Contactless technology: cutting through the jargon
by Jack Jania, senior vice president of strategic alliances, Gemalto
Without singling any party out, I think we can agree that there is a blanketed air of confusion in the mobile industry — a conflation of language, if you will.
Those of us working with this technology day in and day out (myself included) can default to jargon, and media conversations often follow suit as they surmise what specific technology, category of devices, app providers or ecosystem is going to "win."
There's an inescapable deluge of acronyms and abbreviations used to describe the technologies that power and secure mobile transactions in particular: NFC; HCE; BLE; RFID; EMV; MST … the list goes on.
It's important for us to draw distinctions between terms that are misused or incorrectly interchanged. It's time to set the record straight on exactly what these contactless terms represent, what the technologies do, and why there is confusion in the first place.
Let's take a step back to define contactless as data being transmitted across the airwaves via a spectrum of different frequencies or wavelengths that lead to communication protocols. AM and FM radio frequencies, near field communication (NFC), radio frequency identification (RFID) and Bluetooth low energy (BLE) all have varying frequencies and are all more or less suited to transfer specific types of data.
Those ideal frequency-to-data combinations result in music signals, video signals (even HDTV), payment transactions and asset tracking, among other activities. These communication protocols are like the rules of grammar for transmitting information contactlessly.
In my estimation, much of the confusion stems from the use of RFID as a catchall for every flavor of contactless, especially when it comes to payments.
It's a common misconception that all contactless technology should be generalized as RFID. To put it in layman's terms, it's similar to how a square can always be called a rectangle but a rectangle is not necessarily always a square. RFID always fits under the umbrella of contactless, but not every type of contactless is RFID.
Enabling one type of contactless, an RFID system consists of a tag, reader and antenna. Tags can be either active or passive depending on whether the power source sits with the tag (active) or reader (passive).
Active tags transmit a findable marker through a process called automatic identification. This results in a read range of up to 100 meters, roughly the distance across a warehouse. This is what makes active RFID so useful for transmitting data such as shipping crate tracking information.
Passive RFID still has a range of up to 25 meters, so it's practical for tasks such as building access for badged employees.
NFC is a more specific subset of RFID that uses the same frequency as high frequency RFID, but must communicate within a halo of six inches or so.
This is why you'll commonly hear NFC contactless card and mobile payments referred to as "tap and pay" or "tap and go": You have to almost physically touch the card or device to the point-of-sale terminal.
In this way, "NFC turns the limitations of its operating frequency into a unique feature" that proves valuable for sensitive information-sharing and payment applications.
NFC-ready devices also retain the advantage of serving both as a reader and a tag (unlike standard RFID systems), so they're especially good for peer-to-peer communication or B2C advertising.
All communication is not secure communication
To this point, it's important to keep in mind that NFC is a communication protocol, not a security protocol. Still, the proximity requisite inherently makes payments from smartphones, wearables and other NFC-capable form factors more secure, as you have to be so close to the terminal that the runway for signal interception is short.
The distance limitation has a positive effect when it comes to establishing boundaries and verifying when and how a transaction can take place, a key differentiator from other forms of contactless communication that are better equipped to handle other types of data.
In spite of the NFC proximity safeguard, payments are a particularly sensitive type of data transfer. Security isn't based on the type of contactless communication; it's based on the way the data is stored.
RFID and NFC are not representative of all contactless communications or transactions but, as a security protocol, neither is EMV. EMV is a complementary technology to contactless that ensures data involved in payment transactions is dynamic — or ever-changing — and therefore useless for fraudulent activities. NFC (or another appropriate form of contactless) actually transfers the data, but EMV changes and masks it.
Let's be clear ...
When we refine our terminology and acronyms, we need to pay special attention to whether we're clear in our references to communication protocols and their roles vs. security protocols and their roles.
The longer we conflate different forms of contactless and their sister technologies — RFID, NFC, EMV, etc. — in a broad-brushed category, the longer we'll have trouble conveying to consumers how these technologies work and convincing them that these technologies are adequately protecting their contactless transactions.
All members of the payments ecosystem, including banks, merchants and payment acquirers, stand to gain from contactless technology and transactions, but the first step is to start talking about contactless terminology clearly and accurately.