1. Introduction
Near Field Communication (NFC) is a wireless and short-distance communication technology that enables fast and secure data transfer between devices no more than 10 centimeters apart.
We use NFC daily when making contactless payments with our phones or debit and credit cards. In addition to banking, NFC is used in marketing, transport, healthcare, and many other areas.
In this tutorial, we’ll explain the NFC principles in detail, discuss their limitations and security implications, and compare NFC to other wireless technologies such as RFID, Wi-Fi, and Bluetooth.
2. What Is NFC, and What Do We Use It For?
NFC is a technology for secure short-distance communication. We use it in mobile and contactless card payments, transportation electronic tickets, digital IDs, passports, and similar use cases. For example, we just touch an NFC-enabled terminal with our card to complete the payment. From time to time, the payment terminal will ask for our PIN for security reasons, and that’s it.
Other technologies had drawbacks that made them unsuitable for these tasks. Radio Frequency Identification (RFID) doesn’t provide two-way communication between parties. Bluetooth and Wi-Fi aren’t secure enough, mainly due to their ability to work at long distances.
Bluetooth requires pairing the devices to transfer data, and the Bluetooth versions are not always compatible. Wi-Fi needs a lot of advanced configuration and middleware to handle cases similar to those of NFC.
However, Wi-Fi’s characteristics make it impossible to handle, for example, contactless card payments due to high power consumption and greater vulnerability to attacks from a distance. In contrast, NFC is energy-efficient, easy to use, and requires almost no configuration on the user side.
3. Technical Specification
NFC relies on a process called magnetic induction. It works thanks to two antenna coils connected by an alternating magnetic field to carry information. Two parties equipped with NFC modules can connect in less than a second.
Connecting the NFC module produces an electromagnetic field that affects antenna coils in both devices:
NFC uses a frequency of 13.56 MHz and usually requires the parties to be at most 10 cm apart. Thus, the short distance ensures security but is also a limitation.
The transfer speed is not stunning, and it’s about 424 kbit/s. However, NFC can work without internet access and consumes less battery power. There are two power modes in which it can work:
- Active – where both parties require their power supply
- Passive – where only one device has a power supply while the second one can start working when it gets in the electromagnetic field
3.1. Protocols
The crucial element of NFC technology is a set of protocols that define how devices can connect and what data they can exchange. NFC uses known and reliable protocols such as ISO/IEC 14443 and FeliCa, also used in geometric passports and contactless debit cards.
These standards provide compatibility of NFC technology between different devices. Further, they ensure secure data transfer of confidential information such as payment or identity data.
The protocols standardize techniques that allow quick and intuitive connection and data transfer. Moreover, NFC employs several encryption methods to ensure the security of data transmission.
NFC often uses security mechanisms such as symmetric key cryptography, hash-based message authentication code (HMAC), and public key infrastructure (PKI).
4. Security
NFC security mechanisms are fundamental components of the technology, allowing it to be used in sensitive areas such as payments, identity identification, and access control.
First, NFC uses a strong encryption mechanism that encrypts and protects data transferred between parties. This protection on the transmission layer prevents data leaks and the ability of attackers or unauthorized parties to read transported information. For instance, we can use symmetric cryptography:
Further, applications that use NFC implement security mechanisms on the application level. One of the most popular techniques is tokenization. The tokenization process maps confidential data into a token that has no meaning outside of the specific transaction. So, no one can decrypt or obtain data using a leaked token.
NFC-based applications employ additional forms of verification called two-step authentication. In addition to entering credentials, two-factor authentication requires data such as a PIN, passkey, pattern, or biometric data. Subsequently, it’s another protection barrier for preventing leaks and attacks.
4.1. Weaknesses
First, the security of NFC significantly depends on the quality of the software implementation. Attackers can use backdoors to disturb the transfer. Therefore, adding cyber security layers to the software is crucial. NFC is safe only when we properly implement and configure it.
Further, relay attacks pose a danger to NFC transfers. Relay attacks strengthen the NFC signal, so attackers can intercept the transaction from a long distance despite the NFC requiring the parties to be close during a transfer.
Finally, if a physical device is stolen and not adequately secured, unauthorized people can try to read transferred data. This poses a risk if the lock screen isn’t active or the owner stores the data in unprotected directories.
5. NFC Pros and Cons
First, NFC transfers are intuitive and simple in terms of user experience. To initiate a money transaction using NFC, a user just needs to put their phone close to the payment terminal.
Next, NFC is a very secure two-way communication method. It uses strong encryption and can cooperate with additional security mechanisms, such as two-factor authentication. The short-distance limit also provides a security advantage. Therefore, NFC is suitable for processing confidential data, such as payments or identity credentials.
Additionally, NFC is very energy-saving. As a result, it’s a perfect fit for passive parties that don’t have their power supply, such as debit cards, tags, or small sensors.
Further, the user doesn’t need to configure or pair anything. Thus, we can say NFC is pretty automatic for the users.
On the other hand, there are some cons regarding NFC. One of them is the short distance of communication. NFC transfer is efficient when the parties are close or touching, so we can’t use it at other distances. However, it’s an advantage in terms of security.
Further, metal surfaces and other technologies operating on the same 13.56 MHz frequency can disturb NFC transfers, leading to data loss and failed transactions.
Additionally, NFC transfers are pretty slow, especially compared with Bluetooth or Wi-Fi. Therefore, NFC is primarily suitable for exchanging small-size data.
