NFC security for contactless payments | Stripe (2024)

Stripe logo
  • Payments Payments Online payments
    • Payment Links No-code payments
    • Checkout Prebuilt payment form
    • Elements Flexible UI components
  • Terminal Terminal In-person payments
  • Radar Radar Fraud prevention
  • Authorization Authorization Acceptance optimizations
  • Connect Connect Payments for platforms
  • Treasury Treasury Financial accounts
  • Capital Capital Customer financing
  • Issuing Issuing Physical and virtual cards
  • Billing Billing Subscriptions and usage-based
  • Revenue Recognition Revenue Recognition Accounting automation
  • Invoicing Invoicing Online invoices
  • Sigma Sigma Custom reports
  • Data Pipeline Data warehouse sync
    • Payment methods Access to 100+ globally
    • Link Accelerated checkout
    • Financial Connections Linked financial account data
    • Identity Online identity verification
    • Atlas Startup incorporation
  • Enterprises
  • Startups
  • Ecommerce
  • SaaS
  • Platforms
  • Marketplaces
  • Finance automation
  • Embedded finance
  • Global businesses
  • Crypto
  • Creator economy
  • Stripe App Marketplace
  • Partners
  • Professional services
  • Documentation
  • Prebuilt checkout
  • Libraries and SDKs
  • App integrations
  • Accept online payments
  • Manage subscriptions
  • Send payments
  • Full API reference
  • API status
  • API changelog
  • Build on Stripe Apps
  • Support center
  • Support plans
  • Guides
  • Customer stories
  • Blog
  • Sessions
  • Contact sales
  • Jobs
  • Newsroom
  • Stripe Press
  • Become a partner
Sign in


Accept payments online, in person, and around the world with a payments solution built for any business—from scaling startups to global enterprises.

Learn more
  1. Introduction
  2. Key features of NFC payments
  3. How do NFC payments work?
  4. What security measures do NFC payments have?
  5. Threats and risks with NFC payments
    1. Known vulnerabilities and attack vectors
    2. Real-world scenarios of security breaches
  6. NFC security: How to mitigate risks and vulnerabilities
    1. For small businesses
    2. What to look for when choosing a card terminal provider
  7. Get started with Stripe

NFC payments, which rely on near-field communication technology, are a type of contactless payment method. They use a short-range wireless technology that allows two devices, such as a smartphone and a payment terminal, to communicate when they’re only a few centimeters apart. This technology is embedded in many modern smartphones and payment cards and has proliferated in recent years: in 2022, 85% of consumers across nine countries used an NFC contactless card or mobile payment wallet.

With their quick tap-and-go process, NFC payments are reshaping the checkout experience. They are also part of a larger shift toward simple payment solutions to meet modern customer expectations for convenience. But they’re not just convenient—NFC payment technology is an industry leader in enabling ultra-quick transactions while maintaining high-security standards.

As digital wallets and wearable tech become more prevalent, NFC payments are quickly becoming the default option in a growing number of payment situations. But in the rush to adopt this popular payment method, businesses can’t ignore security. For NFC payments, here’s what you need to know about creating a secure experience.

What’s in this article?

  • Key features of NFC payments
  • How do NFC payments work?
  • What security measures do NFC payments have?
  • Threats and risks with NFC payments
  • NFC security: How to mitigate risks and vulnerabilities

Key features of NFC payments

NFC payments have several key features that make them a popular choice for both customers and businesses. Here’s a quick look at these features:

  • Contactless communication
    One of the most prominent aspects of NFC payments is their ability to facilitate transactions without physical contact. The technology enables two devices—an NFC-enabled payment device (such as a smartphone or card) and a payment terminal—to exchange data when they are close to each other.

  • Speed and convenience
    NFC transactions are typically faster than traditional payment methods. The customer simply has to bring their device close to the terminal, and the transaction completes in seconds. This speed contributes to a smoother and more convenient checkout process.

  • Security
    NFC payments are generally considered secure. They often incorporate encryption to protect sensitive information such as credit card numbers. Additionally, many smartphones require authentication (such as a fingerprint scan or a passcode) before the payment is processed, adding another layer of security.

  • Versatility and integration
    NFC technology is versatile and can be integrated into a variety of devices, including smartphones, smartwatches, and payment cards. This integration allows customers to pay with the device that best suits their needs and preferences.

