Know and understand characteristics, uses, advantages and disadvantages of Near Field Communication (NFC) including payment using a smartphone

6 ICT Applications – Near Field Communication (NFC)

Learning objective

Know and understand the characteristics, uses, advantages and disadvantages of Near Field Communication (NFC), including how a smartphone can be used for payment.

What is NFC?

Near Field Communication (NFC) is a short‑range (< 10 cm) wireless technology that lets two devices exchange data by magnetic induction. It operates at the globally allocated frequency of 13.56 MHz** and is defined by the standards ISO/IEC 14443 (contactless cards) and ISO/IEC 18092 (NFC).

Key technical characteristics (exam‑focus)

CharacteristicDetails to remember (AO1)
Frequency13.56 MHz
Maximum operating distance0–10 cm (typical ≈ 4 cm)
Data‑transfer rates106 kbps, 212 kbps, 424 kbps
PowerActive devices supply the field; passive tags need no battery
StandardsISO/IEC 14443 & ISO/IEC 18092

NFC operating modes

ModeDescriptionTypical example
Card‑emulationDevice behaves like a contactless smart card; secure element stores payment or access credentials.Mobile payment (Apple Pay, Google Pay), transport tickets on a phone.
Reader/WriterDevice reads data from or writes data to a passive NFC tag.Scanning a smart poster to open a URL; reading an NFC‑enabled product label.
Peer‑to‑Peer (P2P)Two active NFC devices exchange data, each acting as both reader and tag.Phone‑to‑phone sharing of a contact, photo or Bluetooth‑pairing information.

Comparison with other recognition systems (required by the syllabus)

TechnologyTypical rangePower requirementTypical usesSecurity notes
NFC0–10 cmActive device powers passive tagContactless payment, transport tickets, access cards, smart postersVery short range limits eavesdropping; tokenisation & dynamic CVV for payments
RFID (high‑frequency 13.56 MHz)Up to 1 m (depends on tag type)Passive tags powered by readerInventory control, animal identification, access controlLonger range → higher risk of skimming; usually no encryption
Bluetooth‑Low‑Energy (BLE)Up to 30 mBoth devices have own power sourceProximity marketing, indoor positioning, data syncPairing and encryption required; longer range can be intercepted
QR code (optical)Line‑of‑sight, up to several metresNo power needed on the code; scanner supplies powerWeb links, tickets, payment QR (e.g., Alipay)Security depends on the app; easy to copy or replace the image

Common uses of NFC

  1. Contactless payment (Apple Pay, Google Pay, Samsung Pay)

  2. Transport ticketing (London Oyster, Hong Kong Octopus, Singapore EZ‑Link)

  3. Access control (office entry cards, hotel room keys)

  4. Information sharing (digital business cards, Bluetooth/Wi‑Fi pairing)

  5. Smart posters & marketing (tap for URLs, coupons, loyalty points)

  6. Device configuration (quick‑pairing of headphones, speakers)

Advantages

  • Speed – transactions and data exchanges complete in a fraction of a second.

  • Convenience – no need to insert cards or remember PINs for low‑value payments.

  • Security – very short range limits eavesdropping; data can be encrypted and tokenised.

  • Low energy – passive tags operate without a battery.

  • Interoperability – works with most modern smartphones and dedicated NFC cards.

Disadvantages / limitations

  • Very short range – the user must bring the device almost into contact with the reader.

  • Limited bandwidth – unsuitable for large file transfers.

  • Relay attacks – an attacker can extend the range with two devices that forward the signal (mitigated by tokenisation and transaction‑level authentication).

  • Not all older phones or tablets support NFC.

  • Security also depends on the back‑end payment infrastructure and on users practising safe behaviour (e.g., not tapping unknown terminals).

How NFC payment works with a smartphone

  1. Setup – Add a debit/credit card to a mobile wallet (Google Pay, Apple Pay, etc.).

  2. Tokenisation – The card number is replaced by a unique token stored in the device’s Secure Element (SE) or Trusted Execution Environment (TEE).

  3. Device authentication – Before a transaction the user verifies identity via fingerprint, face ID, or PIN.

  4. Transaction initiation – The user taps the phone on the NFC terminal.

  5. Data exchange – The phone sends the token, a one‑time cryptographic code (dynamic CVV) and the transaction amount over the NFC link.

  6. Backend verification – The terminal forwards the data to the acquiring bank, which checks the token with the card issuer.

  7. Authorization – If approved, an approval message is sent back through the same path; the terminal displays “Approved”.

  8. Receipt – The user may receive a digital receipt on the phone or via email.

Security features in NFC payments

FeaturePurpose
TokenisationReal card number never leaves the secure element or the network.
Dynamic CVV (dCVV)Unique security code for each transaction prevents replay attacks.
Secure Element (SE) / Trusted Execution Environment (TEE)Hardware‑isolated storage that protects cryptographic keys from the OS.
Biometric / PIN verificationEnsures the legitimate user authorises each payment.
Short‑range inductive couplingPhysical proximity requirement makes “skimming” virtually impossible.

Data‑protection & privacy (e‑safety)

  • Tokenisation and dynamic CVV protect personal card details from being exposed.

  • Keep the NFC‑enabled device locked with a PIN, fingerprint or facial recognition to prevent unauthorised use.

  • Only tap trusted terminals (e.g., known POS devices, transport gates).

  • Be aware that NFC tags can store URLs or personal data; always check the content before following a link.

  • Regularly review transaction histories and report any unauthorised activity.

  • In line with the Cambridge syllabus, emphasise the concepts of personal data, consent, and the right to be informed when using NFC services.

Practical classroom activities

  • Demonstrate a tap‑to‑pay transaction using a dummy NFC terminal and a smartphone (or a simulated app).

  • Create a Venn diagram comparing NFC, Bluetooth‑LE and RFID in terms of range, speed, power, and typical uses.

  • Case‑study: Choose a city that introduced NFC‑based transport tickets; discuss benefits, challenges and impact on commuters.

  • Role‑play a “relay‑attack” scenario and identify how tokenisation, dynamic CVV and user verification mitigate the threat.

  • Research task: Locate the ISO/IEC standard numbers that govern NFC (14443 & 18092) and present a short summary of each.

Summary checklist (revision aid)

  • Identify and describe the three NFC operating modes: card‑emulation, reader/writer, peer‑to‑peer.

  • List at least three everyday applications of NFC.

  • Explain why the short range of NFC is both an advantage (security) and a limitation (convenience).

  • Outline the step‑by‑step process of a smartphone‑based NFC payment.

  • State two security mechanisms that protect NFC payments (e.g., tokenisation, dynamic CVV, Secure Element).

  • Recall the relevant standards: ISO/IEC 14443 and ISO/IEC 18092.

  • Remember the e‑safety points: keep the device locked, use trusted terminals, review transaction history.