Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

While I appreciate your stance, I am constantly amazed at how many people are happy to use NFC. It's demonstrably insecure [0], and using it for payment at the moment is only secure through obscurity. If it becomes more-prevalent, we will see more cases of pay-info theft attacks [1].

0. https://www.makeuseof.com/tag/drive-nfc-hack-work/ 1. https://ajinabraham.com/blog/stealing-card-details-from-cont...



NFC is just a communications protocol - what you choose to send down that pipe is up to you, and we have battle-tested cryptography that provides key exchange & encryption over an insecure channel.

> using it for payment at the moment is only secure through obscurity

EMV payments over NFC are mostly secure - there might be one-off exploits here and there but I wouldn't call it insecure. There are other protocols besides EMV such as magstripe contactless which are insecure but they're intended to replicate equally-insecure magnetic stripes, but that's more down to a certain country's reluctance to adopt modern payment systems rather than a fault of NFC.

With regards to stealing card details, keep in mind that the cardholder is not liable for card-not-present fraud unless 3D-Secure authentication was used.


Re [1]: if you're using the camera to read the CVV, why not just flip the card over and capture the number?

If the card is embossed you wouldn't even need to flip it!


Is WeChat style QR code payments safer than the NFC payment method?

Given NFC payments require you to unlock your phone, does that make them secure?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: