Using Web NFC for authentication on Android mobile devices

Discover how Capital One uses Web NFC to authenticate customers on Android mobile devices.

Capital One Tech
Capital One Tech
5 min readOct 2, 2024

--

Women holding credit card and smart phone

Capital One is using card-based technology that leverages Web NFC — near field communication technology in Android Chromium-based browsers — to help our customers authenticate by tapping their credit card to their Android mobile device. In this article, we’ll share how we’re using Web NFC to help us authenticate customers.

What is NFC vs. Web NFC?

Near field communication (NFC) is a short-range wireless technology operating at 13.56 MHz, facilitating communication between electronic devices within a distance of approximately 4 centimeters or less. Imagine NFC as a virtual handshake between devices, enabling them to exchange data securely and conveniently without requiring physical contact. This technology relies on magnetic induction, where one device (the reader) emits a small electrical charge, creating a magnetic field that powers up another passive device (like an NFC tag). Once activated, the passive device can transmit data back to the reader in the form of electrical impulses.

NFC offers several benefits for both consumers and businesses. For consumers, NFC technology provides a seamless way to initiate transactions, share information, and interact with devices, all with a simple tap or wave. From mobile payments to access control systems, NFC enhances convenience and security in everyday tasks and transactions. For businesses, NFC opens up opportunities for innovative marketing strategies, streamlined operations, and enhanced customer experiences. Whether it’s enabling contactless payments at checkout or simplifying inventory management with NFC-enabled tags, businesses can innovate with this technology.

Since NFC operates over short distances, typically within a few centimeters, it is less susceptible to interception compared to other wireless communication technologies. Additionally, data being transmitted via NFC can be encrypted to promote security, integrity, and confidentiality.

Web NFC extends the capabilities of NFC to the web. Web NFC is available on browsers built on Google’s open-source Chromium project. The Web NFC API can be invoked via JavaScript and allows the reading and writing of NDEF tags to/from nearby NFC devices. This allows users to tap their NFC-enabled smartphones or other devices to initiate actions on websites, access information and verify identities. Web NFC adheres to the web’s security model, promoting safety and privacy in interactions with NFC devices. By integrating NFC functionality into web browsers, Web NFC eliminates the need for dedicated native applications, making it more accessible and convenient to use NFC technology on the web.

How Capital One uses Web NFC for authentication on Android mobile devices

Consumers often use methods like One Time Password (OTP) or Mobile App Verification to authenticate that they are making a high-value transaction or completing other account management activities. Capital One also offers card technology that uses Web NFC in our online authentication program. In certain scenarios where authentication is needed, such as accessing sensitive information or verifying unusual purchase activities, customers can tap their Web NFC-enabled Capital One credit card to their Android mobile device to help verify that the customer is in possession of the card. Customers with an Apple mobile device can also tap their credit card to authenticate certain transactions, although Capital One uses a different technology compatible with this operating system.

Working with Google on Web NFC

Google has actively promoted the adoption of Web NFC among developers and businesses by highlighting its capabilities, benefits and use cases. Google engineers have collaborated with the World Wide Web Consortium (W3C) and other standards bodies to help define and refine the specifications for Web NFC. Google has also integrated Web NFC support into its Chromium-based web browsers for the Android operating system. This means that users of Google Chrome and other Chromium-based browsers on Android mobile devices can leverage Web NFC functionality directly within their browser without the need for additional plugins or applications.

In leveraging Web NFC for authentication, Capital One worked with Google engineers to improve the performance and user experience of the technology. This resulted in Web NFC on Android Chromium-based browsers being not only more robust and reliable, but more user-friendly and intuitive. The resulting performance optimizations make Web NFC an even more viable solution for businesses.

We’re excited that Capital One is innovating with Web NFC to continue delivering a seamless experience. The web platform is a collaborative endeavor and we are thrilled by Capital One’s engagement. The feedback we received on performance and user experience issues has been instrumental in ensuring that Web NFC meets the high standards expected by customers and businesses alike. We hope this innovative use case will encourage other browsers to consider shipping Web NFC as well.

-François Beaufort, Web NFC Spec Editor, Google

Adhere to standards for successful implementation of Web NFC

The utilization of Web NFC has enabled Capital One to leverage an additional method to authenticate customers, helping to prevent fraud. For other companies looking to use Web NFC, it’s essential to adhere to established standards and best practices. The guidelines set forth by W3C provide a comprehensive framework for implementing Web NFC securely and effectively. By following these standards and embracing the potential of Web NFC, companies can harness innovation to drive value for their customers.

Learn more about tech at Capital One

New to tech at Capital One?

Originally published at https://www.capitalone.com.

Authored by Wayne Lutz, Senior Manager, Software Engineering
Wayne Lutz is a software engineer with over 35 years of engineering experience, starting his career at Commodore Business Machines working with the innovative Amiga computer. He’s worked at Capital One for 10 years on various projects.

DISCLOSURE STATEMENT: © 2024 Capital One. Opinions are those of the individual author. Unless noted otherwise in this post, Capital One is not affiliated with, nor endorsed by, any of the companies mentioned. All trademarks and other intellectual property used or displayed are property of their respective owners. Capital One is not responsible for the content or privacy policies of any linked third-party sites.

--

--

Capital One Tech
Capital One Tech

From our founding, we’ve used tech to change the banking industry. Today, our innovations are making banking better for tens of millions of our customers.