5.1. Summary
Let’s summarize the pros and cons:
Pros
Cons
Intuitive and simple user experience
Short communication distance
Secure with strong encryption and two-factor authentication
Susceptible to interference from metal surfaces and other technologies on the same 13.56 MHz frequency
Short-distance limit enhances security
Slow transfer speed around 424 kbit/s
Automatic with no need for configuration or pairing
Mostly suitable for exchanging small-size data
The key advantage of NFC technology is its high level of security. Thanks to short-range communication and strong cryptographic algorithms, data transfer is protected from interceptions and leaks.
NFC has slower data transfer speeds than wireless communication technologies like Bluetooth or Wi-Fi. This is one of NFC’s most significant limitations, making it less suitable for transferring large files or data-intensive applications.
6. Comparison
We’ll compare NFC to three leading technologies for data transfers: RFID, Bluetooth, and Wi-Fi.
6.1. NFC vs. RFID
RFID (radio frequency identification) is a wireless transfer technology that uses antennas and radio waves to transmit data. However, it’s significantly different from NFC, so people use it for different purposes.
First, RFID can work at substantially longer distances than NFC, from several centimeters up to a few hundred meters, depending on the type and version.
In contrast, NFC works best when we place parties up to a few centimeters apart, and the specification limits it to no more than 20 cm in the best cases.
Secondly, we use RFID primarily for one-way communication. Here, a tag passively receives and answers the signals an active device sends. In contrast, NFC is suitable for two-way and interactive communication.
Moreover, RFID is less secure than NFC. RFID comes in different types and versions; some are vulnerable to scanning and cloning tags. On the other hand, NFC technology is secure and reliable. When developers release a new version of NFC, they usually use the same security mechanism or update it to the newest and safest ones.
NFC is more specialized, interactive, and secure than RFID. Users and developers usually consider NFC technology’s short-distance communication limit a security advantage. Therefore, they mostly use RFID in scenarios that require longer distances.
6.2. NFC vs. Bluetooth
As we already know, NFC works at very short distances. On the other hand, Bluetooth can work up to 100 meters.
Both Bluetooth and NFC provide advanced security mechanisms. Bluetooth uses the Advanced encryption standard (AES) and secure simple pairing (SSP) to protect the pairing process. However, due to long-distance transfers and the requirement of pairing, Bluetooth is vulnerable to various attacks and data leaks.
Further, Bluetooth is much faster than NFC. Depending on the version, Bluetooth can reach 50 Mbit/s. Therefore, users can send large-size data and even stream audio.
Bluetooth’s use cases are broad. It allows the connection of audio and I/O devices, IoT integration, audio streaming, and the exchange of large amounts of data.
6.3. NFC vs. Wi-Fi
Finally, let’s compare NFC to Wi-Fi. As we know, Wi-Fi is the most common technology for providing wireless Internet access. Similarly to Bluetooth and RFID, Wi-Fi can work on much longer distances than NFC. The range of the 2.4 GHz variant is about 20 meters, and the 5 GHz standard is within 50 to 70 meters.
Wi-Fi is highly configurable, and many devices, such as retransmitters or signal resonators, can extend the distance. Therefore, Wi-Fi can provide Internet access within entire facilities.
Further, Wi-Fi is the fastest of all the technologies we consider in this article. Wi-Fi 5 can transfer data at 600 Mbps, and the latest Wi-Fi 6 can reach an impressive 9.6 Gbps. So, Wi-Fi is the most preferred technology for transferring large files, streaming audio and video, and providing Internet access in buildings.
However, Wi-Fi is not preferred for contactless payments due to several limitations. Its longer communication range significantly increases the risk of man-in-the-middle attacks and weaker transaction security.
Additionally, Wi-Fi’s higher power consumption is not ideal for devices with little power supply commonly used in contactless payments. Moreover, the complex Wi-Fi connection setup required for network selection and authentication hinders quick and seamless payments.
These factors make Wi-Fi less suitable for the fast, secure exchanges necessary in payment systems.
6.4. Tabular View
Let’s summarize the comparison:
Feature
NFC
RFID
Bluetooth
Wi-Fi
Range
Short, mostly up to a few centimeters
Long, can work within hundreds of meters
Up to 100 meters
Up to 60 meters but can be extended with dedicated devices
Security
Very secure when adequately used and configured. Can work with confidential data
Less secure and vulnerable to scanning and cloning.
Vulnerable to attacks due to long-distance transfers and device pairing
Strong security with WPA2 and WPA3.
Transfer speed
Slow, around 424 kbit/s
Slow, depending on the version, up to 800 kbit/s
Fast, can reach 50 Mbit/s
Extremely fast, the latest version can reach 9.6 Gbps
Use cases
Payments, identity verification, access control, smart home integration
Asset tracking, event management, transportation, logistics, supply chain management, aerospace
Device pairing, IoT integration, audio streaming, big data transfers
Wireless Internet access, large data transfers, audio & video streaming
We can see that compared technologies differ more or less in various areas. These differences make them useful for varied scenarios and use cases. Thus, we can say none of these technologies is superior to others in every aspect. However, NFC is most suitable for secure short-distance data transfers.
7. Conclusion
In this article, we discussed NFC, a modern, intuitive, simple-to-use, and secure technology for short-distance communication. Although state-of-the-art for its use cases, it’s slow and doesn’t work at longer distances.
Despite its limitations, NFC remains a key solution for users and companies to transfer sensitive data, such as financial transactions and verifying credentials.