Waleed C | June 6th 2019
Here is why I decided to start using Apple Pay.
Apple Pay and other mobile contactless payment methods can make shopping on the go easier than ever. Simply bring your card near an NFC reader, confirm with a fingerprint and off you go. No more worrying about forgetting your wallet at home, or having to dig around in your bag for your credit card.
Of course, I was initially hesitant about using Apple Pay - I worried about what would happen if I lost my phone, and how secure my data would be, however, after looking more into the security of Apple Pay I decided that for me, it actually seems more secure than using credit cards.
Similar to the tap/wave feature on regular credit cards, Apple Pay uses NFC technology to transfer payment information to the merchant on an NFC capable payment terminal. However, instead of transferring sensitive credit card numbers, Apple Pay uses a tokenization method that gives a random one time payment number that can’t be used in the future for any sort of fraudulent purchases. You enter your credit card information onto your phone once and it is never shared to merchants. In this way, Apple Pay protects you from merchant terminal fraud.
Apple Pay also secures your online purchases in a similar way. Traditional methods of online purchasing involve sending credit card information to an online merchant where a risk of stolen credit card information is very possible, whether on the merchant’s end, or somewhere else along the way. Apple Pay does not send your actual credit card information, again, a one time code is used, so if that information is intercepted or abused, it does not have the same consequences as a stolen credit card number does.
If you lose your phone, it can be remotely wiped using Apple’s Find My iPhone, meaning you can prevent someone else from making purchases using Apple Pay on your lost device.
Apple Pay requires a second factor of authentication. Regular NFC credit cards are tapped/waved and the payment is made. Apple Pay however, requires tap as well as biometric verification using your fingerprint. As mentioned in our article on the security of biometric verification, fingerprint authentication is not entirely secure. However, any form of two factor is always better than no two factor.
My only concern around Apple Pay has been the storage of my credit card information in an internet-connected device. Apple claims that payment information is encrypted with a key that only your payment network can decrypt. A device-specific Device Account Number is created by your bank and stored in the ‘Secure Element’ of your device. It is not backed up to iCloud, and is isolated from the rest of the operating system. I wonder what could be done if someone got access to the Device Account Number, and the likelihood of that happening, but I believe this uncertainty is outweighed by the other potential security benefits of Apple Pay.
Many smartphones now have biometric verification capabilities. Whether that is a fingerprint scanner, an iris scanner, a retina scanner, facial recognition, or voice recognition, we are increasingly being given the option of a convenient and secure way to gain access into our devices. But how secure is it?
In today’s world of cyber security threats, multi-factor authentication (MFA) is always a good idea, and is more secure than using just a password. However, not all MFA methods are created equal.