Is Apple Pay Safe?

April 19, 2019 FinTech and Alternative Finance, Fintech International, Fintech Services, Innovation and Resources No comments

US News | By Ben Luthi | Apr 12, 2019

Apple Pay is secure and convenient, as long as you use it correctly.

No payment method is entirely safe from fraud. But Apple Pay provides cardholders with several layers of security that can protect against some common forms of credit card theft.

If you want to try Apple Pay, knowing how it works is important as well as how your credit card information is safeguarded and what you can do to stay protected while using it.

What Is Apple Pay?

Apple Pay is a mobile wallet for Apple devices such as iPhones and Apple Watches that allows you to make purchases in stores, in apps and online securely without handing over your credit card information every time.

See: The growing cost of cybersecurity

In a store, the mobile wallet uses near-field communication technology – it allows two devices placed within a few centimeters of each other to exchange data – to transmit your card information. You just need to verify your identity with the Touch ID or Face ID feature, then tap your device to the store's card reader to process the payment.

To keep your information private, Apple Pay creates a unique token every time you use it, so merchants never get your actual card number. "Instead of being static data that is easily cloned if stolen," says Andrew Barratt, managing principal at Coalfire, a cybersecurity advisory firm, "it adds some dynamic elements to the data that are used when processing your card payment, making cloning for fraudulent use more difficult."

What's more, Apple doesn't store your card number on your device or its own servers.

Why Apple Pay Is More Secure Than Using a Physical Card

Trusting technology can be scary, especially if you're accustomed to a certain process. But using Apple Pay can protect your credit card information in ways that using the card can't.

It requires extra verification. With a physical credit card, all a thief needs to successfully make a purchase is your card and a merchant who doesn't match cards with IDs. And the four credit card payment networks – Visa, Mastercard, American Express and Discover – no longer require signatures.

With Apple Pay, however, someone who steals your device will have a hard time using it to make purchases. The app requires that you verify your identity using your passcode or the Touch ID or Face ID feature, and the latter two can be tough to fake.

It doesn't share your card information. Every time you make a purchase with Apple Pay, whether in a store, in an app or online, the mobile wallet creates a unique code for processing the transaction instead of sharing your credit card number.

"The credit card number is never given to the merchant, and when used online, never travels across the internet between your device and the merchant site," says Thomas Reed, director of Mac and mobile at cybersecurity firm Malwarebytes. "If by some chance a criminal were to intercept this data, it's a one-time-use code, so it couldn't be abused in the same manner as a credit card number."

See: Global payments: Expansive growth, targeted opportunities

Your credit card's EMV chip uses the same technology, called tokenization. But not all merchants have chip readers, and EMV chips don't work when you make in-app and online purchases. As a result, Apple Pay can especially be helpful for mobile and online shopping, where storing your credit card information could make it vulnerable to data breaches.

Your information can't be skimmed. If you're shopping with a merchant who requires you to swipe your card instead of use the chip, the static information on the magnetic strip can easily be stolen if a thief has installed a card-skimming device on the card reader.

Because Apple Pay doesn't share static information or require a swipe, Barratt says, it's significantly safer than using a physical card in that way.

It doesn't store your card information on your device. Apple neither shares your card information with merchants nor keeps your card information on your device or its own servers.

"An attacker who gains access to your device or your iCloud account would not be able to get your credit card information," Reed says. The same goes if a hacker somehow manages to gain access to Apple's servers.

You can suspend the service. If you've activated the Find My iPhone feature or a similar feature on another Apple device, you can suspend the Apple Pay app by placing your device in "lost mode." This will keep you from having to cancel all of your credit cards, which is what you'd need to do if you think someone has stolen your wallet.

Tips for Staying Safe When Using Apple Pay

Serious security concerns have not emerged with the technology Apple Pay uses, but some potential pitfalls await if you're not careful with your device. Here are some tips for ensuring that your device and your credit cards stay safe.

Keep your device passcode secure. Even if you use the Face ID or Touch ID features, you're required to have a passcode on your Apple device as an alternate way to verify that it's yours.

See: Inside the power struggle between big banks and fintechs to modernize financial services

If you share your passcode with others or use one that's easy to crack – such as 0000 or 1234 – it could give them easy access to create their own biometric profile. Biometrics allow consumers to be ID'd and authenticated based on a set of recognizable and verifiable data specific to them, such as fingerprints.

If they can create their own profile, they'll be able to make purchases through your Apple Pay function.

Set up Face ID or Touch ID. While biometrics aren't required to use Apple Pay, they're not as easy to get past as a four-digit passcode.

Don't allow others to add their biometrics. Permitting a significant other, family member or friend to add Face ID or Touch ID credentials to your phone may not seem like a big deal. But if the relationship turns sour, they'd have easy access to use your Apple Pay app if they can get hold of your device.

Avoid adding cards on an unsecure Wi-Fi network. Public Wi-Fi networks are convenient ways to get online at the coffee shop or the airport. But be wise about what you do when you're connected.

That's because hackers can effectively eavesdrop on the information you send from your device to a service or website. Fraudsters can even create a counterfeit mobile wallet registration system similar to Apple Pay's and lure you into sending them your card information unknowingly.

Continue to the full article --> here

NCFA Jan 2018 resize - Is Apple Pay Safe? The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org