NFC Release 15 Extends Tap-to-Pay Range From 0.5cm To 2cm (nfc-forum.org) 29
The NFC Forum has released NFC Release 15 (that's what it's calling it), extending the operating range of Near Field Communication connections from 0.5 centimeters to 2 centimeters -- a fourfold increase that reduces the precision required for device alignment.
The global standards body, whose board includes representatives from Apple, Google, Huawei, Infineon, NXP, Sony, and ST Microelectronics, designed the enhancement to accelerate transaction speeds and improve reliability across NFC-enabled devices. The expanded range addresses technical challenges in smaller form-factor devices like wearables and smartphones while maintaining compatibility with existing ISO/IEC 14443 standards.
The standard also incorporates support for NFC Digital Product Passport specifications, allowing single NFC tags embedded in products to store and transmit sustainability data throughout their lifecycle.
The global standards body, whose board includes representatives from Apple, Google, Huawei, Infineon, NXP, Sony, and ST Microelectronics, designed the enhancement to accelerate transaction speeds and improve reliability across NFC-enabled devices. The expanded range addresses technical challenges in smaller form-factor devices like wearables and smartphones while maintaining compatibility with existing ISO/IEC 14443 standards.
The standard also incorporates support for NFC Digital Product Passport specifications, allowing single NFC tags embedded in products to store and transmit sustainability data throughout their lifecycle.
Dangerous? (Score:5, Insightful)
The right equipment already can extend that range further... in some cases up to 30cm with a high Q antenna. This is what malicious actors use to get people's cards in sketchy airports and markets the world over. I'm not sure the extra range from .5 to 2cm in nominal use is worth giving thieves more range to work with.
How about vendors who are having problems just start using better equipment. I use square in my little restaurant and have never had an issue with it. This seems to be solving a non-problem at the expense of introducing more.
Re: (Score:2)
Yup. I can see the use case being smart phone NFC and a thick phone case.
Re: (Score:1)
If your phone case is over .5 cm thick, I don't think the range of NFC is your problem.
Re:Dangerous? (Score:4, Funny)
If your phone case is over .5 cm thick, I don't think the range of NFC is your problem.
I like to ensure my phone is well protected. My phone case [specialtycases.com] even has wheels... :-)
Re: (Score:2)
Re: Dangerous? (Score:2)
Even currently available smartphones have a tap to pay range of multiple centimeters. Stop buying thre cheapest crappiest phones available and you'll be fine. I would prefer to be able to limit the range to "full contact" or have an "initiate payment" button.
Re: (Score:2)
The right equipment already can extend that range further... in some cases up to 30cm with a high Q antenna. This is what malicious actors use to get people's cards in sketchy airports and markets the world over. I'm not sure the extra range from .5 to 2cm in nominal use is worth giving thieves more range to work with.
How about vendors who are having problems just start using better equipment. I use square in my little restaurant and have never had an issue with it. This seems to be solving a non-problem at the expense of introducing more.
Because your card is a transceiver, it's transmitting power is based on the power of the signal it receives so if a malicious actor wanted to extend the range beyond 0.2 cm range all they needed was a higher powered signal and antenna.
The whole "it only works on contact" has always been a security myth. Your card will hapily give out all the info (which includes your name, card number and expiry date, so everything they need to make online transactions) in encryption so weak it may as well be clear text.
Bullshit (Score:1)
Re: Bullshit (Score:4, Informative)
Q: Are there NFC devices in the marketplace today that operate at 2 cm? And if yes, why is NFC Release 15 needed now?
A: Yes, some devices can already operate at ranges of 2cm or more. However, the role of the NFC Forum role is to define a consistent, reliable industry baseline that applies across the full range of NFC-enabled devices and use cases â" including small-form-factor products like wearables and smartphones.
tl;dr: Not every manufacturer does the bare minimum.
Re: (Score:2)
It is probably the specification minimum that is referenced in TFS and is extended by the new spec.
Re: (Score:2)
Works fine here at least 1cm away on a 2yr old phone..
Congrats on not understanding what is being discussed. The question wasn't distance, the question was one of alignment. And yes you can see it daily on phones from every manufacturer where people wiggle it around looking for the actual sweet spot for a payment to work.
Re: (Score:2)
The question wasn't distance, the question was one of alignment. And yes you can see it daily on phones from every manufacturer where people wiggle it around looking for the actual sweet spot for a payment to work.
Ouch. Yes. I see this every day. Although most of the time the phones or watches work really well. It is the people with an actual card that try over and over to find the spot -all the while moving their card way too fast for the reader.
Re: (Score:2)
Putting the card into the reader solves this issue. The slot is there for a reason.
Re: (Score:3)
The slot's contacts get contaminated with dirt and debris on peoples cards. (Looking at you Wal-mart, who don't support tap-to-pay on their CC terminals) Need to get rid of the contacts, and do close-in NFC in the slot instead. That way, the action has to be willful.