  • Widespread compatibility
    As NFC technology becomes more prevalent among customers, an increasing number of businesses are adopting NFC-compatible payment terminals. Contactless payments occur at a variety of locations, from large retailers to small local businesses.

  • Digital wallet support
    NFC technology is a key component in many digital wallets, such as Apple Pay, Google Pay, and Samsung Pay. These wallets allow customers to securely store details for multiple cards on their devices, giving them the flexibility to choose between accounts or cards for different transactions.

  • Transaction history and recordkeeping
    Customers can easily keep track of their transactions when conducting NFC payments through their digital wallets, which typically provide a detailed transaction history.

  • Reduced wear and tear
    Since NFC payments don’t require physical contact, there’s less wear and tear on both the customer’s payment device (such as a card) and the business’s hardware (such as a card reader), potentially increasing the life span for these devices.

How do NFC payments work?

NFC payments use a combination of hardware and software technologies to facilitate secure, convenient transactions. Here’s how this process typically works:

  • NFC chip activation
    The process begins when an NFC-enabled device, such as a smartphone or a payment card with an NFC chip, is activated. Activation usually occurs when the customer brings the device near an NFC-enabled payment terminal. In smartphones, this activation might also require user authentication via passcode, fingerprint, or facial recognition.

  • Communication establishment
    Once the NFC chip is activated, it starts communicating with the payment terminal. This communication happens through radio waves. NFC operates at a frequency of 13.56 MHz, and the range of communication is typically within 4 cm. This short range is a security feature, as it prevents unwanted interception of the data being transmitted.

  • Data transmission
    During the communication, the NFC device transmits data to the payment terminal. This data includes the payment information needed to process the transaction, such as payment amount, card details, and other relevant information. This data transmission is encrypted to protect sensitive information.

  • Payment processor involvement
    Once the payment terminal receives the data, it sends the information to the payment processor, which is responsible for verifying the transaction details with the bank or card issuer associated with the device that made the payment.

  • Authentication and authorization
    The bank or card issuer receives the transaction request and checks for authenticity and sufficient funds or credit. This includes verifying the card details and ensuring that the transaction adheres to any set limits or restrictions.

  • Transaction approval or decline
    After verification, the bank or card issuer either approves or declines the transaction. This decision is then communicated back through the payment processor to the payment terminal.

  • Completion of transaction
    If the transaction is approved, the payment terminal completes the process and typically displays a confirmation message. If it’s a smartphone or similar device, the NFC device may also receive a confirmation notification.

  • Recordkeeping
    The transaction details are recorded by the business’s payment system and—in the case of smartphones or digital wallets—on the customer’s device. This supports easy tracking and management of transaction history.

The NFC transaction process emphasizes security and speed. Data encryption and device authentication help ensure that NFC payments are secure, while the simplicity and speed of the process make it a convenient option for both customers and businesses.

What security measures do NFC payments have?

NFC payments incorporate several security measures to protect against fraud and unauthorized access. These measures include:

  • Encryption
    When data is transmitted between the NFC device (such as a smartphone or card) and the payment terminal, it is encrypted. This encryption converts the information into a secure code, which helps prevent unauthorized parties from intercepting sensitive details such as card numbers and transaction amounts.

  • Tokenization
    Many NFC payment systems use tokenization. Instead of transmitting the actual card number, a unique digital token is used. Though it represents the card number, this token is useless if intercepted, as it cannot be used beyond the specific transaction for which it was generated.

  • Short-range communication
    The very nature of NFC—short-range communication technology—adds a layer of security. Because the device must be within a few centimeters of the terminal for the transaction to occur, it reduces the likelihood of unintended or unauthorized devices intercepting the data.

  • Device authentication
    Smartphones and other devices often require authentication to complete an NFC payment. This could be in the form of a passcode, fingerprint, or facial recognition, and it guarantees that the rightful owner of the device is initiating the transaction.

  • Dynamic authentication codes
    Each transaction generates a unique authentication code. Even if a transaction detail is intercepted, it cannot be reused for another transaction, reducing the risk of fraudulent repeated transactions.

