Emerging Network Technologies
The previously discussed emerging payment systems rely upon, and may be integrated with, underlying network communication technologies and protocols. If not properly implemented, new and emerging network communication technologies may expose the payment device or system to additional vulnerabilities. This is particularly true with any network that relies upon broadcast technology to send and receive information. Even close proximity wireless devices, such as RFID, have been found to be vulnerable to eavesdropping at distances greater than they were designed for. Care should be taken to ensure that the underlying network communication technology has security appropriate to the information being transmitted. Currently, there are four types of short-range wireless connectivity technologies that can be used to connect payment devices to POS devices. These include: Infrared, RFID, NFC, and Bluetooth.
Infrared communication technology works similarly to a television remote control as information is sent from a device to a payment terminal via a frequency that is invisible to the naked eye. These devices can have signals that are stronger than other contactless technologies and can work from several yards away. Security concerns arise regarding the ability to compromise a transmission because of the strength of the signal. This concern is somewhat mitigated because there must be a direct line of sight for the transmission to work. The Infrared Financial Messaging Group (IrFM) is a consortium of technology and financial companies (including Visa) that work together to promote uniform and interoperable standards See http://irda.affiniscape.com/associations/2494/files/Publications/FM_Exec_Summary.pdf for infrared devices. These standards include encrypted channels.
Radio Frequency Identification
RFID is a method of remotely storing and accessing data on devices called RFID tags/transponders. An RFID tag can be incorporated into a plastic card (as with contactless cards), a fob, or other device. RFID tags also can be embedded into any product to track inventory. RFID tags contain antennas that enable them to communicate via radio frequency with an RFID transceiver. The technology protocol most widely used for RFID is the ISO 14443 standard. This standard is very general and can be used for multiple types of media and a broad range of hardware.
Near Field Communication
NFC is another short-range communication technology similar to RFID, but based on the ISO 18092 standard. NFC chips can be embedded in a mobile device such as a telephone to enable it to act as a contactless payment card. NFC has additional functionality such as the ability to act as a reader of other NFC devices, thus enabling two consumer devices to share data or transact payments with each other. NFC chips can also be integrated with other applications within the mobile device to permit transactions from multiple accounts.
RFID and NFC have become very flexible solutions for alternative payments. Financial institutions are adding RFID tags to credit and debit cards to speed transactions. In some parts of the world, consumers can link their credit or debit accounts to cell phones enabled with RFID or NFC technology to make purchases at retail sites equipped with payment readers.
Bluetooth is a close-range wireless radio frequency communication protocol that has been implemented in a wide range of technologies. Bluetooth uses a stronger signal than RFID or NFC and is detectable at greater distances. There has been limited adoption of this protocol.
Biometrics for Payment Initiation and Authentication
Retail Payment Systems Risk Management