NFC is becoming more ubiquitous every day. Coming from the roots of our industry, NFC is present in an increasing number of NFC handsets. As a hint NFC technology is reaching its maturity, its becomes the center of attention of major players in other industries. For instance, Intel recently announced it plans to implement NFC functions in its Ultrabooks (cf. Smart Insights Weekly #11-50), and HP is now introducing NFC-compatible Ultrabooks (cf. Convergence section). Also, Nintendo will add NFC functions in its new version of the Wii.
NFC has been designed by people, and industrialists coming from telecom and payment backgrounds. All of them have a longstanding experience in security, although with some differences in their understanding of security needs, and NFC standards have implemented security functions from the very beginning. Now with the addition of new applications into NFC, security needs might be different, and the industry will have to adapt to them.
NFC, and in a broader meaning secure transactions, allow lots of data collection. For instance, paying for public transport with NFC creates lots of logs, which are necessary to control transactions, and to reissue rights when they are lost or stolen. At the same time, performing payment transactions triggers the need to generate loads of data necessary to process and keep track of the transactions. And when data are available, it is often a temptation for the systems administrators to keep logs, a propensity known as “logophilia”
The European Union, and citizen protection authorities in other regions, have established frameworks for citizens data protection. The EU requires systems to be secure and respect privacy by design. Implementation of these requirements concerns all stakeholders in a transaction chain. And the most sensitive place to illegitimate access and use of private data is often the management system held by the application manager rather than the handset or the NFC Secure Element in the hand of the user.
There is still some effort to be accomplished to ensure all stakeholders for all NFC applications will meet these requirements.