The Swarthmore campus is full of sounds: the bell tower, the rumble of a train, the crickets at night … and the beep of a OneCard lock on your residence hall door. But how do OneCards and their contactless brethren actually work? The answer lies in a little bit of technical wizardry known as NFC.
Right off the bat, let’s define what I’m even talking about. Radio-Frequency Identification is an umbrella term covering any system of small electronics that each transmit a unique ID code to some kind of receiver using radio waves. Essentially, it’s an electronic barcode. Since RFID tags are tiny and (relatively) cheap, they can be embedded or attached fairly easily to all kinds of objects that you might want to track. Putting tags inside of a card for access control and payments (like the OneCard) is one obvious use, but the inventory control tags at stores work along the same lines. The keyless drive systems in some cars these days also use RFID tech. Since certain kinds of RFID systems even give position data over a wide area, RFID is also used a fair bit in the industrial world to keep track of train cars, livestock, underground pipelines, and various other things.
Near-Field Communication is the specific subset of RFID that you’re probably most familiar with, even if you don’t realize that you’re using it. While RFID can operate over ranges of a few inches to several hundred feet, NFC operates only at the low end of this range (hence the name). NFC is the system used by OneCards, Apple Pay, and other contactless payment systems, and any number of electronic tap-your-card-on-a-scanner schemes like transit cards. It’s very similar to RFID in concept, as it is designed around interactions between a “reader” such as a wall-mounted panel and a “tag” such as a card or smartphone. The reader is the device that initiates the connection, while the tag is the device that’s being connected with. (The NFC chips in smartphones can act as either a reader or a tag, depending on the situation.)
NFC can work in one of two ways: active reader/active tag or active reader/passive tag. An active reader or tag (such as your phone or a door lock) requires power and constantly transmits its own signal, while a passive tag (such as a OneCard) gets its power from the reader. (It would be a pain if you had to change the batteries in your ID card!) The active reader/active tag method is honestly kind of boring, because it’s just two weak antennas transmitting to each other over a very short range. Similar technology is used in WiFi and Bluetooth, though NFC systems can benefit from a much less strenuous pairing process. (Since the radio waves and magnetic fields involved in NFC dissipate after about six inches, your phone can safely assume that any NFC signal it’s receiving is from something that you explicitly wanted it to communicate with.)
While active reader/active tag is nothing particularly special, it’s the active reader/passive tag method where things really get interesting. A passive tag like your OneCard is in fact a fully self-contained (albeit extremely low-powered) computer. When you tap your card on a scanner, it creates an air-core transformer using inductive coupling between a card antenna and the antenna in the reader. That’s an incredibly boring sentence, so let me rephrase: the scanner generates a magnetic field which transfers a small amount of power into the circuitry embedded in the card. It’s exactly the same principle as a wireless charger for your phone, smartwatch, or similar — basically, it charges the card for just long enough that it can transmit its unique identification code. I think that’s pretty cool.
The key takeaways are that NFC operates using very short-range and low-power wireless signals, and that it’s basically the same technology as a wireless charger. I like knowing these things because I’m a consummate nerd, but you might want to use this knowledge to inform your purchasing decisions. One of those purchasing decisions: don’t buy an “RFID-blocking” wallet. These contain some type of metal weave in their construction intended to “keep your credit cards secure” or some other marketing jargon. Much like VPN companies, none of their statements are technically lies. Their wallets will, in fact, block RFID and NFC signals, and they’ll prevent your credit cards from being scanned when you don’t want them to. But they don’t mention that this doesn’t really give you any more security in practice.
The misleading part is that these companies vastly overstate the threat of criminals surreptitiously scanning your credit cards to steal your payment information. For starters, most credit cards in the US as of 2020 don’t even have NFC technology embedded in them, so there’s nothing to steal. Even if they did, modern NFC cards transmit a one-time authorization code instead of any kind of number or billing address, and this code is pretty much useless to criminals. Furthermore, trying to steal people’s credit card info by waving an NFC reader around their pockets is a whole lot less efficient than simply buying leaked card info off of the dark web or stealing it by pretending to be their bank. These three facts are probably the reason why there have been exactly zero confirmed reports of fraud from RFID skimming. Furthermore, an RFID-blocking wallet removes one of the central advantages of NFC cards: you don’t have to take them out of your wallet to use them! In summary, getting one of those wallets is kind of like constantly wearing gloves so that hackers don’t steal your fingerprints. Don’t waste your money. Get a password manager instead. Or donate to Wikipedia.
If you have any further questions, would like to see a column on a specific topic, or think that I got something wrong, feel free to email me at firstname.lastname@example.org. You can also DM me on Instagram @software.dude.