What is an NFC tag? A complete guide to how they work and what they're used for

NFC tags are everywhere now — in event wristbands, hotel keycards, smart-home stickers on the back of light switches, transit passes, vaccine vials, and the little black dot on the back of a pet's collar. Most of the time you don't even notice them. You just tap, and something happens.

This guide explains what an NFC tag actually is, what's inside one, the different types you'll run into, and what people use them for in the real world. By the end, you should know which kind of tag to buy for your own project and what your phone can and can't do with one.

TL;DR

• An NFC tag is a tiny chip with a copper coil that draws power from your phone's magnetic field — no battery needed.
• The most common consumer tags (NTAG213/215/216) hold between 144 and 888 bytes — enough for a URL, a contact card, or Wi-Fi credentials.
• Your phone can read almost any NFC tag, but writing, cloning, or inspecting raw data takes a dedicated app.

What is an NFC tag, exactly?

An NFC tag is a passive, battery-free chip that responds when a phone or reader gets close to it. NFC stands for Near Field Communication — and the "near field" part is the important bit. The chip has no power source of its own. It harvests a small amount of energy from the magnetic field that the reader produces, uses that energy to wake up, and sends a short burst of data back. The whole exchange takes a fraction of a second.

The read range is short on purpose: about 4 cm in practice. That's a feature, not a limitation. It means a tag can't be read accidentally from across a room, and it forces the user to deliberately tap. Compare that to Bluetooth, which can leak data up to 10 meters away, or QR codes, which can be photographed from across the street.

A tag can be a sticker the size of a fingernail, a card the size of a credit card, a button glued to a poster, an implant in a pet, or a chip embedded in a wristband. Whatever the form factor, the core electronics are the same.

How an NFC tag actually works

Crack open an NFC tag and you'll find two things: a small chip and a copper antenna coil. That's it.

When your phone gets close, the phone's NFC controller energizes its own antenna, producing a 13.56 MHz magnetic field. The tag's coil sits inside that field and acts as a tiny generator — the field induces a current in the coil, which is enough to power the chip for a few milliseconds. The chip wakes up, reads its memory, and modulates its own coil to push data back through the same field. This is called inductive coupling.

The data itself is stored in a format called NDEF — NFC Data Exchange Format. NDEF is a wrapper around one or more "records," each of which has a type (URL, text, vCard, Wi-Fi config, MIME type, custom) and a payload. When iOS or Android sees a recognizable NDEF record, it offers to do the right thing automatically — open a link, save a contact, join a Wi-Fi network. When the data isn't NDEF — for example, a transit card with raw memory blocks — the OS doesn't know what to do with it, and you need a dedicated app to inspect or interpret the bytes.

The main types of NFC tags you'll see

Tags come in dozens of chip families, but most of what you'll buy online or find in the wild falls into three buckets.

NTAG213, NTAG215, NTAG216

These are NXP's NTAG2xx family — NFC Forum Type 2 tags. They're cheap, widely supported, and what most blank stickers and cards on Amazon actually contain. The numbers refer to memory size:

• NTAG213 — about 144 bytes of user memory. Fine for a URL or a short text record.
• NTAG215 — about 504 bytes. The sweet spot for vCards and most use cases. This is also what Amiibo cards use.
• NTAG216 — about 888 bytes. For longer payloads or multiple records.

If you're buying tags for a project and don't have a specific reason to choose otherwise, NTAG215 is the default pick.

MIFARE Classic, Ultralight, and DESFire

NXP's MIFARE family is what most physical access systems and transit cards use. They're not NFC Forum Type 2 — they use proprietary security on top of the same radio. MIFARE Classic in particular is famous for having been broken cryptographically years ago, which is why some access systems still rely on it being "good enough" against casual attackers. MIFARE DESFire is the modern, secure successor and is much harder to clone.

ICODE, Type 4, Type 5

Less common in consumer projects but worth knowing about. Type 4 tags can hold significantly more data and are used in some passports. Type 5 (ISO 15693) tags have a longer read range and show up in library books and inventory tracking.

If you're shopping for tags and just want them to work with your phone, look for "NTAG215" or "NFC Forum Type 2" on the listing. Avoid "MIFARE Classic" tags for general-purpose work — many phones will read them, but iOS in particular treats them as second-class citizens.

What people actually use NFC tags for

The fun part. NFC tags are cheap (often under $1 each in bulk) and can sit anywhere a sticker can. People use them for:

• Smart-home triggers. Stick a tag by your front door that turns off the lights and arms the alarm when you tap it on your way out. iOS Shortcuts and Android Tasker both support this natively.
• Business cards. A tag in your wallet that shares your contact info as a vCard. Tap a stranger's phone, your details land in their address book.
• Wi-Fi sharing. A tag stuck to your fridge with your guest network credentials. Visitors tap, join the network, no typing.
• Inventory and asset tracking. Each item gets a tag with a unique ID; a warehouse worker scans a shelf in seconds.
• Access control and transit cards. Office key fobs, hotel keycards, subway passes, ski lift tickets.
• Anti-counterfeiting. Luxury goods sometimes embed a tag whose unique ID is registered with the manufacturer, so a buyer can verify authenticity.
• Marketing posters and museum exhibits. Tap to learn more, watch a video, get a coupon.
• Pet collars and medical alerts. A tag with the owner's contact info or a link to medical records, scanned by whoever finds the pet or person.

