Will ditching plastic credit cards for NFC make us less secure?

The development of Near Field Communication (NFC) technology such as Google Wallet in smart phones is revolutionising the way we pay for things. Used in conjunction with an electronic wallet, NFC will to an ever-increasing extent do away with the plastic cards that we’ve all come to love/loathe.

In July 2011, Juniper Research estimated that worldwide mobile spending on remote and POS payments would reach $240 billion in 2011. By 2015, it’s predicted to reach $670 billion.

Hardly surprising, then, that providers are lining up to exploit the new technology. The first on the scene was the Google Wallet Android app, which stores visual versions of the holder’s credit cards for use at checkouts. Users simply enter their PIN then wave their smartphones near, or tap them on, the reader.

Although the RF technology could mean NFC is potentially susceptible to eavesdropping, all commercial systems have added layers of security built in to the hardware, together with ID authenticators, such as a PIN.

Those involved in the NFC roll-out claim that the system is entirely secure, but anyone who cares to remembers incidents such as the Sony Playstation hack will be aware that no system is entirely fool-proof.

With people’s phones effectively becoming their wallet, it’s not surprising that they become more of a target for attackers. The McAfee site described the use of an RFID reader to steal or transmit a victim’s credentials to a fake RFID card. This attack extends the range of ‘tap and pay’ transactions, effectively allowing virtual pockets to be picked.

While the average consumer gets swept up in the all-consuming arms of rapidly developing technology, watchdogs have been trying to ensure that product providers and regulators make mobile payments as least as safe to use as traditional credit and debit card payments.

According to Michelle Jun, staff attorney for the Consumers Union, ‘It is critical that mobile payment systems are covered by strong rules to protect consumers from losing money because of fraud, processor error or a dispute with a retailer.’

Back in 2009, the government announced guidelines to address some of the nascent issues with NFC payments. It stipulated that contactless payment functions, SIM cards and phones must be disabled as soon as possible once a contactless payment mobile phone had been reported lost or stolen.

It also said that any transactions above the maximum contactless payment value must require verification, more so when a certain number of low-value transactions are carried out consecutively.

Since then, regulators and consumer groups have been noticeably quiet. Although mobile payments have yet to take off substantially in North America, it is there that most voices are clamouring for attention to consumer rights.

Perhaps its time the UK joined in the demand for an up-to-date mobile payment regulatory framework.

This is an informational post from consumer credit card comparison site, Choose. The site covers many deals including cash back credit cards.