Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Next NFC Release Will Quadruple Range of Contactless Connections
- Thread starter MacRumors
- Start date
- Sort by reaction score
Good to hear about this. Should make it more convenient and maybe even failure rate will reduce.
I'm fine with the current range. I can totally take out my phone and hold it next to the card reader. this is a few seconds worth of activity, I have enough other useless things I could improve if I'd want to be more efficient. for the record, I've using Apple Pay/contactless payments for quite some time and I had 2 or 3 occasions when I had to "tap again". but sure YMMV.
on the other hand, this change will take about a decade to manifest, as it'll likely require the replacement of the reader equipment too.
on the other hand, this change will take about a decade to manifest, as it'll likely require the replacement of the reader equipment too.
I asked for it. Many instances would be helpful to have a expanded distance from the target.
Quite a few here seem to have missed the 2cm range this will increase to. For anything to happen, they have to be so close that the same thing would have happened at 0.5cm.
Also, ApplePay needs to be authorised before it will work. FaceID or double-click the side button on Watch.
The people who fall for the ApplePay prank are too shocked/worried to realise this authorisation needs to happen, not just a "ding" for confirmation. I hate those videos
Also, ApplePay needs to be authorised before it will work. FaceID or double-click the side button on Watch.
The people who fall for the ApplePay prank are too shocked/worried to realise this authorisation needs to happen, not just a "ding" for confirmation. I hate those videos
If you’re in a crowded area, 1.5 cm isn’t going to matter. People will have been brushing against you… and pickpockets have a skill as old as time.
The reality is, it’s impossible. An urban myth. Only an actual POS terminal can read the data needed to actually shim enough data. And a POS terminal is trackable, and handed out only by Acquirers.
You are correct when it comes to NFC on phones. The problem is at least in the USA almost every newer debit and credit card has NFC and it’s always active.
It will still be less than one inch: just a hair more than 3/4 of an inch. This is a non-issue unless perhaps someone thinks 0.5cm (less than 1/4 inch) is also a problem.
You can't just acquire a payment terminal and start scamming people. They don't just give terminals out to anyone and there's a rigorous approval process involved to even get one. These companies are very on top of weeding out fraudulent activity.
They are currently doing it with the existing NFC cards. I guess they have to get close to you.
I agree with you, but they’re doing it somehow. I don’t know what information they’re getting from the NFC. I don’t know if it’s the card number and expiration date or it’s some other data the NFC transmits. I’m not someone that’s doing this illegal thing so I can’t tell you exactly how they’re doing it. It’s been on the news. This is why they sell wallets with shielding. Of course, the chances of being the victim of such a crime is probably very small. In my opinion, you’re much more likely to fall for a credit card skimmer. I’ve personally had this happen to me. It’s fun to have your credit card company ask you if you just spent $200 in California lol
There was an older contactless standard that transmitted the card info, and people could read cards and use the info. That's what the news reports were about and why there are RFID blocking wallets. The current standard is EMV contactless on cards and any card made in the last 5 years is EMV on chip and contactless, and the protection of the chip also works the same through contactless.
So now essentially if someone reads a card today (as all older cards with the older tech have been replaced with EMV), they can get a single transaction in (ie what happens when you put your card on a reader today), That's why we still have RFID blocking wallets. But they can't replicate the card or use it in subsequent transactions. Do note that a card can still be cloned* through the card number printed on the card and by reading the magnetic stripe.
*cloned meaning a magstripe clone can be made, a chip or contactless clone can't be made by the card number.
So in summary, card contactless and chip are equivalent in security and can't be cloned but someone taking a payment reader and waving it around your pants until it gets a read is possible, card number and magstripe are what's still very easily cloned and used. And on that note, some cards, including Apple Card, can elect to not print the number on the card, and magstripe should be deprecated by 2027 or something like that.
thanks for the useful summary.
my card doesn't have its number or my name printed on the surface of it.
and, it doesn't have a magnetic stripe.
however for convenience, i do have it set in apple pay as the default transaction card.
so, if im on an escalator with the card in my back pants pocket, the criminal behind me cant read it with a skimmer (albeit within a distance of 2cm) even for that one interaction ?
if i dont have it set as a default card, then in that case i would always need to initiate the transaction for it to go through ?
Skimmer is a term specific to magnetic transactions, so without the magnetic stripe it's impossible to skim at all under any circumstance (not sure how you got a card without magnetic stripe already but that should become standard soon).
RFID reading can be done but it can also be blocked by RFID blocking wallets, which are pretty common.
If you have Apple Pay set up you have a default card, even if you didn't set a default, if you didn't set a default card it would be the first one you added to the phone.
You always have to consent to a transaction on Apple Pay because it requires you to double tap the side button. Apple Pay can be initiated by holding it near an active credit card reader, however it won't let the transaction go through until you double tap and it gets biometric or passcode entered.
Thank you JAYTV111 for providing some REAL information to this topic.
The reactions on this thread just highlight how people know 40% of the information and fill in the rest with FUD or "bite" on a headline. It is how, at least in America, we are screwed when it comes to information dissemination as well as being able to debate topics effectively. It's sad, disgusting, and infuriating all at the same time. If anyone reads this PLEASE PLEASE PLEASE make sure you actually have taken the REAL time to learn about something BEFORE commenting like you understand it. Don't TikTok learn it, don't REDDIT thread learn it, REALLY learn it or stop being the part of the problem of disinformation. It actually takes real effort and time to inform yourself. I don't think people need to know 100% of something, but at least get to 75% before commenting. Also, maybe when you have an idea you want to comment on, vet out your idea first? Maybe see if your idea hold merit based on your research? Maybe pose it as more of an opinion or even a question! Here, let me demonstrate....
