RFID and Smartphones

One thing that is currently absent from most smartphones is some sort of support for RFID. A trend is starting to appear for smartphones, where the device is essentially your wallet, the goal being to allow you use your phone for payment instead of using credit cards, debit cards or cash. Most of the wireless/contactless payment services based around credit cards and keychain dongles revolves around RFID, a near-field communications standard that is widely used in a number of different industries. But, RFID (either as a tag or a reader or both) is not available on most of the smartphones out there today. There is a company called DeviceFidelity that has a microSD card that is both a tag and a reader (see this RFID Journal article for more info). There are others using a variety of technologies to either attached an RFID tag to the phone (basically as a really thick sticker) or use technology such as Bluetooth to allow the phone to communicate with an externally attached RFID device.

Having some kind of RFID reader and tag built into a smartphone would simplify the whole “phone as a payment device” problem, but it would open up other potential problems around security. The biggest one, of course, would be the problem of the stolen phone. In theory, a credit card has the signature strip as a form of rudimentary security, although in practice almost no salesperson ever checks them. Some cards started include a photo of the cardholder, but that hasn’t really gone anywhere. So, a stolen phone wouldn’t be, in practice, any worse than older-style signature-only credit cards. The newer chip-and-PIN technology appearing on more cards does make a stolen card far more difficult to use, and one way to secure the RFID tag in a phone would be to incorporate some kind of PIN entry on the phone before the tag would respond to a reader. Alternatively, the vendor’s reader could require a PIN, which would have to match with data provided by the RFID tag on the phone. Either way, there are options that could be explored.

I expect that we’ll start to see RFID, both as a tag and a reader, in more smartphones over the next couple of years. How far this can be taken remains to be seen (for example, could there be a way to use your phone for government-type ID like driver’s licences or even passports?). You can expect that solutions to any new security issues will trail (as they almost always seem to do), but if the technology proves popular enough, you can also bet they will be solved.