How Safe Is Apple Pay?

Walmart and Best Buy’s Apple Pay alternative has already been hacked. Your mobile wallet could be next.
Author:
Publish date:
Social count:
0
(Photo: Bloomua/Shutterstock)

(Photo: Bloomua/Shutterstock)

Apple Pay, the system that launched with Apple’s recently released iPhones, represents a kind of watershed moment in money technology. For the first time ever, all of the factors that are needed to make digital payments a feasible, everyday possibility are combined into one device. The iPhone 6 has near-field communication (NFC) capabilities that send wireless data securely over short ranges, a fingerprint sensor that makes it easy for the device to confirm the user’s identity, and a widely adopted hardware platform with software to match.

The numbers speak to Apple Pay’s success. A million credit cards were registered with Apple Pay within just 72 hours of its launch, making it the largest mobile wallet system ever, claims CEO Tim Cook. Dozens more banks have since joined the service, building on early adopters like Bank of America, Chase, and Citi. Reviews of how the product functions in stores, where retailers must install their own NFC systems, have also been largely positive.

Relying on companies to prevent leaks or exploitation of the data will be difficult. "People are still largely responsible for their own privacy and security."

So has Apple officially won the competition over controlling mobile payments? Its victory is still far from clear. Over the past weeks, suspicion has arisen over Apple’s ability to control such a high volume of payments, giving it the kind of monopoly over payment-processing pricing that Amazon lords over publishers or Uber holds over its drivers, with the potential ability to adjust the terms of service at any point they choose. The skepticism that Apple just might not have the needs of its clients first and foremost in mind has led to a sudden profusion of Apple Pay alternatives that are making a lot of noise, if not exactly taking over Apple’s market share.

Frictionless payment systems, in which a simple tap replaces the exchange of cash, are experiencing a lot more friction than their name might suggest: Windows phones are now compatible with Apple Pay devices, and a different kind of monopoly is preventing some retailers from using Apple Pay.

Stores like CVS, Rite Aid, Walmart, and Best Buy are pushing back against Apple with their own alternative system, CurrentC, driven by the Merchant Customer Exchange coalition. For the time being, those retailers are stuck with their own, less-developed platform, thanks to contracts signed years before Apple Pay was announced, as the New York Times reports. Apple has the users and the brand name behind it. Now it just has to prove that it’s the best solution for retailers and customers.

That might be made easier by the recent news that CurrentC has been hacked. “Unauthorized third parties obtained the e-mail addresses of some of our CurrentC pilot program participants and individuals who had expressed interest in the app,” a press representative confirmed in late October. It’s the first major reputation strike against mainstream mobile payments—and if hackers already have access to CurrentC, it’s an easy bet that they’re working on Apple Pay and other systems as well. With this new-found popularity, customers are having to answer for themselves the question of how secure mobile payments are.

THE IPHONE AND NFC checkout system falls loosely under the class of Internet of Things (IOT) devices, which are “growing a ton in retail and retail analytics,” says Graham Cunliffe, the co-founder of IOT Design Shop, the company behind the recent home-use Signul IOT beacon, during a recent phone conversation. The technology, which makes use of proximity sensors and short-distance data transfer, is being used for applications like pushing offers to customers when they’re inside a store.

Aside from financial data being leaked, such devices run the risk of acting as passive trackers—and it’s the phone, rather than the static device, that’s more likely to be at fault. “Where the onus lies is on app in device that’s receiving connectivity,” Cunliffe says. Yet being tracked is part of what makes the IOT payments systems valuable for stores. They will be better able to tell which customers are buying what, and perhaps improve experiences based on that data collection. “People will be highly incentivized to engage in behaviors that allow them to be tracked and their location used,” Cunliffe says.

As IOT devices become a larger part of our technological lives, it will become increasingly important to be aware of how exposed they might be. And relying on companies to prevent leaks or exploitation of the data will be difficult. “People are still largely responsible for their own privacy and security,” Cunliffe says.

As convenient paying for anything with your phone seems, it comes with its own difficulties. This is still very new technology in terms of the mainstream market, and as such, it has yet to prove its stability. “It’s the Wild Wild West,” says Jenny Suh of Wind River, a technology security firm. “People are going to rush these devices to market instead of working within an ecosystem just to get these cool new things out.” Digital money will never be quite as secure as the paper version, and data is a lot harder to cut up with a pair of scissors than a credit card.

Related