NFC not so insecure

Howard Berg says m-commerce security in some ways compares well with credit and debit cards

Mobile contactless payments mark a milestone in technology and how it facilitates daily lives and changes long-standing shopping habits, and consumer organisations have made great strides in making this a reality.

Contactless transport projects such as Oyster have already begun to instill trust among consumers. Mobile banking has also been in use for a while now, enabling users to view statements and transfer money via handsets. Near field communication (NFC) is therefore a natural step forward in the evolution of mobile services.

Contactless technology turns the mobile phone into a wallet for a fast and convenient payment method while on the move, potentially removing the need to carry cash.

The recent implementation of mobile contactless payments by Everything Everywhere and Barclays means that UK users can now make small purchases at businesses across the UK, including takeaway outlets such as McDonalds and Pret A Manger.

Britain's mobile operators have also just announced plans to create a joint venture to speed up deployment of mobile payment services.

I expect a wide-scale rollout of such services by banks and operators sooner than many think.

However, despite all the recent hype there is still a certain degree of scepticism. Consumer attitudes vary radically, with many raising concerns about the security – or lack thereof in their opinion – of contactless payments.

If operators and financial organisations want to drive demand for mass adoption, much needs to be done to explain how secure NFC technology actually is. This will encourage users to embrace it.

There are two major security advantages. First, the payment user interface application running on the handset can, at the issuer's discretion, enable the user to request a PIN to be entered before any transaction. Transactions are also capped at £20, and Barclays has just launched an application enabling users to charge their account with an amount of their choice.

Second, if the handset is lost or stolen, the NFC payment issuer can immediately lock or even delete the contactless payment application on the handset remotely via the Trusted Service Manager.

The secret code stored in the bank domain of the SIM authenticates the user for each transaction. No payments can be made without this code, like with credit and debit cards.

While there has been a lot of noise around NFC and the convenience it provides, more needs to be done to explain its security credentials.

The more that players in the NFC food chain help spread the message that the technology is secure, and with a wider choice of NFC-enabled handsets becoming available, the sooner users will embrace the technology.

Howard Berg is a director at Gemalto