White paper on moving from contactless to wireless technologies over the air now available

A white paper to discuss the key regulatory compliance and approval issues facing manufacturers and importers of host devices with integrated wireless modules is now available on the UL University Thought Leadership resource page.

The paper provides information on the Federal Communications Commission’s (FCC) regulations regarding the sale of integrated wireless modules in the United States, and guidance on how to efficiently navigate the FCC’s regulatory approval process.

Over-the-air transactions are becoming an integral part of the daily interaction in modern society, from digital payments, border or premises controls, healthcare records to transportation ticketing. With the increasing popularity, the end-users and stakeholders are more and more concerned about the security of sensitive information.

Over-the-air transactions can be performed using contactless or wireless technologies. Until now, contactless technology has been the most efficient and cost-effective method for processing over-the-air transactions. However, the small operating range of the technology, typically just a few centimeters, is too restrictive for many applications.

As a consequence, developers are increasingly turning to wireless technology. Wireless devices not only support an extended range of operation, but also offer significantly enhanced system capabilities. While wireless standards, such as WiFi and Bluetooth, are relatively mature, efforts to address the use of wireless technology to process secure transactions are only now emerging.

In the United States, the FCC is the authority responsible for establishing regulations for all wireless transmitters, including wireless modules that are integrated into end host devices. Any party seeking to import or sell such devices in the United States is legally obliged to obtain pre-market approval.

This UL white paper discusses some of the many issues and challenges that must be addressed in the future deployment of wireless technology for the processing of secure transactions. It begins with a discussion of the strengths and limitations of both contactless and wireless technologies. The paper then reviews and assesses internal system risks for both technologies, such as confidentiality, authentication, privacy, data and transaction integrity and service reliability. It will also assess external security risks including eavesdropping, data corruption, skimming, etc.

The paper concludes with some thoughts on the future use of wireless technology in secure transactions, and how manufacturers can provide assurances to both system providers and users regarding the security of their private data.

For information, please contact Jean-Luc Khaou.