Industry

NTAG 424 DNA Anti-Clone Technology Explained (In Plain English)

Steven SherwoodFounder, The Loyalty Club25 March 20267 min read

If you're running a loyalty programme that uses NFC tags — the kind where customers tap their phone on a tag to collect a stamp — there's a security problem you need to know about. Basic NFC tags, the kind that cost 10-20p each, can be cloned in seconds. Someone with a £30 NFC reader from Amazon and a blank tag can copy your tag and hand out free stamps from their sofa at home.

For most small businesses, this isn't a catastrophic risk — most of your customers aren't trying to defraud you. But as NFC loyalty becomes more common, the incentive to cheat grows. NTAG 424 DNA is the technology that solves this problem, and it does so in a genuinely clever way. Here's how it works, explained without the cryptography jargon.

The problem with basic NFC tags

A basic NFC tag (like an NTAG 213 or NTAG 216) stores a URL — something like "theloyaltyclub.com/s/MYCAFE". When a customer taps their phone on the tag, their phone reads this URL and opens it. The problem is that this URL never changes. Every tap reads the same URL. If someone copies that URL — either by cloning the tag or simply reading it once — they can replay it indefinitely.

Note

A basic NFC tag is like a business card glued to your counter. Anyone who reads it once has all the information forever. An NTAG 424 DNA tag is more like a card that writes a new, one-time message every time someone picks it up.

How NTAG 424 DNA changes the game

NTAG 424 DNA — where DNA stands for Dynamic NFC Authentication — takes a fundamentally different approach. Instead of storing a fixed URL, it generates a unique URL every single time it's tapped. The tag contains a secure chip that performs cryptographic calculations internally, and each tap produces a different one-time code that can only have come from that specific physical tag.

Think of it like this. Imagine you had a padlock that changed its combination every time you opened it, and only you and the padlock manufacturer knew the mathematical formula for generating the next combination. Even if someone watched you open it a thousand times, they couldn't predict the next combination. That's essentially what NTAG 424 DNA does with URLs.

The verification process (simplified)

When a customer taps an NTAG 424 DNA tag, the tag's chip takes three pieces of information: a secret key stored in the chip (that can never be read externally), a counter that increments with every tap, and the tag's unique serial number. It combines these using a cryptographic algorithm called AES-128 to produce a one-time authentication code. This code gets appended to the URL as a parameter.

Your server receives this URL, extracts the code, and performs the same calculation using its own copy of the secret key. If the codes match, the tap is genuine — it came from your real, physical tag. If they don't match, it's a clone or a replay. The counter ensures that even if someone captures a valid URL, they can't reuse it — each code works exactly once.

Key Stat

The AES-128 encryption used in NTAG 424 DNA has 340 undecillion possible key combinations (that's 340 followed by 36 zeros). Brute-forcing the key would take longer than the current age of the universe, even with the world's fastest supercomputer.

Why this matters for loyalty programmes

For a loyalty programme, the practical impact is straightforward. With basic NFC tags, you're relying on trust — trusting that customers won't clone tags or share URLs. With NTAG 424 DNA, you don't need trust. The cryptography ensures that a stamp can only be collected by someone physically present at your shop, tapping your actual tag. This protects both the business and the honest customers whose rewards would otherwise be devalued by fraud.

Basic NFC vs NTAG 424 DNA: the key differences

  • Cost — Basic tags: 10-20p each | NTAG 424 DNA: 50p-£1.50 each
  • Cloneable — Basic tags: yes, in seconds | NTAG 424 DNA: no, cryptographically impossible
  • URL — Basic tags: fixed, same every tap | NTAG 424 DNA: unique every tap
  • Server verification — Basic tags: no way to verify authenticity | NTAG 424 DNA: full cryptographic verification
  • Setup complexity — Basic tags: write a URL, done | NTAG 424 DNA: requires key programming and server-side verification
  • Best for — Basic tags: low-stakes use, informational taps | NTAG 424 DNA: loyalty, access control, authentication

Do you actually need anti-clone protection?

Honestly, not every business does. If you're a small café giving away a free coffee every 6 visits, the risk of someone going to the effort of cloning an NFC tag for a £3 reward is low. Basic NFC with server-side rate limiting (blocking multiple stamps from the same device in quick succession) is probably sufficient.

But if your reward value is higher, if you're running a programme at scale across multiple locations, or if you simply want the peace of mind that your programme is tamper-proof, NTAG 424 DNA is the gold standard. The per-tag cost increase is modest, and the security upgrade is enormous. For any business serious about running a professional, long-term loyalty programme, it's an investment worth making.

SS

Steven Sherwood

Founder, The Loyalty Club

Steven built The Loyalty Club after watching his local coffee shop lose customers to the chain next door. Based in the UK, he's on a mission to give independent businesses the same loyalty tools the big chains use — but simpler.

Learn more about TLC

Want to see how TLC can help your business?

Digital loyalty that takes 30 minutes to set up. NFC hardware included.

Request a DemoSee comparisons
Back to all posts

Related Posts

Industry

How to Keep Your Gym Members Coming Back After January

5 min5 March 2026
Industry

Best Loyalty Ideas for Hair Salons (That Clients Actually Use)

7 min25 March 2026
Industry

Digital Loyalty for Bakeries: How to Keep the Morning Rush Coming Back

6 min25 March 2026