Some phones have NFC chips and others may have apps that act like NFC to allow paying with the phones.

Is NFC secure? Has anyone had issues using it?

I use mine all the time...and its fairly awesome. Haven't had any issues, and I don't see how you could have any more (or less) problems with NFC vs. standard card swiping. Less, I think, since the one-time token makes it a bit more secure. I use it at gas stations all the time, and many airport vending machines (at least at larger airports), can accept NFC taps. Google Wallet is my app of choice.

I have never used NFC before and the new phone I'm getting has one. Greatly appreciated your insight on NFC...

I don't use it and don't plan to, but that has more to do with keeping track of my finances than with any concern about security. Frankly, it can't possibly be any less secure than US credit/debit cards without chip-and-PIN technology.

If I were to use it, I think I would want something like Lookout on my phone, especially as such a feature will make phones a more attractive target for malware.

I have concerns too as well, especially when I saw this video

https://www.youtube.com/watch?v=EKks3vfiy6Q

Google wallet has been around for a while. I don't recall any news about its having been penetrated (not that there hasn't been any, but I haven't heard it and I usually pay attention to security stuff). It's not like this is really new technology. My concern has more to do with my record keeping than with the technology itself.

I used to wonder how persons could keep track of all the 79 cent cups of coffee they bought with their debit cards; then I learned that they couldn't.

My local rag carried this Mercury-News article today; you might find it interesting: http://www.mercurynews.com/business/...llet-and-other

Thanks for the Mercury News article, an interesting read.

I'm new to all this NFC stuff, however I saw some cool things you can do with NFC besides payments, you can create NFC tags/stickers to change phone settings and launch applications based on profiles. Cool.

At the moment no, but to be honest i don't think that i will ever use my phone to pay something!

I personally don't expect "pay with your phone" technologies ... nor "take a picture of the check in order to deposit it" ... to survive for very long.

The bottom-line is quite simple: "a phone, 'smart' or not, is not (and cannot be) 'a secure device.'"

Also: it will always be possible to absent-mindedly set the phone down anywhere, and "ten seconds later, it is gone." Did you put a lock-code on your phone? Of course you didn't . . . (Neither did I.)

The technology that will "win" will be the already-coming strategy of putting a chip in the card itself. The "magnetic stripe" will disappear, as will the "credit-card number." The "credit card" (ATM-card, etc...), while retaining the form-factor of the present card, will become a device with on-board electronics that truly cannot be stolen, forged, or reproduced.

If you go to many stores today (say, Panera Bread franchises ...) you will already see new readers in place which have a slot on the front of the machine in addition to the magnetic-stripe reader on the side. The slot on the front is designed specifically to read the microchips that many credit-cards today already have.

The "tap your phone to pay" strategy, heavily-hyped though it may right-now be, is not secure, nor is it securable. This is due to the pragmatic nature of the device itself (whether "the device" is made by Apple or not). Therefore, it will not survive. But, "neither will the magnetic stripe, or the credit-card number."

(By the way ... if your "e-commerce" web site relies on "credit-card numbers" . . .)

I posted this in a earlier post that demonstrated how credit cards with a chip can be compromised.
https://www.youtube.com/watch?v=EKks3vfiy6Q

Is the type of chip you're referring to different from the credit cards used in the video?

In this day in age, we can embrace these technologies and at the same time be cautious of it too.

Anything that one person creates, another can compromise, if the desire is strong enough.

I used to work in the security industry. I learned that the goal of security, at least for business and home security (government security is a whole nother world), is for all practical purposes to make breaking into your place so inconvenient that the criminal decides to break into the place next door because it's easier.

Ultimately, "tap cards" will go away completely ... as will the entire notion of a "credit-card number."

The replacement will be a one-of-a-kind secure token: a credit card with a microchip in it and no radio transmitter. To make a purchase, you'll insert this token into a secure reader, and enter a PIN which could be from 4 to (I think) as many as 11 digits long.

This, of course, will be a dramatic departure for all "e-commerce web sites," which now use "credit-card numbers" as the thing which is stored and which is presented for payment authorization. Banks simply can't afford to honor "numbers" any more. They aren't secure and can't be made so. Making "card numbers" transmittable, even over very short distances, makes them all the more insecure. And it won't take the bad guys, or the good guys, too long to figure that out. The one-and-only way to provide security for credit cards is to permanently get rid of "the number."

I think that the final arrangement will probably involve an "encrypted challenge-and-response" protocol, including the unique-identifier of the card plus your PIN, which is not stored anywhere. The host sends a challenge which the chip on the card must correctly and instantly answer. The exact challenge will never be repeated. Only if the card is the correct one and the correct PIN has been entered will the response be correct. Presumably, only you (can) possess the one-and-only card and know what the PIN is. The card never transmits its "bankable secrets." Only the correct card would correctly answer, and then only when supplied the correct PIN. The host might make multiple challenges, milliseconds apart.

NO!!!!

I do not use my phone to do anything related to money.