How secure is it?
Apple Pay is one of the newest Digital Wallet apps on the market today. With credit card fraud on the rise in the US we are all checking to ensure that our credit card data is not taken. This makes any new payment method that removes the need to carry our cards look appealing. But are they really secure? We hear about data hacks and lost card information on the news with alarming frequency. And what if I lose my device? We should look at any new payment method carefully before leaping in.
On the surface Apple Pay sounds like a great idea. You use your Apple Device to send your payment information to the retailers Point-Of-Sale (POS) terminal instead of exposing your card. But is it really more secure?
So how does Apple Pay work?
According to Apple Support to use Apple Pay you only need to perform these 6 simple steps.
Setting Up your Apple Pay account
- In the Apple Pay app the user creates a passcode they will use to use the app for adding cards and using it at a retailer. As with all passwords the more complex the more secure, but harder to remember. You can also setup the Apple Touch ID for this but it may not be as secure.
- You need to add the payment information for each card on your device by typing it in or taking a picture with the iSight camera. This data is encrypted and never saved to the device or photo library.
- The data is encrypted and transmitted to Apple where it is decrypted to identify your cards payment network. After which the data is re-encrypted with a code that only your cards payment network or authorized providers card can unlock.
- Then it sends the encrypted data, along with other information about your iTunes and Apple Store account activity, information about your device (such as phone number, name, and model of your device) to your bank. Using this information, your bank will determine whether to approve adding your credit or debit card to Apple Pay.
- If your bank approves the Apple Pay account it creates an encrypted device specific account number and sends this account number back to Apple, who can not decrypt it. Apple then stores this number in your devices Secure Element. The Device Account Number in the Secure Element is unique to your device and to each credit or debit card added and is isolated from the IOS and is never stored on the Apple Pay servers or the cloud.
- Apple has no access to your card numbers and only stores a small portion of your car and device number to help manage your cards.
How does Apple Pay work at the retailer?
In stores using (NFC) contactless payment systems your device will detect an NFC field and present you with your default card. Before your card information is sent to the reader you need to authenticate by entering your passcode on your device (no payment information is sent until you authenticate).
Once you have entered your passcode your devices Secure Element will send your Device Account Number and a transaction-specific dynamic security code to the stores reader. This data along with some transaction data need to complete the sale will be transmitted to the stores point of sale system.
To process your payment your card provider verifies the dynamic security code to make sure it is unique and from your registered device. During the entire transaction your cord number is never transmitted to the stores POS.
So is Apple Pay really secure?
I looks like Apple has taken many precautions to keep your card information safe, secure and anonymous. But the truth of the digital world is hackers are going to try to get in to Apple’s digital wallet. The question is how secure do we feel using this application? The convenience is a big plus but comes with some risks, we should never assume our information will be protected by someone else. We all need to be proactive in protecting our information.