Apple Pay Promises To Strengthen Payment Security

Apple Pay Promises to Strengthen Payment Security

Apple Pay logoMany folks seem excited about Apple’s introduction of Apple Pay and its potential to advance contactless payment technology, by solidifying support for the NFC  (Near Field Communication) standard among other things.

In a piece on Pymnts.com, Doc Vaidhyanathan, CA Technologies’ VP Product Management, Digital Payment, said Apple Pay “confirmed NFC’s position for the communication between mobile devices and points of interaction.” CyberSource Senior Vice President Andre Machicao said Apple Pay “has the potential to accelerate the pace of both mobile commerce and mobile payments adoption in the marketplace.”

Apple Pay is a Significant Step Forward in Payment Security

Even more exciting than Apple Pay’s invigoration of contactless payment technology, which has been around for years, is its potential to strengthen payment security. And strengthening payment security is critical, given the high-profile data breaches suffered by retailers like Home Depot.

So what makes Apple Pay such a potentially significant step forward for payment security?

As Wayne Rash writes in an eWEEK article, Apple Pay “effectively virtualizes your credit cards,” storing encrypted versions of card information that it does not share with merchants. Instead, Apple creates a single-use number for each transaction that it sends to merchants; neither Apple nor merchants keep the numbers.

Apple Pay and Tokenization

Apple Pay uses the principle of tokenization, which takes a sensitive data element (like credit card information) and substitutes it with a “token” that holds no value for hackers. Tokenization is especially effective when combined with end-to-end encryption, as it is with Apple’s system.

Apple smartly waited to introduce Apple Pay just before U.S. retailers must upgrade their payment terminals to accept cards that meet the EMV standard that is widely used elsewhere around the world. As ABI Research senior analyst Monolina Sen said in an eSecurity Planet article, hackers likely focused on U.S. retailers because the country’s lack of EMV made them easier targets.  For that reason, Mastercard and Visa are requiring U.S. merchants to accept EMV by October of 2015. If merchants have to upgrade their terminals for EMV, they will almost certainly opt for NFC capabilities as well.

Apple Pay Security Weaknesses

Are there any security weaknesses associated with Apple Pay? A few, but they pale in comparison with the myriad of security issues that come with credit cards.

As security consultant Bob Doyle told eSecurity Planet, the enrollment process is “a weak point in the process” because hackers using malware or exploiting misconfigurations or flaws in the iOS software could harvest information as it is entered by credit cardholders. Another possible weak point, Doyle said, is Apple Pay’s use of NFC. “When there is a new communications system in a device, then there is an opportunity to compromise the device itself.”

The good news, Dole said, is that Apple has included protections against replay attacks in which transaction details transmitted by NFC are intercepted by a hacker to be re-used later. Apple’s protections make it difficult for a hacker to compromise the payment system using a technique such as attaching a hidden NFC receiver to a point-of-sale machine.

Apple Pay is More Secure Than Cards

Doyle and many other experts do believe that Apple Pay – and competitive payment systems like Google Wallet – will be far more secure than cards, even cards equipped with EMV chips.

Doyle called Apple Pay “a clear enhancement over chip and PIN.” Nicholas Percoco, vice president of strategic services at security vendor Rapid7, told eSecurity Planet that Apple Pay technologies “will basically render the transaction data worthless if intercepted.”

In addition, Lev Lesokhin, executive vice president for strategy and market development at CAST, said that payment systems like Apple Pay will require retailers to invest in new development “and I’m hoping that they’ll take the opportunity to use that new frontier of development to improve the robustness of their systems.”


eSecurity Planet
Ann All is the editor of Enterprise Apps Today and eSecurity Planet. She has covered business and technology for more than a decade, writing about everything from business intelligence to virtualization.

This article was originally published on November 25, 2014

Webopedia Staff
Since 1995, more than 100 tech experts and researchers have kept Webopedia’s definitions, articles, and study guides up to date. For more information on current editorial staff, please visit our About page.

Top Articles

The Complete List of 1500+ Common Text Abbreviations & Acronyms

From A3 to ZZZ we list 1,559 SMS, online chat, and text abbreviations to help you translate and understand today's texting lingo. Includes Top...

List of Windows Operating System Versions & History [In Order]

The Windows operating system (Windows OS) refers to a family of operating systems developed by Microsoft Corporation. We look at the history of Windows...

How to Create a Website Shortcut on Your Desktop

Website Shortcut on Your Desktop reviewed by Web Webster   This Webopedia guide will show you how to create a website shortcut on your desktop using...

Generations of Computers (1st to 5th)

Reviewed by Web Webster Learn about each of the 5 generations of computers and major technology developments that have led to the computing devices that...

How to Split Screen...

A split screen view on a laptop or desktop computer is...

How to Reboot Your...

If your Mac computer is behaving strangely, it may be time...

Web Servers vs Application...

Web servers and application servers work together to serve dynamic web...