NFC Applications – Mobile Payments & Public Transportation

November 16, 2011 by David Mahdi     No Comments

This entry is part 4 of 5 in the series Consumerization & NFC

It’s only the beginning and NFC hasn’t even hit the mainstream yet. But so far, there are some pretty interesting and useful applications for the latest connectivity standard. As I mentioned in the previous post, the consumer is likely the first to experience NFC. Corporations and businesses will likely follow suit, shortly thereafter, and use NFC internally. And no doubt some will execute simultaneously. So, what are the applications, and what impact will they have?

Mobile Payments

Impact: High

Timeframe to mainstream: 2-5 years (with differing adoption rates regionally)

One point of clarification; the mobile payments I am referring to are real-world transactions, using a mobile phone/device. This differs from paying for something — whether it’s over the air or via the Web — on your phone (e.g. browsing on your phone and purchasing something).

In the above video from Engadget, you can see how easy it can be to conduct a simple payment via a mobile device. In this case, it’s a purchase of a soft drink from a vending machine. The communication between the phone, which is a Google Nexus S, and the card reader (on the vending machine) is completed with NFC. And since NFC requires one to come into close contact (within a few centimeters), it gives the user a similar experience to swiping/inserting a credit card.

The simple act of tapping your phone will be the main action of giving consent; this is an important aspect of NFC, one that is central to all applications. In some cases, this can be combined with a PIN to help secure higher-risk or more expensive transactions. This is similar to some credit cards today; they may/may not require a signature if the purchase is below a set threshold.

When the phone comes into contact with the card reader (vending machine), the transaction is executed. The funds can either come from a pre-paid account or a credit card (as Engadget shows). It will be best practice that the sensitive information needed to complete the transaction (the “key”) will be stored on the secure element embedded in the mobile device.

A Secure Element is a tamper proof Smart Card chip capable to embed smart card-grade applications (e.g., payment, transport …) with the required level of security and features.”

The secure element will likely be central to many transactions (e.g., ones that require strong identity proof). The process of the mobile payment, in essence, is the same as using a chip credit card. The infrastructure, other than the card reader on the vending machine, already exists. In the above example, the Google Wallet is tied to a CitiBank credit card. The reader simply picks up the account information from the card, and processes the payment in the same way it would an actual card. There really is no difference.

So, the back-end infrastructure is there. We simply need the phones and the phone readers. I could go on and on about the mobile payments, but instead, I’ll point you to a few good resources if you want to learn more:

In my next post we’ll explore Public Transportation & Ticketing.


Entrust senior product manager David Mahdi specializes in Entrust’s mobile and cloud security solutions. He is an experienced IT security professional with more than 10 years in IT security, software engineering and product management. David played a key role in shaping Entrust’s mobile strategy, which included mobile authentication, strong mobile identity, mobile device management and mobile devices in the national ID/ePassport space. David spends most of his time conducting research on the mobile and cloud market, as well as conducting seminars on IT security. Prior to Entrust, David was a product strategist at Sophos, where he led efforts to increase Sophos' presence in the gateway security space. He is a well-versed information security professional for PKI, SSL, mobile, cloud, NFC, PACS/LACS, gateway security (Web/Email), malware, encryption and network security.

Add to the Conversation