  • Secure element
    Many smartphones with NFC capabilities have a secure element—a dedicated chip that stores payment information securely. This chip is isolated from the phone’s main operating system, adding an extra layer of protection in case of hacking.

  • Transaction limits
    Some banks and financial institutions set limits on NFC transactions to reduce the risk of large fraudulent transactions. If the transaction amount exceeds this limit, traditional methods of authentication, such as a PIN entry, may be required.

  • Real-time fraud monitoring
    Banks and payment processors often monitor transactions in real time for suspicious activity. If they detect unusual patterns, these institutions can take immediate action, such as declining the transaction or contacting the customer.

  • Customer verification requests
    In some cases—especially for large transactions—the payment system might ask for additional customer verification, such as entering a PIN or signing a receipt.

When they work together, these security measures provide a multilayered defense against various types of fraud and unauthorized access.

Threats and risks with NFC payments

While NFC payments provide a strong security buffer, they are not immune to potential threats. Here are some of the vulnerabilities and risks associated with NFC payments.

Known vulnerabilities and attack vectors

  • Eavesdropping
    In the context of NFC payments, eavesdropping means an unauthorized device picks up the NFC signal during a transaction. Because NFC is a form of radio communication, it’s theoretically possible for someone to intercept the data if they have the right equipment and are within range.

  • Data modification
    During the brief moment of data transmission, a sophisticated attacker could potentially alter the communication between the NFC device and the terminal. This could lead to the wrong amount being charged or the payment being directed to a different recipient.

  • Lost and stolen devices
    If an NFC-enabled device is lost or stolen and the owner has not secured it with a PIN or biometric lock, there is a risk of unauthorized transactions. Even if it is equipped with a secure element, the period of time between losing the device and reporting it could be exploited.

  • Relay attacks
    Relay attacks occur when an attacker uses a device capable of NFC communication to intercept and relay data between a legitimate NFC-enabled device (such as a smartphone or credit card) and a payment terminal. The attacker’s device acts as an intermediary, capturing the information from the legitimate device and transmitting it to the payment terminal.

  • Skimming
    Skimmers can create a fraudulent payment terminal or modify an existing one to capture information from any NFC-enabled device that interacts with it. They can then use the collected data to clone cards or conduct unauthorized transactions.

Real-world scenarios of security breaches

  • Fraudulent terminals
    There have been instances where businesses have been defrauded by individuals installing terminals that skim data from customers’ NFC payments, leading to information theft.

  • Targeted attacks on individuals
    High-profile individuals or those perceived to have significant funds could be targeted for NFC-related attacks (such as eavesdropping or relay attacks), especially in crowded public spaces.

  • Software vulnerabilities
    In some cases, fraudulent actors could exploit security flaws in the software of NFC-enabled devices or terminals to gain unauthorized access to funds or payment information.

NFC security: How to mitigate risks and vulnerabilities

There are a variety of solutions businesses can use to limit their exposure to fraud and unauthorized access. Small businesses selecting a card terminal provider should especially be aware of how to mitigate risks and vulnerabilities.

Here are some ways to proactively protect your business and your customers.

For small businesses

  • Educate staff
    Teach employees about NFC technology and the common threats. This includes recognizing suspicious behavior or devices that could indicate that card terminals have been tampered with.

  • Maintain regular updates and patches
    Ensure that the payment terminal software is up-to-date. Software updates can fix vulnerabilities that could be exploited by attackers.

  • Implement secure configuration
    Set up terminals and devices to request a PIN for transactions over a certain amount. This can prevent large fraudulent transactions in case the NFC-enabled device is compromised.

  • Incorporate physical security
    Keep terminals in a location where staff can always see them, reducing the risk of tampering.

  • Monitor transactions
    Keep an eye on transaction records for any irregular activity. Quick detection of unusual patterns can prevent further unauthorized transactions.

  • Use trusted providers
    Choose payment terminals from providers with a good reputation for security and customer service.

What to look for when choosing a card terminal provider

  • Security incidents
    Look into the provider’s history with security. Read reviews and case studies to see how it has handled past security issues.

  • Compliance with standards
    Double-check that the provider complies with industry security standards, such as the Payment Card Industry Data Security Standard (PCI DSS).

  • Security features
    Look for providers with terminals that have advanced security features, such as end-to-end encryption and tokenization.

