The NFC Field Guide: How the Tech Actually Works, From Tap to Chip
Almost everyone has tapped a phone to something and watched it just work. A menu opens, a payment clears, a transit gate lifts. That is near-field communication, NFC, and most people never need to know more than "tap and it works." This guide is for the people who want to know more.
It starts simple and gets firmly technical on purpose. By the end you will understand what is actually happening in a tap, what the little chip inside a tag really is, how much it can hold, what breaks it, and the one distinction, static versus dynamic, that separates a sticker that does one thing forever from a touchpoint you can actually run. We build hardwood and slate objects with NFC inside, so this is the explanation we wish more people had.
What NFC actually is
NFC is a short-range subset of RFID (radio-frequency identification) that operates at a single global frequency: 13.56 MHz. Two things make it feel like magic, and both are deliberate engineering choices.
First, most NFC tags are passive: they have no battery. The chip and its antenna sit dormant until a powered device, like your phone, comes close. The phone generates a small alternating magnetic field, and the tag's antenna harvests just enough energy from that field to wake the chip and transmit its data back. This is electromagnetic induction, the same basic principle as a wireless charger, scaled down to a whisper. A tag can sit on a shelf for a decade and still work, because there is nothing in it to run down.
Second, the range is intentionally tiny. The standard allows for an operating distance up to roughly 10 centimeters in ideal conditions, but with a phone's small antenna you are realistically tapping within a centimeter or two. That sounds like a limitation. It is actually the security model: a connection that only forms when two things nearly touch is very hard to intercept from across a room. Data moves at up to 106 kbit/s, which is slow by internet standards and entirely sufficient for handing over a web address.
So the mental model is: a tiny, battery-free radio that holds a small amount of data and only speaks when something taps it. Everything else is detail.
NFC vs. QR codes
People often treat these as rivals. They are better understood as two ways to do the same job (getting a phone to a destination) with different strengths.
A QR code is a printed image. Any phone with a camera can read it, it costs nothing to produce, and it works on a screen or a scrap of paper. Its weaknesses are physical: it has to be clean, lit, flat, and large enough to scan, and it visually announces itself as a code.
An NFC tag is a physical chip. You tap rather than aim, so there is no camera, no framing, no app to fumble with. The chip can be hidden inside an object, survive water and wear, and feel like part of the product rather than a sticker on it. Its weaknesses are that it costs more than ink and only works on NFC-capable phones (essentially all modern ones).
Crucially, both can be static or dynamic (more on that below), so neither is inherently "smarter." Many of the best deployments simply use both: an NFC tap for the people who have it, a printed QR as the universal fallback.
What actually happens in a tap
Here is the sequence, start to finish, when you tap a phone to a tag that holds a web link.
- Your phone is constantly emitting a low-power 13.56 MHz field whenever NFC is on and the screen is awake.
- The tag enters that field. Its antenna induces a small current, powering the chip.
- The chip transmits the data stored in its memory back to the phone by subtly modulating the field (a technique called load modulation).
- The phone reads that data, recognizes its format, and acts, in this case opening the URL.
The format in step 4 matters, because it is what makes NFC universal. Tag data is written in NDEF (NFC Data Exchange Format), a standardized structure defined by the NFC Forum. An NDEF message is made of one or more records, and each record declares its own type. A web link is stored as a URI record: the payload is just the address, flagged so the phone knows to open it in a browser. Because NDEF is a standard, an Android phone, an iPhone, and a dedicated reader all interpret the same tag the same way.
Do you need an app? For a standard NDEF link, no. Android phones read NDEF tags natively whenever the screen is unlocked, handing the URL straight to the browser. iPhones added background tag reading (no app, no setup) on the iPhone XS and newer running iOS 13 or later. (Older iPhones, from the 7 through the X, could read tags but needed an app open to do it.) For the overwhelming majority of phones in use today, a tap on a link tag just opens the link.
Chip types, decoded
"NFC tag" is a category, not a part. The NFC Forum defines four tag types (Type 1 through Type 4) that can carry NDEF data, differing in memory, speed, and underlying silicon. The ones you will actually encounter in stickers, cards, and products are almost always NFC Forum Type 2 tags built on NXP's NTAG family, governed by the ISO/IEC 14443 Type A standard.
Within NTAG, the practical decision comes down to three chips, and the only thing that really separates them is user memory, the space available for your data:
| Chip | User memory | Roughly holds | Common uses |
|---|---|---|---|
| NTAG213 | 144 bytes | A typical web link (~130 characters) | Marketing tags, product links, the everyday workhorse |
| NTAG215 | 504 bytes | A full contact card (vCard) or long URL | Digital business cards, richer payloads, Nintendo Amiibo |
| NTAG216 | 888 bytes | Multiple records / large payloads | Data-heavy or future-proofed applications |
(There are smaller siblings, NTAG210 and NTAG212, at 48 and 128 bytes, but they are rarely worth the few cents saved.)
