Create a Secure NFC Environment on the Device
One method of creating a secure Near Field Communication (NFC) environment comes in the form of special hardware. This figure shows the construction of a generic NFC-enabled smartphone that includes a Secure Element (SE) to ensure that transactions remain safe.
Credit card data is transmitted in the clear (unencrypted) for virtually all NFC card emulation specifications for companies such as Visa and MasterCard. The SE does not protect the data transmission; it protects the data only while it resides on the phone. The SE does protect the data, but only from On-Device attacks.
Dynamic data appended to the credit card information protects the NFC data link, and the issuer needs to see this dynamic data to know that the transaction is real. This figure shows how a typical credit card transaction would work.
As you can see, the bank or other financial institution sends the account information to a Trusted Service Manager (TSM) that encrypts the data. Nothing can easily decrypt the data without having a key, so now the data is inaccessible. The encrypted data goes from the TSM, through the user’s data carrier, to the SE on the smartphone, where the account information is decrypted to make a purchase. The combination of wireless communication and physical security makes it unlikely that someone could steal the credit card data.