It seems as if everyone is getting into the market of helping you part ways with your hard earned money. So there was little surprise when Apple announced that they too would be providing a way to buy things in person with their mobile devices. With any new digital payment technology (just as with Google Wallet or Square) comes the burning question cash holders continue to pose: is it safe?
Security, Apple Style
Though there’s no shortage of Apple fans ready to jump onto anything the company produces without a moment’s hesitation, it isn’t because Apple hasn’t been working hard: their new payment service comes with a variety of features aimed at protecting users from fraud and hackers alike.
Unlike Google Wallet and the Square, Apple has come up with a system that avoids a serious pitfall of smartphone payment methods. Apple Pay does not actually use your credit card numbers, instead sending encrypted data via NFC (near field communication), meaning information traveling to the vendor is much more difficult to utilize by hackers.
When registering your credit or debit cards, Apple stores the information they receive from the bank (which is how the card gets activated on your device) on a secure partition they call the “Secure Element.” This is basically a special chip on iPhones designed with the exclusive purpose of storing valuable encrypted data. Surprisingly this data is exclusive to your device: there is no backup on the iCloud, Apple doesn’t have access to the information (well, not all of it anyway), and it can’t be transferred to any other iPhone.
Apple also planned for human error: if you happen to lose your phone, you’re not totally out of luck. The Find My iPhone app allows you to temporarily place your device in Lost Mode (disabling the ability to use Apple Pay from the device), or totally erase all data if you believe it’s gone for good. If for some reason the device is not on or connected when you issue the command to erase or freeze your phone, that’s okay too; Apple Pay will take your cards off of your account anyway, erasing the last chance that they’ll be used for nefarious purchases.
Overall, Apple Pay is shaping up to be a pretty formidable means to pay for things. But, being a man-made invention, it isn’t without its flaws.
If You Build It, They Will Hack It
Despite all Apple’s security measures, there are still no guarantees on anything. Though human error is probably the #1 cause of security breaches, there are plenty of other problems with Apple Pay that would allow clever hackers a way into your financial world.
The first vulnerability comes with the aforementioned NFC technology. As has been proven with other smartphone payment options, it is possible to intercept the short range signal used to pay with services such as Apple Pay. Although the information being sent is encrypted, that doesn’t mean it is immune from being hacked. How, you might ask?
Unfortunately, NFC goes in both directions. Because your phone sends a signal, it must also be ready to receive a signal to confirm that it has finished its job. The two way nature of the NFC system opens your phone (and more specifically Apple Pay) up to multiple kinds of vulnerabilities. It’s very possible, for instance, to send a link to your iPhone via NFC to lead your device directly to a malware download.
Apple Pay is also linked with your iTunes account which, like countless other services, has already proved to be subject to hacks and exploits. Though Apple promotes the use of Touch ID with their payment service, it too has been hacked before.
With a stolen account, it isn’t impossible for a clever hacker to establish a fraudulent Apple Pay account. Approval of cards being registered to “your” account all depends on the banks, meaning that your security may be at the mercy of whoever provides your card/debit account. Naturally banks don’t want to hassle their customers, meaning a hacker might only need very basic information to register new payment methods on your Apple Pay.
Can You Make it Safer?
While Apple has taken plenty of steps to make their service safer, the security any service offers ultimately starts with you. As many exploits and hacks rely on varying forms of malware to steal a person’s information, the first thing you can do is install an anti-virus program on your mobile device. This will allow you to scan files you download outside of the App Store and minimize the chances you’ll end up with something dangerous.
If you want to take it a step further, you’ll want to use a VPN service when connecting to the internet on your device. A VPN (virtual private network) will keep your internet traffic encrypted and keep hackers from figuring out whose device is connecting to various web services. This means you’re considerably less likely to be a target, as it becomes that much harder to find you when a VPN is acting as the middleman between you and the rest of the internet.
Keep an eye on your machine; it’s fine to be able to lock it if it’s stolen, but that’s obviously not necessary if you don’t lose it in the first place. Make sure when you’re outside of your house to keep your phone on your person at all times. While some situations might make that difficult, the headache of losing your smartphone makes it worth figuring out ways to keep your machine safe.
Since Apple Pay is connected to iTunes, you’ll want to keep your password strong as well. Avoid common words or short passwords, and instead opt for more complicated combinations that include capital letters, numbers, and symbols. Try a passphrase if it’s hard to remember a bunch of random characters.
Apple Pay: Here to Stay
Use it or not, Apple Pay probably isn’t going anywhere anytime soon. If you’re an iPhone user and plan to use it, keep in mind that no payment system is perfect. Even cash is subject to being lost or stolen, just as much as any credit card or e-payment system.
Given Apple’s record, it isn’t likely they’d allow for security vulnerabilities that will be easily exploited, but nothing is without its weaknesses. So if you’re feeling adventurous, give it a try!