A useful surprise here: you do not need much memory to do a lot. A plain URL fits comfortably on the smallest common chip. The reason to step up to NTAG215 is not usually raw size but versatility. It is large enough for a complete contact card or a longer redirect, it is the chip Nintendo standardized on for Amiibo, and it has become the reliable middle ground for makers who want one chip that handles almost anything. It is the chip we reach for most at Charis Studios, typically as a waterproof 25 mm tag, with an anti-metal version for the pieces that sit on or near metal.
Every NTAG chip also carries two things beyond your data: a 7-byte UID, a unique serial number burned in at the factory that cannot be changed, and an ECC originality signature, a cryptographic value that lets a verifier confirm the chip is genuine NXP silicon rather than a counterfeit. Both matter for the security discussion later.
Read range and what kills a tag
In the real world, expect a phone to read a tag from one to four centimeters. Range depends on the size of both antennas (bigger tag antenna, more range), the power of the phone, and what surrounds the tag. A larger 25 mm tag reads more forgivingly than a tiny one; a tag buried deep inside a thick object reads less easily than one near the surface.
Most everyday materials are effectively invisible to a 13.56 MHz field. Wood, glass, plastic, fabric, ceramic, and even a thin film of water pass the signal through without trouble, which is exactly why a chip can be embedded inside a solid hardwood object and still read cleanly through the surface. Two things, however, genuinely defeat a tag:
Metal. A nearby metal surface detunes the antenna. The metal absorbs and reflects the RF energy, acts as a ground plane that short-circuits the antenna's field, and induces eddy currents that bleed away the power the chip needs. Stick an ordinary tag flat on steel or aluminum and it usually goes dead. The fix is an anti-metal (on-metal) tag, which adds a thin layer of ferrite (a ceramic material rich in iron oxide) between the antenna and the metal. The ferrite redirects the magnetic field and isolates the antenna from the surface, letting the tag work where a plain one cannot. (This is why we use anti-metal variants on pieces that live on or beside metal.)
Permanent water immersion and heat extremes are the other enemies, less of the signal than of the hardware. A momentary splash is nothing, but a bare chip soaking indefinitely, or baking on a dashboard, will eventually fail. The answer is encapsulation: sealing the chip in epoxy or PET so it is genuinely waterproof and durable. A sealed tag shrugs off rain, dishwashing, and the outdoors; the radio still passes straight through the seal.
Static vs. dynamic: the distinction that matters most
This is the single most important concept in the guide, and the one most people miss. It has nothing to do with the chip and everything to do with what you write on it.
A static tag stores your actual destination directly in its memory. Write yoursite.com/menu into the NDEF record and that is what every tap will open, forever, until you physically rewrite the tag, assuming you left it writable. Static tags are simple, free to run, and perfect when the destination never changes. Their weakness is rigidity: if the linked page moves, the menu changes, or the promotion ends, you are reprinting or re-writing hardware. And a static tag tells you nothing; there is no way to know how often it was tapped.
A dynamic tag stores something different: a short, permanent address that points to a server you control. The chip never holds the final destination. It holds a doorway. When someone taps, the server decides, in that moment, where to send them. That indirection is small but transformative:
- Change the destination anytime without touching the tag. The chip embedded in the object never has to change again.
- One tag, many behaviors. Open a menu of options, or send different visitors to different places.
- Schedule and rotate. Show one thing in the morning and another at night, automatically.
- See what happens. Because every tap passes through your server, you get real analytics: how many taps, when, and roughly where. That is data a static tag can never give you.
Neither is "better" in the abstract. A static tag is the right tool for a fixed link you will never revise. But for anything that lives in the world and might change (a rental's house guide, a restaurant's menu, a business card, a product that should do something new next season), dynamic is what turns a one-time print job into a touchpoint you can actually manage. It is also why the same physical object can keep getting more useful long after it leaves the workshop.
Security and the myths worth retiring
NFC's reputation swings between "completely secure" and "trivially hackable." The truth is specific.
Can a tag be cloned? Partly. The UID is read-only, so the chip's serial number cannot be forged on genuine silicon. But the data itself, a plain URL in an unlocked NDEF record, can simply be copied to another blank tag. So treat anything you write to an open tag as public information, not a secret. If a tag must not be altered, you can lock it read-only after writing, and many chips support 32-bit password protection to gate writes (and optionally reads). For genuine anti-counterfeiting, the ECC originality signature lets a verifier confirm the chip is real NXP, and a dynamic, server-checked tag can validate each scan in ways a static one cannot. (Nintendo's Amiibo is the famous example: the data is signed against the chip's UID, so you cannot clone one by copying bytes to a blank NTAG215.) There are also "magic" tags that can spoof a UID, which is exactly why UID alone is not a complete security model and server-side verification earns its keep.