The pattern is always the same: the tag stores a tiny amount of data, the phone interprets it, the OS or an app does the rest.

NFC vs other contactless tech

It helps to put NFC in context with the alternatives.

NFC vs RFID. All NFC is RFID — NFC is one specific 13.56 MHz subset of the broader RFID family. RFID also includes longer-range UHF tags (used for inventory and tolling) and lower-frequency LF tags (used in pet microchips). When people say "RFID" in a security context they usually mean those longer-range systems; when they say "NFC" they mean phone-readable short-range tags.

NFC vs QR codes. QR codes are free to print but easy to swap, can be photographed from a distance, and can't be rewritten. NFC tags cost a few cents, require a deliberate tap, can be locked or password-protected, and can be rewritten thousands of times. For a poster on a wall, QR is fine. For something attached to a physical object that needs to be tamper-evident, NFC is better.

NFC vs Bluetooth. Bluetooth pairing takes seconds, works at meters of range, and needs both sides to be powered. NFC works in milliseconds, requires a deliberate tap, and the tag side needs no power at all. They're complementary — NFC is often used as the handshake for a Bluetooth pairing.

Reading and writing NFC tags from your phone

Out of the box, your phone can read most NFC tags. Writing, cloning, and inspecting raw memory is where it gets more interesting.

On iPhone, every model from the XS onward reads NFC tags in the background. You don't need to open anything — just hold the top of the device near the tag and the "Tag Detected" banner appears. iPhone 7, 8, and X have NFC hardware too, but you have to open the NFC Tag Reader from Control Center first. Either way, iOS will only handle NDEF records it recognizes; if the tag holds non-standard data or is locked, iOS shows nothing.

On Android, you turn NFC on in Settings (it's usually on by default on phones that have it), and most devices read tags as soon as the screen is unlocked. Manufacturer behavior varies — some Samsung and Xiaomi devices have extra NFC features, while a few budget models ship without NFC at all.

When iOS won't open a tag, the cause is almost always one of: the tag is empty, the data isn't NDEF, the tag is locked, or the chip type isn't on iOS's supported list. None of these are deal-breakers — they just mean you need a reader app to see the actual contents.

For inspecting tag details past the iOS banner — chip type, UID, lock status, raw NDEF, and full memory dump — or for writing your own data and cloning compatible tags, NFCore handles all of it. It's the iOS app this site is for.

We'll cover the platform specifics in dedicated guides:

• How to read NFC tags on iPhone (coming soon)
• How to read NFC tags on Android (coming soon)

What can you put on an NFC tag?

The chip's memory is just bytes — what you put there is up to you, but the practical options are:

• A URL. The most common payload by far. Tap, browser opens.
• Wi-Fi credentials. SSID + password packaged so the phone joins automatically.
• A vCard. Name, phone, email, address — saved to contacts.
• Plain text. Shown on screen.
• An Apple Pay-style payload. For tags that should open a specific app or pass.
• Custom NDEF records. For developer tooling, your own MIME type, app launching.
• Raw memory blocks. When you want full control and don't care about NDEF.

Storage limits matter. A URL fits anywhere. A vCard with a photo doesn't fit on an NTAG213. Wi-Fi credentials with a long password fit comfortably on NTAG215. Plan around the chip you're writing to.

Are NFC tags safe?

Short answer: yes, with the usual caveats.

A tag has no CPU. It can't run code, it can't infect a phone with malware, it can't push anything to the device. The phone is the one deciding what to do with the data it reads, and modern OSes are pretty conservative — iOS will show a URL preview before opening it, Android will ask for permission to open most things, and neither will silently install anything.

The realistic risks are:

• A malicious URL on the tag. Same risk as a malicious QR code. Don't tap unknown tags expecting them to be safe.
• A swapped tag. Someone replaces a legitimate tag (say, a restaurant menu tag) with their own pointing somewhere malicious. Defense: be suspicious of tags in public places, and lock your own tags so they can't be overwritten.
• A locked tag you didn't lock yourself. Some attacks involve writing a payload to a blank tag and then permanently locking it so it can't be cleaned up. If you control the tags, write what you want and then lock them yourself.

For your own tags, consider locking them in software once you're happy with the contents. Most NTAG chips support a one-way lock bit and an optional password.

Next steps

If you got this far, you know more about NFC tags than 99% of the people using them every day. The natural next step depends on what you want to do:

• Reading and inspecting tags — start with the platform guides above (or grab NFCore and tap a tag).
• Writing your own tags — pick up a pack of NTAG215 stickers and a writer app.
• Building a project — figure out the smallest payload that does the job, write it, lock it, and stick it where you need it.

NFC tags are one of the rare consumer technologies that genuinely just work. They're cheap, they're durable, they don't need batteries, and once you understand the basics, the use cases pretty much come up on their own.