The retail data-breach epidemic highlighted by Target now has other famous victims, including UPS, Home Depot, and Dairy Queen. If you've used a credit card sometime in the past year or two, there's a very good chance your information has been compromised or exposed by at least one of these data breaches. If you use Apple's new Apple Pay system, though, such worries just might be behind you.
The current point-of-sale (POS) system carries a number of risks when it comes to processing credit card transactions. As we've seen with the data breaches mentioned above, the POS system itself can be compromised. There are also stories of restaurant workers using card skimmers, or card skimmers being surreptitiously attached to card swiping mechanisms at gas stations. Basically, any transaction that involves handing your physical card to someone, or reading the data from the magnetic stripe on the back of the card, could lead to your credit card data's compromise in some way.
NFC (Near Field Communication) technology enables mobile devices to communicate wirelessly with a POS system, no physical card required. NFC itself isn't new, but Apple Pay has better security, broader support, and the clout of the Apple brand behind it. In other words, Apple Pay might actually catch on, and make wireless payments with a mobile device mainstream.
The recent hack of nude celebrity photos, and the implications that has for iCloud security, might cause some to think twice about trusting credit card information on an Apple device. While it's always prudent to exercise caution, Apple has security features in place that make a compromise highly unlikely — if not impossible.
First, Apple does not store the actual credit card data on the iOS device, or on iCloud. The payment information is encrypted and stored in a "Secure Element." When you initiate a transaction, Apple Pay generates a one-time key based on the encrypted information, and that's what is shared with the point-of-sale system. For added protection, Apple Pay transactions from an iPhone also require fingerprint authentication using Touch ID.
Even if attackers were able to intercept the one-time code information, it wouldn't be useful anymore. The cashier doesn't see your credit card number or security code, and there is no physical card to be swiped. In a nutshell, had everyone who shopped at Target or Home Depot used Apple Pay, the data breach news would be fairly trivial.
In the event that your iPhone is lost or stolen, you'll be able to disable Apple Pay payments through the Find My iPhone site. However, the Touch ID authentication requirement should be sufficient to prevent anyone from making unauthorized transactions with your device.
Sign up for MIS Asia eNewsletters.