How Secure Is Apple Pay?

Tony Anscombe, senior security evangelist at AVG Technologies, asks if we’re giving up our security for convenience

2015 saw Apple Pay reach stores across the UK and, unsurprisingly, the move was greeted with fanfare. Why? The introduction of Apple Pay furthers the concept of payment through a mobile or wearable device – making it very accessible to consumers.

It’s no wonder that consumers are welcoming such a convenient product into their lives, as it promises the ability to make payments on the go quickly and easily. No more digging around for wallets or cash, just a quick tap of an iPhone or Apple Watch on a regular contactless reader and it’s all done!

Hidden security cost?

Yet, does this convenience come at a hidden cost to our security?

With the Internet of Things (IoT) filtering into more and more aspects of our lives, it’s a fair question. When using connected devices we do need to be particularly wary of how our data is being used and by whom. It’s important to understand whether storing payment details in online services such as Apple Pay, PayPal or Google Wallet is secure before going on that shopping spree. IoT is opening up multiple routes in for hackers, putting personal data at risk.

The good news is that paying with Apple Pay isn’t just convenient but also secure. When you hover over the contactless payment point, you need to use the biometric Touch ID to authenticate the transaction, making it much more secure than the contactless credit and debit cards already in use in the UK. Regular debit and contactless cards are problematic as they use a Device ID and have no authentication at all –meaning they can be used by anyone for small purchases of up to £30.

privacyApple Pay also helps protect your privacy thanks to Apple’s Unique Device Account Number. A system specifically designed for Apple Pay, using this unique number means that Apple never needs to transmit or share your actual card or banking details with the merchant. This adds a significant layer of protection for your payment data.

Android Pay by Google uses a similar transaction for contactless payments. Although the Android Pay UK release date is yet to be confirmed, within the US, there’s been some positive news for those concerned about storing payment details in Android Pay.

This is not the only Google service to use a mobile device for transferring money, Google Wallet allows you to transfer money to friends and family. In the US the Federal Deposit Insurance Corporation (FDIC) now insures funds stored in Google Wallet. This means that should anything happen to Google or one of the banks holding your money, your digitally stored funds are protected by the US Federal Government.

While most of us use services such as PayPal to directly make payments rather than actually store money, it’s reassuring to know that online digital balances are starting to receive the same government protection offered as the traditional banking system and it’s only a matter of time before this is put into practice within the UK.

Looking ahead the convenience may well extend to the issuing of replacement cards when you are in need. We have all gone through the pain of having to wait for replacement cards in the mail, with digital payment methods the issuing of a digital card directly to your device while the physical one follows in the post may well be a convenient reality.

The arrival of major tech and finance players such as Apple, VISA, Samsung and more recently, Barclays, have brought mobile payments into the mainstream and demonstrate that the way we pay for things on the move is on the brink of changing forever. With hackers becoming increasingly creative about how they attempt to access and use our information, it’s encouraging to see these devices are designed to be just as secure as they are convenient.

How much do you know about the iPhone and Apple Watch? Try our quiz!