Major credit card and payment companies have been moving steadily toward the introduction of near field communication technology via smartphones and smartcards. The companies have presented NFC as the next move forward in customer convenience — the simple wave of a device or payment card at the POS as opposed to the current magnetic stripe swipe. Some proponents of NFC go so far as to promote it as an increased security factor. But is NFC really the right move for financial institution brands?
Cash convenience concerns
The main argument for NFC is customer convenience. By eliminating the need to physically swipe a card through a reader, NFC makes it faster for the consumer to access cash — if only by a few seconds.
However, some consumers worry about NFC being too convenient. Many have expressed this concern in the past about credit and debit cards themselves. Most customers won’t even have to remove their card or smartphone from their purse or wallet to complete a transaction; still, the technology has a max field range of only about five centimeters.
Safe and secure?
Card security is also a factor when it comes to the introduction of NFC to financial institutions. NFC eliminates the threat of card skimming and card trapping devices at the ATM and POS by removing direct contact from the equation. But more tech-savvy thieves may be able to “lift” information directly from NFC-enabled cards and devices with short range scanning devices similar to those installed at the ATM and POS terminal.
A recent study by ViaForensics, a mobile phone security company, showed that pulling card information from many NFC cards is ridiculously simple. Thomas Cannon, an information security specialist at ViaForensicstold a reporter for Britain's Channel 4 News, "All I did was I tap my phone over your wallet and using the wireless reader on the phone I was able to lift out the details from your card, that includes the long card number, the expiry date and your name. None of it was encrypted; it was simply a case of the details coming out through the air."
It is unclear how many cards allow such easy retrieval of non-encrypted information, but the implications are troubling. To control the threat, many NFC card issuers limit the dollar amount of NFC transactions and require PIN verification after a certain number of successive uses. Also, NFC cards fall under protection programs, meaning that the consumer is not liable for fraudulent charges.
To NFC or Not to NFC…
As with every payment technology, NFC presents risks and benefits for financial institutions and their customers and members. With appropriate safeguards, NFC can provide greater cardholder convenience. But an FI might be well advised to offer the customer a choice between contact and contactless cards in order to maintain customer satisfaction — and brand reputation.