The retail data-breach epidemic highlighted by Target in the US now has other famous victims. If you’ve used a credit card sometime in the past year or two, there’s a chance your information has been compromised or exposed by at least one of these data breaches. If you use Apple’s new Apple Pay system, though, such worries just might be behind you.
The current point-of-sale (POS) system carries a number of risks when it comes to processing credit card transactions. As we’ve seen with the data breaches mentioned above, the POS system itself can be compromised. There are also stories of restaurant workers using card skimmers, or card skimmers being surreptitiously attached to card swiping mechanisms at gas stations. Basically, any transaction that involves handing your physical card to someone, or reading the data from the magnetic stripe on the back of the card, could lead to your credit card data’s compromise in some way.
NFC (Near Field Communication) technology enables mobile devices to communicate wirelessly with a POS system, no physical card required. NFC itself isn’t new, but Apple Pay has better security, broader support and the clout of the Apple brand behind it. In other words, Apple Pay might actually catch on, and make wireless payments with a mobile device mainstream.
The recent hack of nude celebrity photos, and the implications that has for iCloud security, might cause some to think twice about trusting credit card information on an Apple device. While it’s always prudent to exercise caution, Apple has security features in place that make a compromise highly unlikely – if not impossible.
First, Apple does not store the actual credit card data on the iOS device, or on iCloud. The payment information is encrypted and stored in a ‘Secure Element.’ When you initiate a transaction, Apple Pay generates a one-time key based on the encrypted information, and that’s what is shared with the point-of-sale system. For added protection, Apple Pay transactions from an iPhone also require fingerprint authentication using Touch ID.
Even if attackers were able to intercept the one-time code information, it wouldn’t be useful anymore. The cashier doesn’t see your credit card number or security code, and there is no physical card to be swiped. In a nutshell, had everyone who shopped at Target in the US used Apple Pay, the data breach news would be fairly trivial.
In the event that your iPhone is lost or stolen, you’ll be able to disable Apple Pay payments through the Find My iPhone site. However, the Touch ID authentication requirement should be sufficient to prevent anyone from making unauthorised transactions with your device.
Android loyalists and Apple bashers are quick to point out that Apple is actually late to the NFC party. That is true. As I mentioned above, NFC technology has been available on competing mobile devices, and mobile payments have existed on rival platforms for some time. The major difference is that Apple has the support and momentum to make it mainstream. Apple has enlisted Visa, Mastercard and American Express – which account for more than 80 percent of the credit cards in use – as well as individual banks.
However, they are only in the US initially. Apple has not yet set a date for Australia.