Will the Olympics ‘payment ring’ jumpstart NFC demand?

Near Field Communication for credit transactions has been on the market for several years now, but has yet to become mainstream. The card brand Visa is hoping to raise its profile at the summer Olympics

Near Field Communication (NFC) – the “mobile wallet” technology – hasn’t exactly gone mainstream yet. And experts don’t expect it will anytime soon, even with some high-profile promo at the upcoming Olympic and Paralympic Games in Rio.

While it has been available to consumers for a couple of years from mega-vendors like Google, Samsung and Apple, it is a long way from displacing the legacy credit card. Google even dropped support for its Google Wallet Card last month (Android Pay is still available).

But, perhaps hearing about, or seeing, Olympic athletes using an NFC device will get the masses more interested.

[ ALSO ON CSO: Would NFC smartphones have helped at Target? ]

That seems to be the hope of the card brand Visa Inc., a sponsor of the upcoming summer games, which is providing a "payment ring" to what it is calling “Team Rio” – 45 athletes from around the world – to be used during the games, which start Aug. 5.

While it uses NFC like Apple Pay, Android Pay and Samsung Pay, it doesn’t require a smartphone. Users will be able to make purchases simply by tapping the ring at any NFC-capable payment terminal – Visa said there will be 4,000 of them “across key Olympic venues.” It doesn’t require a battery or recharging and is water resistant to 50 meters.

This is not the first move by companies to replace credit cards with “contactless” transactions – contactless credit cards are standard in the UK, and USA Today reported last October that MasterCard had announced a partnership with a company called Ringly to develop a ring for women to be used for NFC payments. But that is still in the prototype stage. According to Visa, this will be the first time wearable tech will be used for retail transactions. That, however, would seem to leave out Apple Watch, a wearable that has offered NFC for more than a year.

Visa did not respond to a request for comment.

However, while it may arouse much more curiosity and awareness about NFC, this is not the precursor to a general launch of the service. It is, as USA Today put it, akin to a beta test in an, “open but controlled environment. There are no immediate plans to make a version of the ring available to consumers.”

Chris Camejo, director of threat and vulnerability analysis at NTT Com, is not surprised. He said he thinks it is “very unlikely” that even an Olympic profile will push NFC into mainstream usage.


Chris Camejo, director, threat and vulnerability analysis, NTT Com

“It doesn't add much convenience over a credit or debit card, and it does come with some drawbacks,” he said. “It requires the user to configure the device with their payment cards, to update this configuration when card details change, and for the NFC devices that most people use – smartphones and smart watches – the device becomes useless if the battery is depleted, so most users will just stick to habit and pull out a plastic card until there is a good reason not to.”

Ben Johnson, chief security strategist at Carbon Black, noted that another barrier to the growth of NFC is that it is not only consumers who need to adopt it but merchants do too, with NFC-enabled terminals.

“Individuals need to have local merchants, wherever they live, support NFC payment systems,” he said. “Once individuals start seeing others use it, interest will build, but there’s still uncertainty as to how to set it up on a lot of phones and how it works.”

He added that, so far, it is not just a matter of one payment system. “There are multiple systems, and sometimes one is supported, or zero, but rarely all,” he said.


Ben Johnson, chief security strategist, Carbon Black

Alphonse Pascual, senior vice president, research director and head of fraud and security at Javelin Strategy & Research, agreed that the payment ring is unlikely to take the world by storm, calling it a bit, “gimmicky.”

But he said he thinks the goal is to raise the profile of NFC in general, and called the “Team Visa” payment ring, “a clever way to shape the story, and talk about not just convenience, but how much more secure it is.”

Indeed, while NFC – essentially a radio signal – is not necessarily more secure by itself, the Visa ring will include “tokenization,” a technology similar to that in the Apple Watch, which uses a different digital identifier for each transaction without exposing the account data carried on the ring. That is a definite improvement over credit cards.


Alphonse Pascual, senior vice president, research director and head of fraud and security, Javelin Strategy & Research

With tokenization, “intercepting the payment payload is nigh on useless, as it cannot be reused," said Jeremy Gumbley, CTO/CSO at Creditcall. “The modern implementations of NFC that use tokens rather than real cardholder data are very secure.”

Not that they are bulletproof. “NFC is a radio-based technology,” Camejo said. “Eavesdropping and man-in-the-middle attacks are an inherent problem with it simply because anyone with a more powerful radio or bigger antenna can jam or hijack the airwaves that are being used as a communication medium.”

Indeed, in hacking competitions of mobile devices, hackers were able to compromise smartphones when they found previously unknown flaws in the NFC functionality.


Jeremy Gumbley, CTO/CSO, Creditcall

Also, researchers found that while the NFC “read range” is supposed to be only about an inch, in some cases it is as much as 31 inches – much more accessible to hackers.

Pascual is openly skeptical of that. “From practical experience, the radio signals tend to under perform,” he said, suggesting that its reach would likely be less than an inch.

But even if the signal is interception, “it is cryptographically secure,” he said, “because of tokenization of the data in transit.”

Camejo agreed. “The key here is to use other existing encryption techniques to secure the data that is being sent over this channel,” he said.

Even if NFC eventually becomes the standard, however, it is not a sure thing that wearables will become more popular than the smartphone.

“Rings are small and easy to lose, Camejo said, “and there are lots of people who work with their hands and would have to remove any rings on a regular basis. And without the user verification ability of smart phones and watches a lost ring would be much easier to pick up and use for fraud.”

“Ultimately I feel that the smartphone will prevail,” Gumbley said, “as increasingly we are incredibly dependent on it, not just for the basics of calling and messaging. It has become indispensable to most people, and they are more likely to carry it with them.”

Pascual said the credit card itself may prevail for some time. “I don’t think anyone has come up with the magic formula to replace the credit card yet,” he said. “Otherwise, the Exxon Speedpass would have really taken off.”

The reality, he said, is that something only marginally more convenient won’t get consumers to change their habits. “It can’t just be 10 percent better,” he said. “It’s got to be five or 10 times as convenient.”

Still, he believes NFC, whether it is in smartphones, wearables, key fobs or some other device, will prevail. “We estimate that there will be 90 million NFC devices in the U.S. by 2019,” he said.

“It’s going to be everywhere eventually,” he said, calling the Olympics payment ring, “a cute harbinger of things to come.”

Join the CSO newsletter!

Error: Please check your email address.

Tags NFC

More about AppleCarbon BlackCSOGoogleInc.JavelinNearNFCSamsungVisa

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Taylor Armerding

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place