NFC (Near Field Communication) and QR code scanning are the two primary methods for transmitting credential data during in-person verification. Both enable a holder to share their mobile driver's license with a verifier's reader without internet connectivity, but they work through different mechanisms and suit different verification scenarios.
NFC verification
NFC enables two devices to communicate when they're brought within a few centimeters of each other. If you've used contactless payment, tapping your phone or card at a payment terminal, you've used NFC. Mobile driver's license verification works similarly: the holder taps their phone against an NFC-enabled reader, and the credential data is transferred through a short-range connection.
The NFC exchange happens quickly, typically completing in under a second. The holder's wallet app transmits the requested credential attributes, signed by the issuer's private key. The verifier's reader checks the signature against the issuer's public key, confirms the data hasn't been tampered with, and returns a verification result.
NFC verification is well-suited for high-volume, time-sensitive scenarios. TSA checkpoints process thousands of passengers daily and need verification that can be completed in seconds. Law enforcement traffic stops require quick confirmation without extended interactions. Retail age verification at busy establishments benefits from the convenience of tap-and-go technology.
The physical proximity required for NFC provides a natural security boundary. The holder must deliberately bring their device close to the reader, creating an intentional act of credential presentation. This prevents inadvertent or unauthorized data transmission.
NFC also enables secure, encrypted channels between devices. The ISO/IEC 18013-5 standard defines how mDL data should be transmitted over NFC, including session encryption that protects the data in transit. Even in crowded environments, the communication between the holder's phone and the verifier's reader remains private.
QR code verification
QR code verification works through optical scanning rather than radio communication. The holder's wallet app displays a QR code on their phone screen, and the verifier scans it with a camera-equipped reader or smartphone app. The QR code contains or references the credential data needed for verification.
QR codes are versatile because they don't require specialized NFC hardware. Any device with a camera can scan a QR code, making verification possible with standard smartphones, tablets, or webcams. This lowers the barrier to entry for verifiers who might not have dedicated NFC readers.
In practice, QR codes are commonly used to initiate a verification session or establish device engagement between the holder and verifier. The QR code conveys the information needed to set up a secure exchange, after which credential data is transmitted using protected protocols rather than being embedded directly in the code itself.
QR code verification is suitable for scenarios where NFC hardware isn't available or where a visual confirmation process is preferred. Some verification workflows want the holder to actively display something on their screen, creating a clear moment of consent. Online-to-offline scenarios, where a verification begins digitally and is completed in person, may use QR codes to bridge the two contexts.
How do both methods support privacy?
Both NFC and QR code verification support selective disclosure. The holder doesn't transmit their entire credential; they share only the specific attributes the verifier requests. Proving age at a bar requires only an age_over_21 confirmation, not the holder's full birthdate, address, or license number.
The holder's device remains in their control throughout the process. ISO/IEC 18013-5 explicitly supports verification without device surrender. The holder taps their phone or displays a QR code while keeping the device in their hand. The verifier receives a cryptographic data package but never gains access to the device itself.
Bluetooth as an alternative
While NFC and QR codes are the most common methods, Bluetooth Low Energy (BLE) offers an alternative option for transferring credentials between devices. BLE operates at a slightly longer range than NFC and can maintain a connection for ongoing data exchange. Some implementations use BLE as a transport layer after initial engagement via NFC or QR code.
Standards and interoperability
ISO/IEC 18013-5 specifies how mDLs should be presented using both NFC and QR code methods, ensuring that credentials issued in one state are compatible with verification readers across the country. The standard specifies device engagement protocols, data encoding formats, and security requirements for each method.
This standardization is critical for interoperability. Verification systems in different environments may follow compatible standards profiles, but reader capabilities, supported protocols, and operational requirements may vary depending on the use case and deployment.
Want to keep learning?
Subscribe to our blog.