Re:Bullshit (Score:4, Informative)
Yeah I would love to see an NFC standard that didnt extend the range, but instead specified where in the (*^^*&^#@ the reader was on the POS system, or at least a lit up nfc logo where you want me to tap.... Every POS I go up to has it somewhere else, and finding it is a pain
Re: (Score:2)
Sustainability, ftw?? (Score:2)
You've got to be shitting me! Their solution to sustainability is to embed an electronic chip into every single thing?! Man, this planet is truly fucked!
Re: (Score:2)
Uh, chill out. It's not harmful. What is your concern? It's a tiny amount of silicon and some metal. Less resource consumed than making a few beads of glass. Or have you lost your marbles?
Re: (Score:2)
Less resource consumed than making a few beads of glass.
But not less than no tag at all for a dubious purpose.
Would that not make it easier ... (Score:3)
for someone to extract a payment that I did not intend from my 'phone ? This seems to me to be a security risk, a gift to crooks.
Re: (Score:3)
Your phone doesn't look for authorization from you before just giving your money away via an NFC transaction?
Or do you just blindly (and boldly) approve every box that comes up asking for authentication regardless of if you took an action that would require authentication?
Re:Would that not make it easier ... (Score:4, Interesting)
Your phone doesn't look for authorization from you before just giving your money away via an NFC transaction?
Or do you just blindly (and boldly) approve every box that comes up asking for authentication regardless of if you took an action that would require authentication?
The whole idea of NFC is "convenience" which is usually inverse to security.
Many cities allow NFC for public transport, for example. If you have to authorise every single tap-on and tap-off when using your phone to pay for the subway or bus. this is *not* convenient and I would expect that ~99% of people who use their phones for this job have the authorisation turned off.
Note that I am not suggesting that using your phone to pay for stuff like this is a good idea, just stating what I have seen other people do. I use the dedicated public transport pass, and add credit with cash to the pass when required. If I visit a new city, I get a new pass for that city's public transport. This way, if my pass gets stolen or hacked, the most I can lose is whatever cash was loaded onto the card, usually in the order of $20. No login details, no personal info. Bank and ATM cards stay in my wallet until they are needed at an ATM or to pay for good/services that allow me to insert the card.
When articles like this come up, I used to post a link to a live demo that was done at defcon(?) over a decade ago, when the presenter took a volunteer from the audience and removed some money from their NFC card by basically brushing against their pants. I'll see if I can still find this online, I don't think NFC has got any more secure since then, and the proliferation of people paying by phone has only increased the number of targets.
IIRC there's a limit to how much money can be taken from a debit/credit card (or its equivalent on a phone) before active authorisation by the card holder is required, usually somewhere between $20 - $100. I don't think this really improves security though. What worries me is NFC harvesting en masse in busy areas. Imagine a busy shopping mall, subway station etc, with a concealed NFC antenna in a briefcase, that grabs money from every card that walks past. How much money could that harvest in a day? Even if the limit on each card is "only" $20, if a thief harvests the money from 1000 passers by, that's twenty grand in a day. Easily enough to pay for the hardware, laundering the money, and a tidy profit on top. Then go to a new crowded area and do it again the next day. It's technically feasible and I have found zero published stats on how often this happens - they don't want the public to know how easy it is to make unauthorised charges to their cards.
Re: (Score:2)
Your phone doesn't look for authorization from you before just giving your money away via an NFC transaction?
Or do you just blindly (and boldly) approve every box that comes up asking for authentication regardless of if you took an action that would require authentication?
Erm... this is not just phones. Every bank card now has NFC and will give out your card number, name and expiry date to anything that asks for it. Of course this has never been limited to 0.2 cm like a point of sale terminal and criminals know it.
Re: (Score:2)
Actually not if it's unlocked.
My gas station rewards are a barcode I scan with the app. When they added NFC at the pumps...every attempt to scan the barcode resulted in Wallet seeing the NFC and activating the default payment.
It was literally such a horrible design and so annoying that I entirely ditched NFC payments.
Re: (Score:2)
> This seems to me to be a security risk..
Aren't you usually required to have your phone unlocked for most of these NFC things to work? My phone is always locked, unless I am using it. And when I make a transaction, my phone immediately tells me and makes sounds as well. I am trying to thing of ways the .5 -> 2cm change can be abused and I am coming up empty.
If you have a particular case in mind that would actually work, please share.
Re: (Score:2)
Re: Would that not make it easier ... (Score:2)
I would assume the risk is someone taking a payment from your physical credit card through your pocket/wallet. But I donâ(TM)t know if the new standard changes the cards or just the minimum distance the reader must be able to reach. If the latter, then there really wouldn't be any effect on security.
Re: (Score:2)
Doesn't your phone need to be unlocked to make a payment? Mine requires biometric authentication.
Recently an update introduced an option to not unlock for public transit. I haven't looked into it, presumably there is some security mechanism in there, but I didn't enable it anyway.
more (Score:2)
Why not extend it to 20 meters? Everyone needs to pay their fair share.