The retail data-breach epidemic highlighted by Target now has other famous victims, including UPS, Home Depot, and Dairy Queen. If you’ve used a credit card sometime in the past year or two, there’s a very good chance your information has been compromised or exposed by at least one of these data breaches. If you use Apple’s new Apple Pay system, though, such worries just might be behind you.
The current point-of-sale (POS) system carries a number of risks when it comes to processing credit card transactions. As we’ve seen with the data breaches mentioned above, the POS system itself can be compromised. There are also stories of restaurant workers using card skimmers, or card skimmers being surreptitiously attached to card swiping mechanisms at gas stations. Basically, any transaction that involves handing your physical card to someone, or reading the data from the magnetic stripe on the back of the card, could lead to your credit card data’s compromise in some way.
NFC (Near Field Communication) technology enables mobile devices to communicate wirelessly with a POS system, no physical card required. NFC itself isn’t new, but Apple Pay has better security, broader support, and the clout of the Apple brand behind it. In other words, Apple Pay might actually catch on, and make wireless payments with a mobile device mainstream.
The recent hack of nude celebrity photos, and the implications that has for iCloud security, might cause some to think twice about trusting credit card information on an Apple device. While it’s always prudent to exercise caution, Apple has security features in place that make a compromise highly unlikely—if not impossible.
First, Apple does not store the actual credit card data on the iOS device, or on iCloud. The payment information is encrypted and stored in a “Secure Element.” When you initiate a transaction, Apple Pay generates a one-time key based on the encrypted information, and that’s what is shared with the point-of-sale system. For added protection, Apple Pay transactions from an iPhone also require fingerprint authentication using Touch ID.
Even if attackers were able to intercept the one-time code information, it wouldn’t be useful anymore. The cashier doesn’t see your credit card number or security code, and there is no physical card to be swiped. In a nutshell, had everyone who shopped at Target or Home Depot used Apple Pay, the data breach news would be fairly trivial.
In the event that your iPhone is lost or stolen, you’ll be able to disable Apple Pay payments through the Find My iPhone site. However, the Touch ID authentication requirement should be sufficient to prevent anyone from making unauthorized transactions with your device.
Android loyalists and Apple bashers are quick to point out that Apple is actually late to the NFC party. That is true. As I mentioned above, NFC technology has been available on competing mobile devices, and mobile payments have existed on rival platforms for some time. The major difference is that Apple has the support and momentum to make it mainstream. Apple has enlisted Visa, Mastercard, and American Express—which account for more than 80 percent of the credit cards in use—as well as individual banks, including Bank of America, Capital One, Chase, and CitiBank, with more on the way.
Apple boasts that there are 220,000 stores ready to support Apple Pay. That sounds impressive, but it’s a drop in the bucket, more or less, when weighed against all of the possible stores and retailers. The bad news is that Apple Pay won’t be available everywhere you shop, but Apple has a plethora of major retailers on board, including Walgreens, McDonald’s, Petco, Staples, and Subway. Apple Pay will also work within iOS through third-party apps like Target, Panera, and Starbucks.
Tony is principal analyst with the Bradley Strategy Group, providing analysis and insight on tech trends. He is a prolific writer on a range of technology topics, has authored a number of books, and is a frequent speaker at industry events.