For a personal preference, I wish the range was even BIGGER. I don't know for certain, but I can imagine that the benefits on say a tollroad, could affect thousand of drivers from lines by making it faster to tap your card. I just experienced a slight delay two days ago while driving in an area I am not normally in due to the acceptable distance of an NFC reader.
Maybe also for places like sporting events? There seems to be plenty of benefits while the risk a person can choose to either mitigated or not, through some simple means (RFID blocking wallet, etc...). The consequences are dealt with fairly easily through a decent management of personal finances and a simple call to your financial institution with, in my experience, barely any hold times (for the fraud dept).
The reactions on this thread just highlight how people know 40% of the information and fill in the rest with FUD or "bite" on a headline. It is how, at least in America, we are screwed when it comes to information dissemination as well as being able to debate topics effectively. It's sad, disgusting, and infuriating all at the same time. If anyone reads this PLEASE PLEASE PLEASE make sure you actually have taken the REAL time to learn about something BEFORE commenting like you understand it. Don't TikTok learn it, don't REDDIT thread learn it, REALLY learn it or stop being the part of the problem of disinformation. It actually takes real effort and time to inform yourself. I don't think people need to know 100% of something, but at least get to 75% before commenting. Also, maybe when you have an idea you want to comment on, vet out your idea first? Maybe see if your idea hold merit based on your research? Maybe pose it as more of an opinion or even a question! Here, let me demonstrate....
For a personal preference, I wish the range was even BIGGER. I don't know for certain, but I can imagine that the benefits on say a tollroad, could affect thousand of drivers from lines by making it faster to tap your card. I just experienced a slight delay two days ago while driving in an area I am not normally in due to the acceptable distance of an NFC reader.
Maybe also for places like sporting events? There seems to be plenty of benefits while the risk a person can choose to either mitigated or not, through some simple means (RFID blocking wallet, etc...). The consequences are dealt with fairly easily through a decent management of personal finances and a simple call to your financial institution with, in my experience, barely any hold times (for the fraud dept).
i appreciate you taking the time to further explain it. thanks a lot.
one last question...
if any/all cards are in the apple wallet set up as apple pay, and a criminal using an NFC terminal device to "nearly touch" my wallet in my back pocket, s/he can get some kind of info, but since its apple pay the transaction woudnt go through because i am not double clicking it ? and would that info that was obtained be able to be used in a transaction on line or somewhere else ?
thanks again.
Shimming is what is done to EMV chips, and they do exist but are far more rare than even how rare skimmers were. The rub is... you can't copy the chip. But the card number, expiration, name, and CVV are all passed free and clear. This can then be replicated on a mag strip and used that way. The bigger rub is... your card has multiple CVVs. You don't see the one tied to the mag strip, nor the iCVV that is tied to the chip. Verifying those values are on the owners of ATMs and merchants upgrading their terminals.
Anyway... NFC is a step even above EMV chips. Far safer. The transmitted data is encrypted, and the POS terminal is required to decrypt it. Tokenization of course exists in your Apple Pay/Google Wallet, and extended well beyond that to Visa Direct and MasterCard MoneySend as whole services. So even if you had a POS terminal you were walking around with, your phone would only ever send it a 1-time use token with a cryptogram on that token... never to be useful again.
Card fraud has fallen to its lowest levels ever. Its Card Not Present where fraud is on the rise. The internet. Someone using their card on compromised websites, not just shady websites. And CNP is where we're focused as an industry to work in ways to prevent it on the network side.
See above. Your Apple Wallet, Google Wallet, etc. They are tokenized and further encrypted with a cryptogram. Both are one-time use items. So even if it went through, it'll never go through again and both you and your card issuer have the details on exactly who did it to you, since that terminal is easily identified.
Yes, Apple Pay (yet again) requires the double click and hence won’t let a transaction through without your consent. And again, to clarify, whether card or Apple Pay (or the Google competitor, Google Wallet), no one gets anything from doing a passive read, unless they are literally putting a reader around your pants and getting a “ding” and boom your account is charged when it’s a card, and with Apple Pay, again, requires double clicking and biometric authenticating or entering passcode. And you’re 100% going to prevent a card transaction with the RFID blocking wallets which are plentiful.
As far as I’ve understood, contactless is literally EMV, and literally it’s the same protocol for a card today, it’s just done over a different medium. So contactless = EMV in terms of security, just one requires dipping into a reader, the other is tapping close enough to the antenna.
Shimming I believe has made little inroads in fraud as far as I’ve seen, as such you’d have to process a transaction when the card is present and that would mean probably putting a Raspberry Pi nearby with cellular and trying to run a payment program, but it’s all too risky, whereas the old magnetic stripe reading was instant as long as the card was swiped, easy, stored effortlessly and able to be reused long after the transaction.
You’re not wrong. An EMV card has 2 transmission methods. So NFC is a form of it. But those transmission methods are different and if you want to nerd out on it - ISO 7816 vs ISO 14443. Cryptography plays a huge role here. The NFC data itself is signed by a private key on the card - a digital signature. Passports use the same ISO standard for biometrics. You can identify those passports on the front cover, they have that rectangular shape with a circle in the middle.
A while back I was trying to get my Credit Card out to pay for my dinner, and I wasn't even ready to tap the device. It just tapped itself anyway. I ended up using the wrong card. Is there a way to prevent this increase in range from being too troublesome? What, you sit back in your booth, pull out the wallet on your phone trying to pick the right card, and it goes through from several feet away? That's a good thing?