  • Support and responsiveness
    Choose a provider that provides strong customer support and can respond quickly to any security issues that may arise.

  • Transparent policies
    Providers should have clear policies about data handling, privacy, and the measures it takes to protect transaction data.

By following these strategies—and choosing partners that prioritize security as much as you do—you can substantially reduce the risks associated with NFC payments.

If you accept NFC payments using Stripe, learn more about how Stripe makes them more secure.

The content in this article is for general information and education purposes only and should not be construed as legal or tax advice. Stripe does not warrant or guarantee the accurateness, completeness, adequacy, or currency of the information in the article. You should seek the advice of a competent attorney or accountant licensed to practice in your jurisdiction for advice on your particular situation.

  • What pagoPA is and how it works
  • How do credit cards on file work? A quick guide for businesses
  • Phone payments in Australia: Trends for businesses to know

Create an account and start accepting payments—no contracts or banking details required. Or, contact us to design a custom package for your business.

Accept payments online, in person, and around the world with a payments solution built for any business.

Find a guide to integrate Stripe's payments APIs.

NFC security for contactless payments | Stripe (2024)


How secure is an NFC payment? ›

Q: How secure are NFC payments? NFC payments are typically more secure than traditional EMV card transactions. NFC payments need the customer to be within inches of the payment terminal, and the actual transaction takes seconds, limiting the opportunity for interception.

Can I make contactless payments without NFC? ›

Important: To make contactless payments, Near Field Communication (NFC) must be on. To turn on NFC, check your phone settings app.

What is the difference between NFC and contactless payments? ›

A contactless payment is a transaction that requires no physical contact between a device (aka a smartphone) and a payments terminal. Meaning, people can just hold up their mobile devices or contactless cards to pay. In an NFC payment, you hold your device to a reader to pay.

Do you need NFC for contactless payment? ›

NFC contactless payments are digital transactions that use near-field communication technology to facilitate payments through mobile devices like smartphones and tablets. Examples of NFC payments include Apple Pay and Android Pay.

Can NFC payments be skimmed? ›

Potentially, payment terminals can be compromised. However, as opposed to regular card skimming, NFC communication is encrypted and tokenized – meaning that a card can hardly be duplicated thanks to its information being hidden.

Is it safe to leave NFC on all the time? ›

For the majority of NFC users, this technology is perfectly safe. While it's not a very comforting thought, the fact is that hackers have many far more effective ways to target you than NFC attacks.

Is Google Pay safer than a credit card? ›

“That said, professionals within the financial industry generally regard Google Pay as safe — certainly safer than swiping a card or keying in your information.”

Is NFC worth having? ›

NFC is the fastest way to pay—transactions take just seconds. NFC transactions are much faster than EMV transactions — they take just seconds. And as people start to realize what it's like to pay with chip cards (aka how slow it is), they'll likely turn to mobile payments, especially as they're just as secure as EMV.

Why can't i pay with NFC? ›

Your NFC antenna could be near the top or middle of your device. Hold your phone closer to the payment reader. Hold your phone close to the payment reader for a few more seconds. Move your phone out of range of the payment reader for a few seconds and try again.

Is NFC safe on debit cards? ›

Speed: Contactless payments are processed within seconds, making them ideal for small transactions. Security: NFC and Wi-Fi enabled cards use encryption to protect payment information, making them more secure than traditional card payments.

Is Google pay the same as NFC? ›

Google Pay lets you make contactless payments via NFC (Near Field Communication) technology on your phone.

What is the limit of NFC transaction? ›

“The RBI's decision to increase the limit from Rs. 2000 to Rs. 5000 without entering a PIN on contactless transactions through NFC cards is a welcome move. We have in recent months seen a marked increase in contactless transaction on our network.

Can you tap pay without NFC? ›

We should point out, though – you can only use Google Pay on devices that have NFC capabilities, as this is the tech that the app uses to make contactless payments. You can still use it to pay online without NFC, but not in person.

How many times can a contactless card be used? ›

You can use a contactless card as many times as you like within a day so long as each purchase is under £100. Just bear in mind that you may be asked to use chip and PIN after using contactless a few times in a row. Don't worry, it's just an extra security measure to check it's you making any payments.

