Could Apple Pay Be the End of Data Breaches?

September 11, 2014, Written By John H. Oldshue
apple

Apple’s announcement of a new payment system, Apple Pay, could not have come at a more opportune time.

Consumers have been shell-shocked by the number of data breaches that have taken place at well-known stores: Target, Neiman Marcus, Michaels, P.F. Chang’s, Dairy Queen, UPS Stores, Sally Beauty, Supervalu, Albertsons and this week, Home Depot. The Department of Homeland Security estimates more than 1,000 businesses have been affected by the same malware that led to the Target breach.

As a result, Apple’s much-anticipated announcement of this new mobile payment system was met with great interest and tremendous publicity.

“We’re totally reliant on the exposed numbers and the outdated and vulnerable mag stripe,” said Timothy D. Cook, Apple’s chief executive, on Tuesday. “Which all of us know aren’t so secure.”

But could the new system possibly be the end of data breaches?

To determine that, one has to first examine how Apple Pay functions. The company’s mobile payment system works in the Passbook app on Apple’s iPhones, which already allows consumers to store loyalty cards, coupons and airline tickets. Consumers will now be able to store their credit card information in the Passbook, and then be able to touch or wave the phone to a pay terminal in participating stores. The phone uses an NFC (near field communications) chip to broadcast through radio waves to the pay terminal all the necessary information in order to complete the transaction.

Is that really a step-up in security, broadcasting your payment information on radio waves? There are several reasons to believe that to be the case.

First of all, the “near” in near field communications means it only broadcasts for a few inches, so a thief would have to be in your personal space to obtain the broadcast information.

Secondly, Apple has a number of security features on the iPhone 5S and the new iPhone 6 that will make it much more difficult, or perhaps impossible, for a thief to steal and/or use your data. You might be required to authenticate yourself with a thumbprint scan. So no transaction is even going to start if the thief doesn’t have your fingerprints. However, let’s say you started a transaction and the thief had a listening device that was somehow close enough to “hear” the transaction. Apple Pay has an ingenious solution that doesn’t use any credit card numbers. The Apple Pay system uses a unique number, called a token, for each transaction and that number can never be used again. So, in the highly unlikely event a thief does obtain your token and it hasn’t already been used (which it probably was since you were in the middle of buying something already), then the thief might be able to make one transaction with this information. But they would likely have to buy the exact same item for the same amount of money. They might have to do it within a set amount of time as these tokens could be made time sensitive.

Will this new technology stop data breaches? Thieves are always evolving and getting more creative, so there will be attempts to get past this system. But consider:

  • Your credit card number is not stored on your phone and not transmitted to the merchant

  • The transaction is very hard to listen to

  • The merchant database now has no information that identifies you personally and only has tokens that can be used once


It seems the odds of a successful and widespread data breach will go down considerably with Apple Pay.

Consumers have been relatively slow to accept or feel comfortable with mobile payments. But Internet experts, as part of a 2012 poll by the Pew Research Internet Project, believe that a majority of consumers will have embraced and adopted smart device swiping for purchases by 2020.



The information contained within this article was accurate as of September 11, 2014. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.