Are RFID-based projects associated with optical communication

NFC - Near Field Communication offers these functions

The security of the NFC function is not only discussed in connection with contactless payment processes. In principle, a transponder can be read out by any NFC-enabled device. The same applies to data on NFC-enabled smartphones, provided the function is activated. And that without a user actively initiating or approving the data transfer. That calls data protectionists on the scene.

The discussion focuses on the following Security Risks and Privacy Concerns:

  • a loss of NFC-enabled bank cards, mobile devices or other chip carriers
  • the unauthorized reading of the data stored on the NFC chip by third parties
  • the manipulation of data transmission with contactless payment curtains
  • the creation of behavior, usage and movement profiles based on the contactless read out information on NFC-enabled devices

Measures for the secure and data protection-compliant use of the NFC function and other RFID-based technologies were discussed at the 72nd Conference of the Federal and State Data Protection Officers on October 26 and 27, 2006. As a result of the conference, the Federal Commissioner for Data Protection and Freedom of Information (BfDI) published binding regulations for the use of RFID technologies.

The requirements can be summarized as follows:

  • Transparency: If RFID technology is used, those affected must be informed about it.
  • Labeling obligation: Those affected must be able to recognize RFID tags and understand their communication processes.
  • No secret profiling: Personal behavior, usage and movement profiles may only be created with the consent of those affected.
  • Encryption: Providers of RFID-based applications are obliged to prevent unauthorized reading of stored user data - for example through encryption.
  • Deactivation: It must be possible to permanently deactivate RFID tags in the retail and service sector if necessary. If data stored on RFID chips is no longer required for the original purpose of data storage, it must be deleted.

Special requirements for the use of NFC technology in the context of contactless payment processes were published with the decision of the DSK (data protection conference) of 23.03.2018.

Accordingly, all credit institutions that issue debit or credit cards with an NFC chip are obliged to provide their customers with comprehensive and understandable information about the processing and storage of data in the context of contactless payment. Users of NFC-enabled bank cards should be advised that Protective covers are available that prevent the chip from being read by unauthorized persons. The NFC chip must be deactivated in the standard setting. In addition, customers must have the option of deactivating the chip on their bank card if necessary or of using a debit or credit card without NFC function at no additional cost.

According to the data protectionists, NFC chips are not allowed to provide any recurring code numbers - for example account numbers - that can be read out contactlessly and thus used for the purposes of creating a profile. Working on international Encryption standards Near Field Communication must continue to be promoted by the German economy.

Consumers should be specifically advised of the risks of mobile payment apps. In addition, providers of corresponding applications should provide information on risk minimization. Payment apps that enable contactless payment with the smartphone must always be kept up to date by the provider.