Is it safe to use NFC payment? ›

NFC payments are generally considered secure. They often incorporate encryption to protect sensitive information such as credit card numbers. Additionally, many smartphones require authentication (such as a fingerprint scan or a passcode) before the payment is processed, adding another layer of security.

Is NFC safer than card? ›

NFC transactions are extremely safe since they encrypt data, in contrast to the magnetic stripe cards used in conventional swiping.

Is there a security risk with tap to pay? ›

Contactless payments offer robust security measures, surpassing traditional magnetic strip cards. EMV chip technology and Dynamic Data Authentication (DDA) enhance protection against fraud. Each contactless transaction generates a unique cryptographic code, ensuring card authenticity and preventing unauthorized use.

What are NFC disadvantages? ›

Limited Range. Based on the name alone, people can't use NFC cards when the NFC-enabled device is too far from the sticker. The tag and device will refuse to establish a connection when the distance is more than 4 cm or a few inches. Bluetooth and WiFi will be better methods to transfer data in such cases.

Can credit card info be stolen from tap to pay? ›

Theoretically, a criminal could get close to you and use an NFC skimming device to steal the information transmitted by your card. However, even if crooks were able to pull this off, experts say the data they'd glean wouldn't be enough to enable a fraudulent transaction in your name.

Top Articles
Average GPA In High School & College (Statistics)
Choosing the Right Lot Size: A Guide to Determining Which Lot Size to Use
English Bulldog Puppies For Sale Under 1000 In Florida
Katie Pavlich Bikini Photos
Gamevault Agent
Pieology Nutrition Calculator Mobile
Hocus Pocus Showtimes Near Harkins Theatres Yuma Palms 14
Hendersonville (Tennessee) – Travel guide at Wikivoyage
Doby's Funeral Home Obituaries
Compare the Samsung Galaxy S24 - 256GB - Cobalt Violet vs Apple iPhone 16 Pro - 128GB - Desert Titanium | AT&T
Vardis Olive Garden (Georgioupolis, Kreta) ✈️ inkl. Flug buchen
Craigslist Dog Kennels For Sale
Things To Do In Atlanta Tomorrow Night
Non Sequitur
Crossword Nexus Solver
How To Cut Eelgrass Grounded
Pac Man Deviantart
Alexander Funeral Home Gallatin Obituaries
Shasta County Most Wanted 2022
Energy Healing Conference Utah
Aaa Saugus Ma Appointment
Geometry Review Quiz 5 Answer Key
Hobby Stores Near Me Now
Icivics The Electoral Process Answer Key
Bible Gateway passage: Revelation 3 - New Living Translation
Yisd Home Access Center
Shadbase Get Out Of Jail
Gina Wilson Angle Addition Postulate
Celina Powell Lil Meech Video: A Controversial Encounter Shakes Social Media - Video Reddit Trend
Walmart Pharmacy Near Me Open
Marquette Gas Prices
A Christmas Horse - Alison Senxation
Ou Football Brainiacs
Access a Shared Resource | Computing for Arts + Sciences
Vera Bradley Factory Outlet Sunbury Products
Pixel Combat Unblocked
Cvs Sport Physicals
Mercedes W204 Belt Diagram
'Conan Exiles' 3.0 Guide: How To Unlock Spells And Sorcery
Where Can I Cash A Huntington National Bank Check
Topos De Bolos Engraçados
Sand Castle Parents Guide
Gregory (Five Nights at Freddy's)
Grand Valley State University Library Hours
Holzer Athena Portal
Hello – Cornerstone Chapel
Stoughton Commuter Rail Schedule
Selly Medaline
Latest Posts
Article information

Author: Delena Feil

Last Updated:

Views: 6260

Rating: 4.4 / 5 (45 voted)

Reviews: 92% of readers found this page helpful

Author information

Name: Delena Feil

Birthday: 1998-08-29

Address: 747 Lubowitz Run, Sidmouth, HI 90646-5543

Phone: +99513241752844

Job: Design Supervisor

Hobby: Digital arts, Lacemaking, Air sports, Running, Scouting, Shooting, Puzzles

Introduction: My name is Delena Feil, I am a clean, splendid, calm, fancy, jolly, bright, faithful person who loves writing and wants to share my knowledge and understanding with you.