SIM with tail
Those operators are keen to ensure that NFC applications are installed, and managed, on the Sim card, even if that card has to have a tail attached. The N-Mark standard defines a secure element, but makes no mention of where that secure element should be - in the Sim, embedded in the phone or some other removable media.
Banks, particularly those in the US, seem keen on using removable SD cards, which they can post out to users along with a credit card, but the banks have little interest in multi-application architectures.
Handset manufacturers would like the secure element to be in the phone, where they can control it, while network operators would like to put it in the Sim so the user can easily change handsets, but to do that they have to convince the manufacturers to implement the Single Wire Protocol (SWP) which allows the Sim to communicate with the NFC radio in the handset.
Google's Nexus S, for example, has an embedded secure element under the control of Google, but also support the SWP should operators deploy suitable Sims.
However, applications currently have no way of communicating with either secure element, that's planned for a software upgrade once the business plan has been defined.
That's not to say that proximity systems can't work, After all, the Japanese FeliCa system has been providing comparable functionality since 2005, complete with support for multiple applications and secure payments.
The success of FeliCa may be attributed to Japan's cash-based culture, or reliance on mass transit, but the fact that DoCoMo owns every part of the value chain - technology provider, patent holder, transaction processor and bank - ensures that if there's money to be made anywhere they will make it. ®
The beginner's guide to near field communications
So what are those 250 "gurus" for then?
To create a following, what else?
Can you say "technology solution looking for a problem to solve"? Why then, are operators now finally sinking a bunch of dosh in hyping this, well, solution without a problem? Methinks it's the structure of the market. They've been staring at each other, and somebody moved. Now they all have to move. Even if they haven't a clue how to get wherever they're going, yet.
Is this the wrong place to mention the complete farce that's the "OV-chipkaart" (oyster type card, to be used as the exclusive payment method for all public transport over in The Netherlands) as it's been very publicly shown to be broken _again_ (previously in 2008) and is still getting pushed through by all relevant actors including up to the minister? RFID writers are suddenly becoming HUGELY popular over there.
If the plebs have any sense, they'll let this one slide like lead brick down a soaped slope. If /the hackers/ have any sense, they'll smash the security publicly to bits until nobody dares talk about the entire thing.
Like the range claims have already been shown to be stretchable to metres. Bill is still soundly in denial about that, though. The thing is, the engineering assumptions to make this wireless thing work aren't quite solid enough to rely on for your security assumptions. "We don't require it to work further out than 20cm" is not quite the same as "We require it to not work further out than 20cm". The difference leaves the system wide open for fraud and mischief. As does, oh, broken security in the cards themselves.
Yes, engineering for function and engineering for security are different, have different implications, and the differences are actively being ignored at the end user's peril. Which is to say, the end user now has no choice left but must understand this, and act accordingly.