Den 23 feb 2015 08:38 skrev "Andy Schroder" <info@andyschroder.com>:
>
> I agree that NFC is the best we have as far as a trust anchor that you are paying the right person. The thing I am worried about is the privacy loss that could happen if there is someone passively monitoring the connection. So, in response to some of your comments below and also in response to some of Eric Voskuil's comments in another recent e-mail:
From the sources I can find NFC don't provide full privacy, but some modulations are MITM resistant to varying degrees, some aren't at all, and they are all susceptible to denial of service via jammers.
If the merchant system monitors the signal strength and similar metrics, a MITM that alters data (or attempts to) should be detectable, allowing it to shut down the connection.
Using NFC for key exchange to establish an encrypted link should IMHO be secure enough.