Mobile-based payment services are becoming more and more popular. There are a wealth of competing companies, all of whom offer ways to pay for products without you needing to whip out your wallet or purse.
But how do they compare to traditional plastic cards regarding safety? Are you confident you won’t wake up one morning to find that a hacker has emptied your bank account?
In this article, we’re going to use Apple Pay as a case study. What security features does it offer? What safeguards are in place? Let’s investigate.
What Is Apple Pay?
Before we start, let’s take a moment to explain exactly what Apple Pay is.
Apple Pay is included on iPhones, Apple Watches, iPads, and Macs. After coming online in October 2014, it’s grown to become one of the leading mobile payment services.
It uses a near field communication (NFC) antenna, which, when tapped against a contactless payment terminal, debits your account for the specified amount of money.
Lots of companies now offer contactless payment terminals, including several leading retail brands in North America and Europe. Some banks have even added receivers to ATMs, allowing you to withdraw cash without using your credit or debit card.
At the time of writing, the service is available in 21 countries. Five more are due to go live later in 2017. But is it safe?
1. Adding Cards to Your Account
Back in the day, credit card fraud was easy. All a hacker had to do was acquire a credit card number from a deep corner of the dark web, and they could go on an almost unhindered spending spree in shops until the legitimate owner of the account realized something was afoot.
The growth of EMV chips had been whittling away at the success rate of the tactic, but Apple Pay has reignited the illegal industry. But why?
Simply put, it’s easy to add a credit card number to an Apple Pay account. Once added, the criminal can once again go on an in-store spending spree until the owner notices.
It isn’t Apple’s fault. The company’s processes are as robust as they can be. Apple can’t decrypt the Device Account Number, doesn’t store it on Apple Pay servers, and doesn’t send it to iCloud. Furthermore, Apple doesn’t have access to the credit, debit, or prepaid card numbers you have added.
Instead, point your finger at the banks. Some banks are excellent at checking up on cards added to mobile payment services; others aren’t. There’s no authoritative list of which banks are good and which are bad. However, anecdotal evidence suggests that in many cases, as long as the criminal has the card number and the three CVV digits, they won’t be stopped until it’s too late.
2. Using Touch ID for Contactless Payments
No contactless payment method is entirely secure, but Apple Pay has an important added layer of protection that doesn’t exist on contactless debit and credit cards.
Contactless cards work by using a Device ID. They don’t have any authentication for payments below $30. In practice, this means anyone with your card can walk into a shop and start using it.
Apple Pay uses Device ID technology, but also introduces Touch ID. Your biometric fingerprint will authorize the payment, no matter how small. If your fingerprint is not recognized, the payment will not be allowed to proceed.
The Apple technology further protects you with Apple’s Unique Device Account Number. If the contactless machine you’re paying on has been specifically designed to work with Apple Pay, neither your card details or banking details will be shared with the seller.
3. Paying Online
If you do a lot of online shopping, you might have noticed Apple Pay starting to pop up in more and more stores’ checkouts. If you’re anything like me, you’ll have viewed it with a dose of suspicion: how can you make a secure online payment using a mobile-centric contactless app?
But alas, there’s no reason to be concerned. In fact, Apple Pay is more secure than lots of other online payment methods.
To keep you safe, Apple Pay receives your encrypted transaction and re-encrypts it with a developer-specific key. From there, the payment goes to the payment processor. The encryption means only the site you are making the purchase on can see your details, and the site itself even has to reverify its domain with Apple for every purchase.
As a result, it’s much harder for cybercriminals to gain access to your details as the payment flies around the world. Bottom line? You’re much less likely to be a victim of credit card fraud.
4. Losing Your Device
Everyone loses their wallet at some point in their life. Whether you accidentally left it in Starbucks or someone pilfered it from your back pocket on the train doesn’t really matter. You’ll still be frantically calling your banks and credit card companies to cancel your cards and order new ones.
What happens if you lose your iPhone? Are all your details suddenly going to end up in the hands of a hardened criminal? In short, no.
If you have set up the Find My iPhone feature, you can instantly suspend Apple Pay by putting your missing device into Lost Mode (All Devices > [Device Name] > Lost Mode). Lost Mode lets you re-enable Apple Pay at a later date if your phone shows up.
If your phone has gone forever, there are a couple more steps you can take. Head to iCloud.com/settings to remove the Apple Pay feature from the phone entirely, and use Find My iPhone to erase all your card information.
Even if you don’t have Find My iPhone set up, there is no need to panic. Apple only keeps a fragment of your card information on the app itself, so there’s no chance a criminal can simply copy down all the details and start using them.
One of Apple’s strong suits has always been privacy, and Apple Pay is no different.
The company does not track, log, or watch what you’re buying with Apple Pay, or where you’re using it. Nobody can trace the transaction information back to you.
The only exception is Apple’s Location Services. According to the company, if you have Location Services turned on, the “location of your device and the approximate date and time of the transaction may be sent anonymously to Apple.” Apple claims it uses the information to improve the accuracy of business names.
If you’re uncomfortable with even this slight level of intrusion, turn Location Services off by going to Settings > Privacy > Location Services.
If you’re concerned about what kind of information the company has about you, you can request your personal data from Apple, including Apple Pay activity.
Do You Use Apple Pay?
As you can tell from my five points, Apple Pay is largely secure. Sure, it might have a couple of flaws, but so too does any payment system.
In fact, many people don’t realize the current payment system is splitting at the seams — it’s become a red-hot target for hackers in recent years. Apple Pay is unquestionably an upgrade.
For other things, like Apple Pay, that you can do with your device; check out these hidden iPhone features that will impress your friends.
Image Credit: Pressmaster via Shutterstock.com