Article posted: Sep 01, 2015
Versasec’s CEO Joakim Thorén recently was asked to identify some of the security risks that NFC technology presents for security professionals in Security Technology Executive. The article touches upon the frightening scenarios that NFC affords hackers, demonstrating that common everyday occurrences such as riding the elevator are potential security threats to an organization.
Furthermore, while NFC protocol offers a lot of protection, its weak spot lies in close proximity of devices, since the protocol assumes that two NFC-capable devices within the same wireless range constitute a valid connection and make data transfer possible.
Every security solution has weaknesses – both known and unknown. In the NFC payments space, a majority of transactions use a very low level of security. The result is fraud, and it’s quite common. Technologies that address these security weaknesses are available, but are not yet widely adopted. Here are some ways to prevent these potentially damaging situations:
Focus more heavily on the systems that connect with the communications devices. For example, in the payments space, there are many smart systems in place, such as applications that check spending patterns and require secondary confirmation when certain criteria are met.
In the physical access control space, where processes generally are weak, adding a guard at the door who validates that only authorized people pass through (visual identification), a PIN code, a fingerprint reader or other biometric reader can address the risks.
- Consider every opportunity for improvements. For example, even with two-factor authentication, physical access control security solutions can be bettered. The systems can become powerful management tools when they are connected to the Identity and Access Management (IAM) systems used by the IT or human resources department that help in authentication, issuing and managing user credentials. With systems like these, it’s easier to limit access when employees leave, or limit access for employees depending on their level within the organization.
Versasec offers robust IAM solutions that empower IT and human resources departments to manage credentials. To read the complete article, visit Security InfoWatch.