Contactless payment via Near Field Communication (NFC) is becoming part of our everyday digital life. Payment data can be transmitted by a debit or credit card as well as a smartphone (or other mobile devices such as smart watches and tablets).

Near Field Communication (NFC) is designed to make payment transactions easier and faster while they are still secure. NFC works with a corresponding debit card (recognisable by the wave symbol) or with NFC-enabled smartphones (or also some smart watches and tablets) with an installed app. To pay, all you do is hold out your smartphone or card close to the checkout terminal. Small amounts even work without the need to enter a PIN.

We look here at whether contactless payment with a card or a mobile device is more secure and exactly how the payment process works.

Areas of application for Near Field Communication (NFC)

Similar to WLAN and Bluetooth, NFC is a radio standard that is frequently use in our digital everyday life. The areas of application are diverse: contactless payment via NFC-enabled end devices is probably the most common field of application. Online ID card functions via the AusweisApp2 ID card or "keyless" access systems for cars or buildings are now also used quite frequently.

In addition, NFC stickers or tokens can be purchased, programmed for corresponding commands and attached to objects. For example, you can place an NFC sticker on your living room table that has the command to include all NFC devices held to this sticker in the guest access of the WLAN network. This avoids you having to give out the password to your guests every time.

Areas of application for Near Field Communication (NFC):

How secure is Near Field Communication (NFC)?

It's fast and convenient, but how secure is contactless payment? Near Field Communication (NFC) makes it possible to transmit small amounts of data over a very short distance. This includes access data, payment data or data packets containing, passwords or other codes, for example. When communicating via NFC, the distance between sender and receiver - in our case a smartphone or bank card and payment terminal - must not exceed ten centimetres.

During the payment process, a token that includes cryptographic encryption is transmitted. This data record is only valid for this one payment transaction. It is a multi-digit code that contains the encrypted version of the buyer's account and payment data. The payment data is visible to the corresponding payment network (e.g. Visa or Mastercard) and to the corresponding bank.

Is there a risk to contactless payment?

Even though payment seems very secure and tapping into sensitive payment data seems almost impossible, it is theoretically possible for attackers to siphon off this data. However, it would require fraudsters to be very close to their victim at the time of the transaction. In addition, if there are several NFC-enabled cards in a wallet they often block each other (e.g. a new ID card or a credit card). So picking up cards "in the passing" is unlikely.