money payment

Related Stories

NEC launches portable terminal for electronic money payment

March 7, 2011

NEC Corporation announced today the launch of a new portable terminal for electronic money payment, the "Multi-Service Terminal / Portable," which enables retailers to conveniently expand the availability of electronic money ...

NXP propels NFC technology into 4G age

February 28, 2012

Today at Mobile World Congress NXP Semiconductors announced its newest flagship NFC solution, the PN547. Following on from the overwhelming success of the PN544, by far the industry’s most widely adopted Mobile Transactions ...

Security card with a one-time password and LED display

March 6, 2013

Infineon Technologies AG and Bundesdruckerei GmbH have developed a new security smart card with an LED display and a one-time password. This new technology is centred around a security chip in the card which generates a one-time ...

Recommended for you

Power grid forecasting tool reduces costly errors

July 30, 2015

Accurately forecasting future electricity needs is tricky, with sudden weather changes and other variables impacting projections minute by minute. Errors can have grave repercussions, from blackouts to high market costs. ...

Microsoft describes hard-to-mimic authentication gesture

August 1, 2015

Photos. Messages. Bank account codes. And so much more—sit on a person's mobile device, and the question is, how to secure them without having to depend on lengthy password codes of letters and numbers. Vendors promoting ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.