Is Apple Pay going to be secure?
Apple has us ooing and ahhing about the iPhone 6, it’s big brother the 6+ and finally the Apple Watch. But the biggest announcement of all didn’t even have to do with gadgets. The most significant announcement was about a new service that will be built into those devices…
It is Apple Pay, Apple’s own version of a “mobile wallet” that will allow Apple users to pay for items with just a tap or wave of their device. That is if those items happen to be in stores that have agreed to install the technology necessary to allow near-field communication (NFC – no not the football conference, the radio-wave technology) to work. Of course, Apple has done the background work to ensure a lot of big names (MC, Visa, AMEX and retailers such as Target, Macy’s and McDonald’s to name a few) are already on board, which is a significant mark in their favor. And with the upcoming mandatory implementation of EMV technology, Apple may have just timed this perfectly.
I’ve always been a bit freaked about digital wallets because the Internet giants offering them (Google, Amazon) are the same companies that collect reams of personal data, from search behaviors to my product preferences, and I don’t want any one company having all of that.
Many companies have tried to get mobile payments off the ground in the past without much success. So why might Apple be different (security implications in red)?
- Apple is a master at integrating hardware and software. This doesn’t just mean that their payment system will be more user friendly than previous offerings (which it will), it also means that Apple has more control over the security and the privacy of each transaction. For example…
- No cardholder data will be stored on the iPhone itself, OR on Apple’s servers. This is a significant divergence from previous offerings (Google Wallet) and is an extremely smart play on Apple’s part. Why? Because…
- Apple has basically chosen to stay out of the information collection business to focus on what they do best, which is produce innovative digital devices and the corresponding behind-the-scenes software that make their devices so practical and useful. Consequently, they will continue to be a more trusted brand than their direct competitors. Unlike Microsoft, Facebook, and Google, Apple doesn’t appear to want to become a data-mining company. Apple executives have stated that they have no desire to collect or share user data. This could change when Apple realizes the profit they are passing up for the sake of privacy, but in the meantime…
- The same companies that have always collected your purchasing data (Visa, MC, Amex and the retailers you buy from) will be responsible for the same sensitive cardholder information they’ve always had access to, and Apple will simply be passing the transaction through, using a unique series of numbers that will reveal nothing of value should the phone be hacked.
- Finally, like it or not, Apple will make mobile payments sexy (did I just say that – I think maybe I’ve drunk too much of the Apple CoolAid). That sounds shallow, but their similar effort (iTunes + iPods, iPhone + App Store) revolutionized the music and smartphone industries. Apple has had a knack for getting consumers to warm up to ideas that have been tried before but never really took off (think iTunes, music players, smart phones, and tablets) Also, they have done what others who have tried mobile wallet concepts in the past have not: they’ve made it sexy.
- Instead of a credit card that reveals all of its secrets on a magnetic stripe (no security there), Apple Pay will require a thumbprint scan (which never leaves the device) in order to make a charge. In other words, it utilizes CHIP & PIN technology, which every retailer is required to implement before 2015 ends anyway. Apple’s timing is impeccable – let’s just hope the technology is up to the task.
I’m not in any way saying that Apple doesn’t face huge challenges in terms of security, privacy and adoption of Apple Pay. Of course they do. I’m simply saying that they have the best shot yet at bringing together the hardware, software, industry connections and marketing chops to finally make mobile secure payments, well… pay.
John Sileo is an an award-winning author and keynote speaker who specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes frequent media appearances on shows like 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.