Will the Olympics ‘payment ring’ jumpstart NFC demand?

Near Field Communication for credit transactions has been on the market for several years now, but has yet to become mainstream. The card brand Visa is hoping to raise its profile at the summer Olympics

Near Field Communication (NFC) – the “mobile wallet” technology – hasn’t exactly gone mainstream yet. And experts don’t expect it will anytime soon, even with some high-profile promo at the upcoming Olympic and Paralympic Games in Rio.

While it has been available to consumers for a couple of years from mega-vendors like Google, Samsung and Apple, it is a long way from displacing the legacy credit card. Google even dropped support for its Google Wallet Card last month (Android Pay is still available).

But, perhaps hearing about, or seeing, Olympic athletes using an NFC device will get the masses more interested.

[ ALSO ON CSO: Would NFC smartphones have helped at Target? ]

That seems to be the hope of the card brand Visa Inc., a sponsor of the upcoming summer games, which is providing a "payment ring" to what it is calling “Team Rio” – 45 athletes from around the world – to be used during the games, which start Aug. 5.

While it uses NFC like Apple Pay, Android Pay and Samsung Pay, it doesn’t require a smartphone. Users will be able to make purchases simply by tapping the ring at any NFC-capable payment terminal – Visa said there will be 4,000 of them “across key Olympic venues.” It doesn’t require a battery or recharging and is water resistant to 50 meters.

This is not the first move by companies to replace credit cards with “contactless” transactions – contactless credit cards are standard in the UK, and USA Today reported last October that MasterCard had announced a partnership with a company called Ringly to develop a ring for women to be used for NFC payments. But that is still in the prototype stage. According to Visa, this will be the first time wearable tech will be used for retail transactions. That, however, would seem to leave out Apple Watch, a wearable that has offered NFC for more than a year.

Visa did not respond to a request for comment.

However, while it may arouse much more curiosity and awareness about NFC, this is not the precursor to a general launch of the service. It is, as USA Today put it, akin to a beta test in an, “open but controlled environment. There are no immediate plans to make a version of the ring available to consumers.”

Chris Camejo, director of threat and vulnerability analysis at NTT Com, is not surprised. He said he thinks it is “very unlikely” that even an Olympic profile will push NFC into mainstream usage.


Chris Camejo, director, threat and vulnerability analysis, NTT Com

“It doesn't add much convenience over a credit or debit card, and it does come with some drawbacks,” he said. “It requires the user to configure the device with their payment cards, to update this configuration when card details change, and for the NFC devices that most people use – smartphones and smart watches – the device becomes useless if the battery is depleted, so most users will just stick to habit and pull out a plastic card until there is a good reason not to.”

Ben Johnson, chief security strategist at Carbon Black, noted that another barrier to the growth of NFC is that it is not only consumers who need to adopt it but merchants do too, with NFC-enabled terminals.

“Individuals need to have local merchants, wherever they live, support NFC payment systems,” he said. “Once individuals start seeing others use it, interest will build, but there’s still uncertainty as to how to set it up on a lot of phones and how it works.”

He added that, so far, it is not just a matter of one payment system. “There are multiple systems, and sometimes one is supported, or zero, but rarely all,” he said.


Ben Johnson, chief security strategist, Carbon Black

Alphonse Pascual, senior vice president, research director and head of fraud and security at Javelin Strategy & Research, agreed that the payment ring is unlikely to take the world by storm, calling it a bit, “gimmicky.”

But he said he thinks the goal is to raise the profile of NFC in general, and called the “Team Visa” payment ring, “a clever way to shape the story, and talk about not just convenience, but how much more secure it is.”

Indeed, while NFC – essentially a radio signal – is not necessarily more secure by itself, the Visa ring will include “tokenization,” a technology similar to that in the Apple Watch, which uses a different digital identifier for each transaction without exposing the account data carried on the ring. That is a definite improvement over credit cards.


Alphonse Pascual, senior vice president, research director and head of fraud and security, Javelin Strategy & Research

With tokenization, “intercepting the payment payload is nigh on useless, as it cannot be reused," said Jeremy Gumbley, CTO/CSO at Creditcall. “The modern implementations of NFC that use tokens rather than real cardholder data are very secure.”

Not that they are bulletproof. “NFC is a radio-based technology,” Camejo said. “Eavesdropping and man-in-the-middle attacks are an inherent problem with it simply because anyone with a more powerful radio or bigger antenna can jam or hijack the airwaves that are being used as a communication medium.”

Indeed, in hacking competitions of mobile devices, hackers were able to compromise smartphones when they found previously unknown flaws in the NFC functionality.


Jeremy Gumbley, CTO/CSO, Creditcall

Also, researchers found that while the NFC “read range” is supposed to be only about an inch, in some cases it is as much as 31 inches – much more accessible to hackers.

Pascual is openly skeptical of that. “From practical experience, the radio signals tend to under perform,” he said, suggesting that its reach would likely be less than an inch.

But even if the signal is interception, “it is cryptographically secure,” he said, “because of tokenization of the data in transit.”

Camejo agreed. “The key here is to use other existing encryption techniques to secure the data that is being sent over this channel,” he said.

Even if NFC eventually becomes the standard, however, it is not a sure thing that wearables will become more popular than the smartphone.

“Rings are small and easy to lose, Camejo said, “and there are lots of people who work with their hands and would have to remove any rings on a regular basis. And without the user verification ability of smart phones and watches a lost ring would be much easier to pick up and use for fraud.”

“Ultimately I feel that the smartphone will prevail,” Gumbley said, “as increasingly we are incredibly dependent on it, not just for the basics of calling and messaging. It has become indispensable to most people, and they are more likely to carry it with them.”

Pascual said the credit card itself may prevail for some time. “I don’t think anyone has come up with the magic formula to replace the credit card yet,” he said. “Otherwise, the Exxon Speedpass would have really taken off.”

The reality, he said, is that something only marginally more convenient won’t get consumers to change their habits. “It can’t just be 10 percent better,” he said. “It’s got to be five or 10 times as convenient.”

Still, he believes NFC, whether it is in smartphones, wearables, key fobs or some other device, will prevail. “We estimate that there will be 90 million mobile wallet users in the U.S. by 2019,” he said.

“It’s going to be everywhere eventually,” he said, calling the Olympics payment ring, “a cute harbinger of things to come.”

Copyright © 2016 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)