Apple Pay is a mobile payment system that was in use by close to 400 million people around the world as of the end of 2018. Its growth rate can truly be described as explosive, since its reach was about 127 million only one year earlier, according to Statista.com.
- Apple Pay is certainly safer than cash and it has more safety features than credit cards.
- Some security features, like two-factor identification, are optional.
- A complicated passcode is still a good idea.
As for whether it's safe or not, Apple Pay is certainly safer to use than cash. And, it should be safer to use than plastic, as long as the account owner enables its full safety features.
Apple Pay Safety Features
Apple Pay can be used to complete a transaction at any merchant, web retailer, or app that accepts it. In addition, it allows users to send and receive money from other users via messaging. (As of the end of 2019, that feature was available only in the U.S.)
Each transaction incorporates a number of security measures:
- It uses near-field communication (NFC), a chip-based technology that communicates with a card reader without the need for contact with it. The card stays in your wallet.
- In order to finalize transactions, the user can employ two-factor identification, including fingertip or face ID as well as a passcode. Use of fingertip or face ID is optional.
- Apple advises its customers to choose a complex passcode. It can't stop you from using your cat's name as a passcode, so this security tip, like two-factor identification, is voluntary.
- The merchant is never given your original card account number. (Apple doesn't have access to it either.)
- A tokenization method is used to process transactions. That is, a unique encrypted code is created for one-time use. That code, not your account number, is transmitted to authorize the transaction.
- If the user ever suspects that the account has become insecure, Apple Pay can be disabled through the iCloud system.
Apple promises never to share card information across its cloud. While this means users have to manually enter their card information into each device, it adds to the security of the service.
What Could Go Wrong?
Needless to say, Apple Pay and its competitors face a constant assault from hackers eager to scale its security walls. So far, these attempts appear to have uncovered vulnerabilities created by users but not by Apple.
One report indicates that wi-fi hotspots may be used to intercept and reuse encrypted transaction data.
One unconfirmed report claims that Apply Pay could make it easier to exploit stolen identities. That is, a criminal could simply load stolen information, including credit card numbers, into an iPhone and go on a shopping spree. (This actually would be the responsibility of the bank that issued the stolen card, not Apple.)
A White Hat Attack
Another unconfirmed report claims that "white hat" hackers were able to infect a device with malware and then intercept payment data as it was entered by an iPhone user and sent to the Apple server. This could only be done on a "jailbroken" iPhone, meaning one with software that had been tampered with.
Yet another report claims that users of wi-fi hotspots are vulnerable to hackers who can intercept and reuse the cryptogram that is used to enable an Apple Pay transaction. Yes, the cryptogram is supposed to be usable only once, but apparently some merchants allow them to be used more than once. Another example of an error that exploits imperfect use of the Apple Pay system.