On September 9, Tim Cook gave us the lowdown on Apple’s latest innovations, among them, Apple Pay. For those who don’t know, this is an electronic payment system, a type of digital wallet, available for iPhone and Apple Watch and which will first begin to operate with partners such as Mastercard, Visa and American Express in October in the U.S. before being extended to other countries.
This innovation will allow user to pay for goods in stores as well as through other applications. Many already wonder whether in the not too distant future this type of payment may become commonplace, and if so, whether it will be secure. Having your hard-earned money passed from one online digital application to another without ever physically having your hands on it is still a concept many of us are yet to feel entirely comfortable with. And with good reason, any cyber-criminal that accesses your device could have access to your money.
The experts however, believe that this could be a secure option for the transactions of the future. So what type of security does it use?
Apple Pay security methods
Apple has explained that transactions with this system will be secure because it uses a method known as ‘tokenization’. This is a system often used by financial institutions because it replaces the traditional digits of credit and debit cards with a complex code (‘token’) generated at random, which only keeps that last four digits from the real number and is transmitted between devices.
The great advantage of these numbers is that on their own they are useless and they are only used once. Every time a payment is made a new number is generated. So even if they are intercepted, they can’t be used for anything. This means there is no trace of the data on the credit cards. Even the stores don’t save this data on their servers. The credit card number isn’t stored anywhere, rather the number is associated with a device ID that is saved on a chip inside the terminal.
The exchange of data required for the transaction is carried out with near-field communication (NFC) wireless technology. This is an open platform whose strong point is that it enables fast wireless communication over distances of less than 20cm. However, there are those who question its security: the data can be intercepted, although this is precisely the reason that there are stronger security measures.
2. Touch ID
The transaction is completed with Apple’s Touch ID fingerprint sensor. The user doesn’t have to enter a password: the payment process is completed when the user authorizes it by placing a finger on the iPhone ‘Home’ button.
Yet besides the ‘tokens’ and Touch ID, there’s another layer of security. Whenever a user goes to pay, their mobile device sends a CVV. This is normally the three-digit number found on the back of a credit card but this time it’s a number randomly generated by the payment application. Consequently, the device identifies itself to the receiver, which verifies that the ‘tokens’ have been created on the order of the card owner.
The way the application works is simple: All you need is one of the Apple devices mentioned above and to place it close to the store’s payment terminal.
The process is as follows: when the application is launched, the device connects securely to the payment system and selects a credit card stored on the chip integrated in the phone and whose number is associated to an identifier in the device.
The identifier is combined with the ‘token’ and then the application asks the user to identify themselves through the Touch ID fingerprint scanner. The information is then sent to the bank by the store and the transaction is confirmed. And that’s it. Secure transactions can be as simple as that.