Introduction
The primary protective mechanism underlying the physical component of NFC technology is the working area of the devices. It is assumed that due to the remote operating location of the technology, it is impossible to perform unauthorized actions about contactless data transmission. However, this is not the case: a small radius of interaction between devices is not a reliable protection against unauthorized acts of an intruder. This is due to the possibility of automatic communication of NFC contrivances in the absence of confirmation of connection to them. The purpose of the study is to evaluate the effectiveness of security approaches to protect NFC services. Thus, the advantages and disadvantages of each of the most commonly used methods will be identified.
In the course of the study, researchers plan to answer the following questions: what standard security mechanisms are aimed at preventing threats related to data reading? How it is possible to read the data over NFC technologies at a distance of up to 80 cm? Why it is possible to decode information from contactless cards, using an available NFC reader and various software?
This device was chosen because it can gradually read data from contactless cards in public transport, shopping centers, airports, and other crowded places. Also, with the help of such a technology, it is possible to steal the transmitted data in transactions. The study is of high importance, as the use of NFC payments is becoming increasingly popular. Consequently, the number of threats to obtain information during NFC transactions is also growing. The study is limited to many areas in which the technology is regularly improved to protect users during the use of transactions. Among the delimitations of the study, only the main methods of fraud and protection that are most common can be singled out.
In the study, the most commonly used concept is NFC, which stands for Near Field Communication (Anusha et al., 2018). This is a modern technology of wireless high-frequency communication of a small radius which allows contactless data exchange between devices. The study begins with the theoretical part, where the types of NFC technologies and their potential vulnerabilities are described in detail. Then the practical part is presented, where the proof or refutation of hypotheses from the first part is carried out; it is followed by a summing up.
Review of Literature
There are six major parts in the text, of which only the Introduction has subheadings (they are Background, Research Problem, and Proposed Solution). This is the theoretical part, so for convenience, it is divided into three sub-paragraphs that inform about the goals and methods of research. First, a relatively broad topic of NFC technologies, the principles of their operation is considered. Next, the authors focus on a more specific part of the topic – the vulnerable parts of the contactless data transfer process. Compared with other studies, this one is quite complete; the data is more successfully structured in it. This research covers the gap of other scientific sources presenting implementation scheme of strengthing the security of NFCs. A common feature of the studies of NFC processes can be also found in this study: it has a similar list of threats and ways to solve them.
Methodology
Both qualitative and quantitative methods were used in the research; their combination became a valuable tool for understanding the effectiveness of existing security systems for devices using NFC. First, a description of the information obtained was carried out, and hypotheses were made. Then experimental studies were conducted, and their results were processed; after that, the similarities and differences between the ideas and the actual results were compared.
The sampling included debit or credit plastic cards from popular banks. All of them had an innovative built-in technology for paying for purchases without inserting a card into the receiver and entering a PIN code (Anusha et al., 2018). The instruments can be considered valid since, during the experiment, the data reading techniques that are most often recorded in scientific reports were tested.
The instruments can also be regarded as reliable since it was possible to decode data about payment information as a result of using readers. During the experiment data was gathered during conducted laboratory tests. The influence of fraudulent programs on cards with NFC technologies was studied while controlling extraneous factors. During the frequency analysis of the data, the minimum and maximum safety thresholds were determined. Correlations between the various security software and the degree of impact on encrypted information were also established.
Analysis of the Data/Findings
Descriptive data included the amount of information read during decoding transactions on a contactless card. In addition, the amount of data received when using malicious software (for example, the Android Trojan virus) was recorded. Inferential statistics are such that most often, NFC-users create an unsafe situation on their own by downloading applications containing a virus. The second most dangerous case of the amount of data being read is through a fraudulent mobile POS terminal. It creates a fake purchase and forces the victim’s card to pay for it. Qualitative patterns allowed to establish that relay attacks, despite their prevalence, are not the most malicious. The most significant amount of data is read using electronic warfare or RFID jammers. When using them, the initiator’s work is disrupted, making it impossible to make a payment. In total, fifteen ways of decrypting data from cards using NFC technologies were investigated. It has been proved that it is possible to decode the card number and expiration date using any of them. The data obtained can then be used to make purchases in online stores.
Summary, Conclusions and Recommendations
The study revealed that both NFC carriers and receiving devices (POS terminals) have vulnerabilities in the operating system and program codes. It was proved that it is not enough to encrypt data for data safety; it is also necessary to secure it during processing.
In the course of the study, researchers proved that such standard security mechanisms as phone software are aimed at preventing threats related to data reading. It is possible to read the data over NFC technologies at a distance of up to 80 cm with the help of specific readers (Anusha et al., 2018). It is possible to decode information from contactless cards, using an available NFC reader and various software due to the imperfection of the smartphone code protection. The study has a connection with the literature on this issue, as it relied on the reports of other scientists to create hypotheses.
This research adheres to the policy of anonymity and does not disclose the specific names of the banks whose contactless cards were used in the study. The recommendations include releasing this information, so bank representatives would know that security measures need to be strengthened. The recommended practical application of this data can be used to develop other ways to neutralize the considered methods of fraudulent information acquisition from NFC devices. Since there is a constant development of technologies, future research can explore new opportunities and potential directions for the development of threats associated with NFC technologies.
Reference
Anusha, R., & Veena, D. S. (2018). Qualitative assessment on effectiveness of security approaches towards safeguarding NFC devices & services. International Journal of Electrical and Computer Engineering, 8(2), 1214-1221.