A few myths to put down:
- "You need an app." Not for a standard link on a modern phone, as covered above.
- "Someone can skim it from across the room." The physics forbid it. A passive tag answers only inside a centimeter-scale field; there is no meaningful long-range read.
- "It drains your battery." The phone's NFC radio is low-power and idle until a tag is present; the tag itself has no battery to drain.
- "A phone case blocks it." Most plastic, leather, and fabric cases are fine. Only metal cases or thick metal plates (like some magnetic mounts) interfere.
What people actually do with a tap
Beyond sharing WiFi and opening reviews, here is the range of what a single tap can carry, all real, in-market uses:
- Digital business cards that drop a full contact straight into a phone, no typing.
- Product authentication and anti-counterfeiting for spirits, pharmaceuticals, luxury goods, and parts, using the chip's signature and a verifiable destination.
- Interactive packaging that opens setup videos, allergen and nutrition data, reorder links, or registration.
- Equipment and maintenance logs: tap a machine to pull its service history, manual, or the form to record today's check.
- Smart posters and exhibits in museums and venues that hand over audio guides, translations, or deeper context on demand.
- Access and identity: building entry, event check-in, membership.
- Medical ID and pet tags that surface emergency information instantly to anyone with a phone.
- Hospitality and rentals: WiFi, house manuals, check-out steps, local guides, and feedback behind one tap. (We wrote separate field guides for short-term rental hosts and for hotels and restaurants.)
- Sales and marketing leave-behinds: a physical object that carries a measurable, updatable channel and reads buyer intent from real taps, not guessed-at email opens. (More on that in our piece on following up in a world that ignores you.)
The pattern across all of them is the same reframe: the tag is a doorway, and the only real question is how many rooms you put behind it.
How to choose a tag
A quick decision path:
- How much data? A link fits on NTAG213. A contact card or longer payload wants NTAG215. Most people are well served by NTAG215 as a do-everything default.
- Will it touch metal? If yes, specify an anti-metal (ferrite-backed) tag. A standard tag on metal will fail.
- Will it get wet or live outdoors? Choose an encapsulated, waterproof tag.
- Will the destination ever change, or do you want analytics? Then write it as a dynamic tag pointing to a server you control. If it is a truly fixed link forever, static is fine.
- Does it need to be tamper-proof? Lock it read-only after writing, and use password protection or signature verification if authenticity matters.
Get those five answers and you have specified exactly the right tag.
The short version
NFC is a battery-free, very-short-range radio at 13.56 MHz that hands a small packet of NDEF data to a phone on contact. The chip you almost always want is an NTAG, usually NTAG215, sized by how much data you need, made anti-metal if it touches metal and waterproof if it gets wet. Modern phones need no app to read a link. And the choice that decides whether your tag is a dead-end sticker or a living touchpoint is static versus dynamic: write the destination on the chip, or write a doorway and keep control of what is behind it.
We build that doorway into objects meant to last: hardwood and slate pieces with the chip sealed inside, like our NFC Smart Porter and Mini Smart Tags. But the principle holds no matter whose tag you use: understand the chip, respect the physics, and choose static or dynamic on purpose.
Frequently asked questions
Do I need an app to use an NFC tag? For a standard web link, no. Android reads NDEF tags natively when unlocked; iPhone XS and newer read them in the background on iOS 13 and later. Only older iPhones (7 through X) required an app.
Can NFC tags be hacked or skimmed from a distance? No meaningful long-range read is possible. A passive tag only responds within a centimeter or two. The real consideration is that data on an unlocked tag is copyable, so treat it as public and lock or password-protect tags that must not be altered.
What is the difference between NTAG213 and NTAG215? Mostly memory: 144 bytes versus 504 bytes of user space. NTAG213 handles a typical link; NTAG215 handles a contact card or longer data and is the common all-purpose choice.
Will an NFC tag work through a phone case or inside wood? Yes through wood, glass, plastic, and most cases, because the 13.56 MHz field passes through non-metallic materials. Metal is the exception and requires an anti-metal (ferrite) tag.
Does an NFC tag need power or batteries? No. Passive tags are powered entirely by the phone's field during the tap, which is why they last for years untouched.
Can I change what a tag does after it is made? Only if it is dynamic. A static tag holds the destination in its memory and must be rewritten to change; a dynamic tag points to a server, so you change the destination there without touching the tag.